Windows Client API allows non-authorized email access within the same authenticated post office.
vulners.com/securityvulns/securityvulns:doc:13373