Oh, in addition, POP tracks no status on whether an e-mail had been
retrieved before. The server has no record of what you retrieved
before. It has no concept of old and new for status on a message. Your
POP client has to track old/new status by keeping a database of all
Message-IDs (MIDs) that it previously retrieved. It is up to the POP
client to know from the LIST command its sends and the list of MIDs the
server returns (of all messages in your account) which are the old MIDs,
so by process of elimination it knows which are the new MIDs. If the
POP client farks up its old MIDs list, it can end up re-retrieving some
or all messages from the server.
An IMAP server does track which messages your client previously
retrieved. The server tracks via a \Recent flag (for new messages) and
\Seen flag (for previously retrieved) messages. The IMAP client only
needs to get a list of new messages that are unseen (\seen flag not
set). Flags on the server saving status make it a lot easier for the
client to determine which are new messages that it has not previously
retrieved. Instead of issuing LIST to get a list of *all* messages in a
folder and then compare against its MIDs database of what it previously
retrieved, it can just ask the IMAP server which messages have not yet
been seen.
Eudora (even the OSE version) has no Unicode support. Also, since a lot
of e-mail providers have dropped SSL support (which was shown
vulnerable) and moved on to TLS, does Eudora (or Eudora OSE) support
TLS? Not only have they moved from SSL to TLS, they've moved from TLS
1.0, 1.1, and 1.2 to TLS 1.3. TLS 1.0 was no different than SSL 3.0,
except the handshaking process was sufficiently different to make them
incompatible encryption protocols, so TLS 1.0 was just as vulnerable as
SSL 3.0. Didn't take long for e-mail providers to dump TLS 1.0 and go
to TLS 1.1. Many now requires TLS 3.0 which wasn't ratified until 2018,
and which is long after both Eudora and Eudora OSE died. In addition, a
few years back, many ciphers were found weak or vulnerable, so e-mail
providers and web sites dropped them.
https://support.google.com/a/answer/9795993?hl=en
Eudora [OSE] likely still uses the defunct ciphers, so whether you can
use Eudora to connect to an e-mail provider depends on whether or not
they choose to support those old and deprecated ciphers. Using TLS 1.3
helps secure the handshaking to establish a connection, but your e-mail
is not (or less) secure if your client is still using a weak cipher to
encrypt your data.
https://electricenergyonline.com/energy/magazine/779/article/Security-Sessions-Exploring-Weak-Ciphers.htm
Microsoft dropped lots of weak ciphers, but still allowed fallback to
some less weak ciphers. There's no jumping forward from a client
requesting a discontinued cipher to a stronger one that is supported,
because the client has to support the stronger cipher, so it would
request that one, anyway. I think the big hit was around 2011 which hit
a lot of encrypting clients, like Internet Explorer 11 losing access to
the RC4 cipher that got dropped. You could hit an e-mail provider that
requires a minimum cipher strength, but your old client requests a weak
cipher from the OS that has not just been deprecated but discontinued.
It's not just the TLS 1.3 that might be demanded by an e-mail provider,
but a minimal cipher, too. Between moving to TLS 1.3 and stronger
ciphers, I've seen some users resort to using sTunnel as a proxy to add
TLS 1.3 and stronger cipher support. The client is configured NOT to
use encrypted connections to the accounts, it connects to sTunnel
instead of directly to the server, and sTunnel handles the handshaking
protocol and cipher that the server requires at a minimum. Last I used
sTunnel (with an e-mail client that got killed because it didn't support
TLS or less-weak ciphers), you had to manually edit some text
configuration files. You had to do that, anyway, to specify the input
port to which your e-mail client connected, and the server to which
sTunnel would connect for that input port. You defined the mapping, and
this made sTunnel a pain to use. There was no GUI to sTunnel, but I'm
not sure a GUI would facilitate using and configuring sTunnel.