Home   Buy Now   Products   Downloads   Support   Resellers   Contact   Site Map  
Home   Buy Now   Download   Support  
Email Component, SMTP Component, POP3 Component, IMAP Component, bulk mail

Home
Purchase
Upgrade
 
Products
Downloads
 
Support
 Samples
 KB
 Forum
 
Newsletter
 
Customers
 Current List
 Comments
 
Resellers
Jobs
Contact Us
 March 19, 2003  

Volume 1, Issue 3 
Page Navigator: << Back, 1, 2, 3, 4, 5, Next >>

Protecting the POP3 Password with APOP

Traditional POP3 servers expect to receive the account password in plain text format.  The problem with plain text format is that it can easily be intercepted by hackers, giving them complete access to your POP3 account.  An extension to POP3, titled APOP, has been developed as a countermeasure.  With APOP authentication, the password is never sent across the network. 

This is great, but you may be asking, "How can the server authenticate a user if the password is never sent across the network?"  The answer is that the client application creates a digest that is computed from the password and the current time.  The client application sends the digest to the server in-lieu-of the password.  The server performs the same calculation to create its own digest and then compares it to the digest it received from the client.  If the two digests match, the user is authenticated.  Since the digest is computed from the current time, it changes with every login.  If it is intercepted by a hacker, it is useless because it will no longer be valid, since the time has changed.  The internals of this authentication are quite complex and I will not go into them here.  The EasyMail POP3 object makes APOP authentication very easy and handles all the complexities for you.

set objPOP3 = CreateObject("EasyMail.POP3")
objPOP3.MailServer="mail.domain.com"
objPOP3.Account="account"
objPOP3.Password="password"
objPOP3.AuthMode=256+16
objPOP3.Connect
cnt = objPOP3.GetDownloadableCount() 
MsgBox cnt & " messages available."
objPOP3.Disconnect

By setting the AuthMode property to 256, we enable APOP authentication.  Since APOP is an extension to POP3, it is not supported by all POP3 servers.  By adding 16 to the AuthMode property we instruct the EasyMail POP3 object to automatically downgrade to plain text authentication if the server does not support APOP.  This enables our application to use APOP if available, and automatically use conventional POP3 authentication if APOP is not supported by the server.

Downloading Messages

In this example, we will download and parse every message in the mailbox.  When the operation is complete, we will use a message box to display the subject of the first message.  We will not display the subject of every message, to keep things simple.  A word of caution:  Since this code downloads every message in the mailbox, it may take a long time to execute if the mailbox contains many messages.  It is often more efficient to download messages in small groups as the next sample will demonstrate, however some applications will benefit from downloading all messages at once because they will not be dealing with large mailboxes, and the code is very easy and straight forward:

set objPOP3 = CreateObject("EasyMail.POP3")
objPOP3.MailServer="mail.domain.com"
objPOP3.Account="account"
objPOP3.Password="password"
objPOP3.Connect
objPOP3.DownloadMessages(0)
MsgBox "Subject: " & objPOP3.Messages(1).Subject
objPOP3.Disconnect

The zero parameter to DownloadMessages() instructs the EasyMail POP3 object not to mark the message for deletion after downloading.  The DownloadMessages() method automatically parses the downloaded messages and exposes the data via the Messages collection.  More on message deletion and parsing later...

A More Efficient Download

Efficient POP3 applications download message headers first, and do not download the complete message unless the user specifically requests it.  The message headers contain dates and addressing information plus the subject, and this is enough to build a table or list box to display the messages to the user.  When the user selects a specific message to view, you can download the entire message and display the contents.  This approach saves time and bandwidth.  Also, as mentioned in the previous example, it is often more efficient to download messages in small batches rather than downloading every message in one pass.  This type of efficiency becomes more important with larger mailboxes and/or slower connections to the server.

set objPOP3 = CreateObject("EasyMail.POP3")
objPOP3.MailServer="mail.domain.com"
objPOP3.Account="account"
objPOP3.Password="password"
objPOP3.Connect

'download first 5 headers and 
'display their subjects
nMsgCount=objPOP3.GetDownloadableCount()
nLastMessage = 5
if nLastMessage > nMsgCount then
   nLastMessage = nMsgCount
end if
for x = 1 to nLastMessage
   objPOP3.DownloadSingleMessageHeaders(x)
   MsgBox objPOP3.Messages(x).Subject
next 

'download full message from first header
'and display attachment count
if objPOP3.Messages.Count then 
   nFullMsg=objPOP3.DownloadSingleMessage(1)
   nCnt=objPOP3.Messages(nFullMsg).Attachments.Count
   MsgBox "Attachment count: " & nCnt
   objPOP3.Messages.Delete(nFullMsg)
end if
objPOP3.Disconnect

This sample downloads the first 5 messages on the server, or every message if there are 5 or less.  The execution speed of this sample should be very fast, unless you have a slow connection to the server.  Finally, we simulate the user selecting the first message in the list and download it in its entirety.  We can then display the attachment count. 

This code can easily be expanded and adapted to provide paging capabilities in your application.  Enabling your application to display multiple pages of 10-20 messages each will increase its speed and decrease its resource consumption.

Up next:  How to parse downloaded messages and access their parts including attachments, HTML and more...

Page Navigator: << Back, 1, 2, 3, 4, 5, Next >>


In This Issue:

Learn the secrets of building a successful POP3 application. 

Plus:
Downloadable code to get you started right away

This Issue's Poll:

What are your plans for developing IMAP Applications?

Currently developing
Within 90 days
Within 12 months
Within 5 years
No plans

Signup for this Newsletter:

CRITICAL tips and tricks for e-mail developers

Quiksoft News:

For a limited time, Quiksoft is enabling developers to license the SMTP portion of EasyMail .Net Edition separately.

Customer Comments

"Quiksoft's technical support is excellent. I wish all of our vendors were as responsive and helpful with technical support requests. "

"It paid for itself just after this project."

"I think your product is fantastic. The documentation is clear and consise."

Read More...

E-mail this newsletter to a friend or to yourself:

Unsubscribe...

Printer Friendly Version...
©2003 Quiksoft Corporation. All rights reserved. Unauthorized duplication or distribution prohibited. Quiksoft, EasyMail, EasyMail Objects, EasyMail .Net Edition, EasyMail Advanced API, EasyMail SMTP Express, and MailStore are trademarks of Quiksoft Corporation. Other trademarks mentioned are the property of their legal owner.
©2010 Quiksoft Corporation. All rights reserved. Terms of Use, Privacy Statement, Trademarks