Thread: How secure was / is email
View Single Post
  #21   Report Post  
Posted to uk.d-i-y
[email protected] jrwalliker@gmail.com is offline
external usenet poster
  
Posts: 299
Default How secure was / is email
On Friday, 25 January 2019 23:47:16 UTC, Mathew Newton wrote:
On Thursday, 24 January 2019 09:12:18 UTC, The Natural Philosopher wrote:
On 24/01/2019 00:45, Biggles wrote:
Internet mail between servers uses SMTP which isn't
encrypted.

pretty sure it can be and routinely is. But not universally.

It's getting there. Most large-scale tests report e.g.
(https://transparencyreport.google.co...overview?hl=en)
that ~90% of all SMTP traffic is now encrypted in transit.

The vast majority of this is with opportunistic TLS which is pretty
much as vulnerable to compromise to no TLS at all as the session
initiation is performed in the clear and thus is vulnerable to a
man-in-the-middle attack. Mandatory TLS for all SMTP traffic is
becoming the ultimate goal with various mechanisms now emerging
to enabled a gradual move towards that.

My service provider forced me to start using TLS last year for the link
between my email client and their mail server. This forced me to stop
using Eudora. They use TLS for onward transmission whenever possible,
but only if it is supported at the other end. As you say, that does
allow the possibility of MITM attacks for some routes.
John
Reply With QuoteReply With Quote