There are two main types of communication protocols used by email software:

Some of these protocols are quite ancient and are based on a plain text data exchange.
More recently has been developed the secure version of each protocol, using secure sockets to encrypt the data during exchanges between client and server.

Each protocol can be configured to use various types of authentication.


SMTP (Simple Mail Transfer Protocol)
Which is used to send messages one server to another.


POP3 (Post Office Protocol 3)
Is a very simple connection based protocol


IMAP (Internet Message Access Protocol)
Is a more lightweigth messaging protocol, which does not require authentication each time (which is safer)


Each of the protocols above can use one or more authentication protocol to allow the users to identify themselves.
Failure to authenticate users securely can lead to a compromise of user's passwords, loss of privacy, exploitation for spam relaying, etc.

The main authentication protocols in use are:

  • Login,
  • Plain,
  • Cram-MD5,
  • Digest-MD5,
  • NTLM,
  • Anonymous,
  • Scram-MD5,
  • OTP,
  • Kerberos

Some of these protocols offer some form of encryption (*MD5, Kerberos,...) , but some others do not and are quite unsafe to use without a layer of encryption (secure sockets)