IMAP is an unencrypted protocol (as well as SMTP and POP3) in the same regard that HTTP is not HTTP + SSL. All three mail protocols can be wrapped nicely inside SSL/TLS, but it is only point to point encryption.
If I connect to my SMTP server over TLS and send you a message to your server, I cannot guarantee that your SMTP server is listening on the secure ports, let alone serving IMAP or POP3 over SSL to your client, which can be intercepted. Never mind the fact that 45%+ of all mail servers are storing these messages in plain text in /var/mail/
IMAP is an unencrypted protocol (as well as SMTP and POP3) in the same regard that HTTP is not HTTP + SSL. All three mail protocols can be wrapped nicely inside SSL/TLS, but it is only point to point encryption.
This is true, but most major providers only offer IMAP over SSL IIRC.
If I connect to my SMTP server over TLS and send you a message to your server, I cannot guarantee that your SMTP server is listening on the secure ports, let alone serving IMAP or POP3 over SSL to your client, which can be intercepted. Never mind the fact that 45%+ of all mail servers are storing these messages in plain text in /var/mail/
True but once again I think all the major email providers use SMTP over SSL.
If I connect to my SMTP server over TLS and send you a message to your server, I cannot guarantee that your SMTP server is listening on the secure ports, let alone serving IMAP or POP3 over SSL to your client, which can be intercepted. Never mind the fact that 45%+ of all mail servers are storing these messages in plain text in /var/mail/