I've been using Yahoo mail and POP3 for quite a while but I recently began realizing that nothing is encrypted that way unless the web interface is used. I also have an email for my school that allows POP retrieval. I know there are secure options (so your password isn't transmitted in plain text), but, to my knowledge, neither provider supports it. Are there any other options I have? How big of a risk is using POP mail with a password? I understand that I probably don't want to check my mail on a wireless network, but is it fine on a wired LAN? Thanks in advance.

www.nerdshack.com allows encryption (password and mail)

That looks like a great site, thanks for letting me know about that. It will be some time before I can, but I wanted to eventually get a new email account on a service with APOP that I can use for a long time. The nerdshack looks rather new, but looks like it at least has the potential to have some longevity. Does anyone know of any other major providers of APOP that are reliable and will probably be around for a while?

Also, I'm still curious about the answer to my other question. How worried should I be about checking my email via POP on a campus LAN, and how easy is it for someone to jump in and take the password? Thanks again.

If traffic is transmitted unencrypted, anyone connected to any of the networks it travels through can read the data via use of a packet sniffer. Packet sniffers are availavle for Unix and Windows (I use them myself for testing on my LAN) and they require root priviliges to run. So anyone with root/administrator access on any network your unencrypted data passes through can read it. It's not totally trivial, since the person reading the sniffed packets needs to know where to look to find the daya, but it's not that hard, either.

So basically, if I don't have an email service that offers APOP, there's no way to prevent anyone with a packet sniffer from seeing everything transmitted to/from the mail client? Is this something that most knowledgeable people are wary of (i.e. does everyone on this forum use encrypted mail) or is it not a huge issue if I'm not sending personal information over email?

Well, i know it can be done, but i don't send encrypted mail, because the stuff in the mails are not that personal (eg, how are you, today we did this and that, computer advices) if i am going to transfer something personal i would use a phone or snail mail.

However if you are talking to a bf/gf you should either use encrypted mail or Gnupg.
If you send finacial info, use should use encryption.
If the mail password is something you share to other services, you should send it encrypted.

Those are good points. I do have a unique mail password (not used anywhere else), but it still gives access to whatever settings the mail service allows you to change. I'll think about it and see what I need to do. Thanks again.

Just some extra info about the whole encryption thing so you know what you're getting into.

Ok, if you're worried about people eavesdropping, then there are some things you should consider. First, I don't know the specifics of APOP. So I assume it only encrypts user id and password for authentication. Someone please correct me if I'm wrong. If I'm right, then that means the transmission/reception of your email is plaintext after authentication. In other words, anyone with a packet sniffer could piece together and read the email. If that's a concern, then you need to augment APOP.

You can do that with an encrypted connection (if that service is provided). For example, ssh port-forwarding to your mail server. In this case, user id and pass are doubly-encrypted (the APOP encryption is encrypted again by the ssh tunnel), and the message(s) are encrypted when sent through the tunnel. However, if you are sending email and the mail server has to relay the message, then the message will be retransmitted. Unless the mail server has an encrypted link between itself and the next stop, then the email will be plain text again.

Lastly, you can encrypt the message content itself. In this manner, the email itself is encrypted, and doesn't require a persistent chain of encrypted links from your computer to the receiver's computer. You receive the user id and password protection from APOP, and the message content is transmitted verbatim, and must be manually decrypted by the receiving user.

Yeah, the password is the only thing I was really concerned about. I don't ever see a need to transmit confidential information over email. Thanks though.