Improving Security with IMAP
On the other hand, IMAP implementations often default to a higher standard of security. Most IMAP servers require SSL encryption for messages in both directions, the same level of data encryption used by secure, e-commerce web servers. Furthermore, IMAP e-mail systems store all messages, folders, and drafts on the server instead of on the client’s hard drive. While some users may opt to have their e-mail software copy incoming messages, many system administrators discourage this practice. Modern e-mail clients, like Outlook, Thunderbird, and Apple Mail do such a good job of quickly relaying secure data, end users rarely notice that critical messages and attachments live “on the cloud" instead of on their hard drives.
Although this implementation of IMAP slightly reduces convenience by requiring a persistent internet connection, users of Citrix connections or other remote management tools often prefer the speed of using a desktop mail client instead of tolerating the delay of a virtualization window. Under this configuration, a user’s stolen laptop would be useless without knowledge of an IMAP server password.
Best of all, IMAP users with stolen or broken equipment can retrieve their entire mailbox and folder structure by connecting through a new or borrowed computer. Unlike POP mail systems, which run the risk of losing important correspondence, IMAP implementations restore both the content and the structure of a user’s mailbox. This kind of synchronization also makes IMAP popular among users who divide their e-mail workload among desktops, laptops, and other portable devices.