Wednesday, 2 December 2009

Insecure gmail POP

Recently, after a long time (about a month time) I accessed gmail through pop. Interestingly, I found many older mails being pushed to me. Those mails were supposed to be deleted by gmail as I had selected "delete gmail's copy after sending" option. It seems like gmail just marks them as deleted; but keeps them for deletion at idle time. This is okay as long as gmail deletes them in time. However, when I accessed my mail after a month, I got mails that dated about 6 months back.

The insecurity lies in the fact that if my password is compromised, the person shall have access to mails that I thought I had deleted. Even if I notify my contacts about my password compromise, the person shall still access vital information from those past mails if he attempts POP access.

No comments: