43 lines
1.8 KiB
Plaintext
43 lines
1.8 KiB
Plaintext
MBOX-Line: From tss at iki.fi Mon Apr 6 05:17:17 2015
|
|
To: imap-protocol@u.washington.edu
|
|
From: Timo Sirainen <tss@iki.fi>
|
|
Date: Fri Jun 8 12:34:54 2018
|
|
Subject: [Imap-protocol] Is OpenEmailSurvey open to share method or code?
|
|
In-Reply-To: <1427153195.246194.244290758.41EF7C3D@webmail.messagingengine.com>
|
|
References: <55109D4C.2080900@laposte.net>
|
|
<1427153195.246194.244290758.41EF7C3D@webmail.messagingengine.com>
|
|
Message-ID: <795C98A0-7472-49BD-AA69-D3B6A357472B@iki.fi>
|
|
|
|
On 24 Mar 2015, at 08:26, Bron Gondwana <brong@fastmail.fm> wrote:
|
|
>
|
|
> On Tue, Mar 24, 2015, at 10:10 AM, Gilles LAMIRAL wrote:
|
|
>> At that time, 2008, I got around 0.24% of all hosts with port 143 open
|
|
>> on imap while OpenEmailSurvey scored 0.1% in 2013. It looks like Gmail and Big
|
|
>> cloud webmails have stolen half of the imap market share.
|
|
>
|
|
> I wonder how many sites there are where you just can't tell anyway.
|
|
>
|
|
> FastMail doesn't even listen on port 143, because it leaks cleartext passwords to active attackers:
|
|
>
|
|
> https://www.fastmail.com/help/technical/ssltlsstarttls.html
|
|
|
|
openemailsurvey.org main page results contains both 143 + 993 results deduplicated. There are actually also pages for them separately:
|
|
|
|
http://openemailsurvey.org/imap-143.html
|
|
http://openemailsurvey.org/imap-993.html
|
|
|
|
The 993 port page is before the nicer stats, but I think still from the same year's results.
|
|
|
|
> And even once you try port 993:
|
|
>
|
|
> * OK IMAP4 ready
|
|
> . CAPABILITY
|
|
> * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID ENABLE UIDPLUS SASL-IR AUTH=PLAIN
|
|
> . OK completed
|
|
>
|
|
> You're talking to nginx. It's only once you log in that you see what's really there:
|
|
|
|
Yeah, that's a limitation. But it's still detecting nginx and according to last year's scan there were 0,06% nginx proxies so it doesn't change the results much.
|
|
|
|
|