ShadowServer researchers reported that over 3.3 million POP3 and IMAP mail servers lack TLS encryption, exposing them to network sniffing attacks.
POP3 (Post Office Protocol 3) and IMAP (Internet Message Access Protocol) are two protocols used to access emails from mail servers.
With POP3, the e-mails are downloaded to the local device and often deleted from the mail server. With IMAP, emails remain on the server, with synchronized access across user devices.
TLS (Transport Layer Security) is a cryptographic protocol designed to provide secure communication over a computer network. It is widely used to secure data transmitted over the internet, such as emails, web browsing, instant messaging, and file transfers.
ShadowServer scanned the internet for hosts running a POP3 service on port 110/TCP or 995/TCP without TLS support. Users connecting to these mail servers may be sending their credentials unencrypted, where they could be intercepted by adversaries.
“This means that passwords used for mail access may be intercepted. Additionally, service exposure may enable password guessing attacks against the server”, reads the post published by ShadowServer.
“If you receive this report from us, please enable TLS support for POP3 as well as consider whether the service needs to be enabled at all or moved behind a VPN.”
“We have started notifying about hosts running POP3/IMAP services without TLS enabled, meaning usernames/passwords are not encrypted when transmitted. We see around 3.3M such cases with POP3 & a similar amount with IMAP (most overlap).”
Read more about it here.