• Users can travel the globe and still be able to check their email thanks to IMAP.Email Concept image by wayne ruston from Fotolia.com
  
  IMAP (Internet Message Access Protocol) is an email access program. This technology is useful because it allows people to send and receive email through a central server, without the necessity of having to keep email on a specific local device.
  
  Travelers might have an email "home base" with a computer located at their home or office but find that they may want to access email from anywhere. IMAP allows access using authentication so users can get their email from anywhere. Authentication is the practice of using a login and password for secure access into the system.
  
  

Authentication With Cyrus SASL

• SASL authentication adds a security layer that surrounds the client-server connection.computer protection image by Orlando Florin Rosu from Fotolia.com
  
  The Cyrus SASL (simple authentication and security layer) mechanism is a method for adding authentication support to connection-based protocols, such as IMAP, with a remote client to an email server. To use SASL, the protocol presents commands for identifying and authenticating a remote user to a mail server and for negotiating protection of subsequent interactions. When the connection of the client server takes place, the mechanism puts a security layer between the protocol and the IMAP connection. The authentication can now occur.
  
  

Authentication With CRAM-MD5

• CRAM-MD5 provides secure access to an IMAP server.monitor with padlock halftone dots image by patrimonio designs from Fotolia.com
  
  CRAM-MD5 (challenge-response authentication mechanism) is a process that provides an authentication procedure. The MD5 algorithm is a set of rules used in cryptography (the science of hiding words by jumbling the characters). This process makes passwords, digital signatures and certificates secure.
  
  When using the CRAM-MD5, the IMAP server sends data to the IMAP client. The client responds by encrypting the data (changing the characters to be unreadable) with its password by using the MD5 (message digest) algorithm. The IMAP server then uses the client's secure password to determine whether the client presented the right password.
  
  

Authentication With GSSAPI

• GSSAPI involves token exchange, which hides authentication information in layers.matreshka image by TEA from Fotolia.com
  
  The GSSAPI (generic security services application program interface) doesn't provide any security by itself. Rather, security service vendors offer GSSAPI implementations through libraries installed with their security software. With IMAP, these libraries present a GSSAPI-compatible interface.
  
  The definitive feature of GSSAPI applications is the exchange of tokens (obscure message) that hide the implementation detail from the IMAP service. The client and server sides of the IMAP application convey the tokens given to them by their respective GSSAPI implementations, one on the client side and one on the email server side. While GSSAPI tokens can provide security, they're usually sent over an insecure network since the mechanisms provide inherent message security. Thus, when several tokens go back and forth during an exchange, the GSSAPI IMAP implementation now informs their local email application that a security context exists.
  
  Finally, after the security context comes about, sensitive email messages can be encrypted by the GSSAPI protocol for secure communication between the email client and the email server. The normal protections guaranteed by GSSAPI encryption include confidentiality through secrecy and integrity through authenticity.