
Servidores de e-mail IMAP e POP3 sem TLS – Créditos: Shadowserver
We have started notifying about hosts running POP3/IMAP services without TLS enabled, meaning usernames/passwords are not encrypted when transmitted. We see around 3.3M such cases with POP3 & a similar amount with IMAP (most overlap).
It’s time to retire those! pic.twitter.com/Iw9cZPxshg
— The Shadowserver Foundation (@Shadowserver) December 31, 2024
UPDATE: After feedback from various National CSIRTs & mail server operators (thank you!), we have identified a number of potential false positives in data being shared. We have suspended the vulnerable POP3/IMAP reports & are working on improvements before restarting reporting
— The Shadowserver Foundation (@Shadowserver) January 4, 2025