|
How secure was / is email
Hi All,
I always believed that in the olden days (10-20 years ago). email travelling across the internet Was unencrypted and insecure. Recently a couple of people have suggested to me that these days its encrypted and always was. Is it? Was it? TIA Chris |
How secure was / is email
|
How secure was / is email
wrote in message ... Hi All, I always believed that in the olden days (10-20 years ago). email travelling across the internet Was unencrypted and insecure. Recently a couple of people have suggested to me that these days its encrypted and always was. Is it? Some of it is, particularly with apple. Was it? No. |
How secure was / is email
|
How secure was / is email
|
How secure was / is email
Depends on what you mean by encrypted I guess.
You most certainly could send encrypted email, but not many actually bothered most of the time. Brian -- ----- -- This newsgroup posting comes to you directly from... The Sofa of Brian Gaff... Blind user, so no pictures please Note this Signature is meaningless.! wrote in message ... Hi All, I always believed that in the olden day's (10-20 years ago). email travelling across the internet Was unencrypted and insecure. Recently a couple of people have suggested to me that these days it's encrypted and always was. Is it? Was it? TIA Chris |
How secure was / is email
Brian Gaff wrote
Yes the packets could be intercepted if they all went the same way I guess. There really is no such thing as secure, just the likelihood of it being insecure. Thats bull****, most obviously with net banking. After all in transit you first have to be looking when it goes past unless you want to store everything, examine it and then pass it on and I'd imagine that would end up with a detectable latency! Nothing to stop you keeping what passes thru your system. I think in many ways the biggest danger today is that if somebody gets lots of little clues about a person they may be able to identify them even if the identity was encrypted as this is how private investigators used to work with paper clues. "TimW" wrote in message ... On 23/01/2019 09:58, wrote: Hi All, I always believed that in the olden day's (10-20 years ago). email travelling across the internet Was unencrypted and insecure. Recently a couple of people have suggested to me that these days it's encrypted and always was. Is it? Yes, almost always Was it? No, not always Secure 'in transit' as it were. A lot of people with server access at each end could just read it if they wanted. TW |
How secure was / is email
On 23/01/2019 09:58, wrote:
Hi All, I always believed that in the olden days (10-20 years ago). email travelling across the internet Was unencrypted and insecure. Correct. Recently a couple of people have suggested to me that these days its encrypted and always was. Is it? More than it used to be... Was it? no It is more common these days to use an encrypted connection between the mail client and the mail server, and web mail portals will almost always be https these days. However unencrypted access between client and server is still permitted and used in many cases. Also although likely that servers will use encrypted connections between themselves, its not something that can be guaranteed by the user since you have no control over the intermediate hosts handling the mail. You also have no guarantee that the message content will not at some point reside in an unencrypted mail store on a mail transfer agent somewhere in the system. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
How secure was / is email
Thanks all!
|
How secure was / is email
TimW wrote:
wrote: Recently a couple of people have suggested to me that these days its encrypted and always was. Is it? Yes, almost always well, it can be done opportunistically when sending nd receiving sever support it, but it's only encrypted in transit, not when at rest, and it would be unwise to rely on it ... if you need encryption, do your own. |
How secure was / is email
Wrote in message:
Hi All, I always believed that in the olden day?s (10-20 years ago). email travelling across the internet Was unencrypted and insecure. Recently a couple of people have suggested to me that these days it?s encrypted and always was. Is it? Was it? TIA Chris No it isn't and it never was, with the exception of mail between your supplier and your device, which didn't used to be but now can be. Internet mail between servers uses SMTP which isn't encrypted. -- Biggles ----Android NewsGroup Reader---- http://usenet.sinaapp.com/ |
How secure was / is email
Biggles wrote:
Internet mail between servers uses SMTP which isn't encrypted. With a large number of users coalescing around gmail.com, office365/outlook.com/hotmail.com etc, they do use SMTP between servers when the sender and receiver both support it Search for TLS or SMTPS in headers, you may be surprised, but it isn't universal. |
How secure was / is email
On 24/01/2019 00:45, Biggles wrote:
Internet mail between servers uses SMTP which isn't encrypted. pretty sure it can be and routinely is. But not universally. Viz TLS and friends. -- Future generations will wonder in bemused amazement that the early twenty-first centurys developed world went into hysterical panic over a globally average temperature increase of a few tenths of a degree, and, on the basis of gross exaggerations of highly uncertain computer projections combined into implausible chains of inference, proceeded to contemplate a rollback of the industrial age. Richard Lindzen |
How secure was / is email
The Natural Philosopher wrote:
On 24/01/2019 00:45, Biggles wrote: Internet mail between servers uses SMTP which isn't encrypted. pretty sure it can be and routinely is. But not universally. Viz TLS and friends. When you specify TLS for an E-Mail account I think it simply means that TLS is used to encrypt the password, not when actually transferring the E-Mail. -- Chris Green · |
How secure was / is email
|
How secure was / is email
|
How secure was / is email
On 24/01/2019 09:27, Chris Green wrote:
The Natural Philosopher wrote: On 24/01/2019 00:45, Biggles wrote: Internet mail between servers uses SMTP which isn't encrypted. pretty sure it can be and routinely is. But not universally. Viz TLS and friends. When you specify TLS for an E-Mail account I think it simply means that TLS is used to encrypt the password, not when actually transferring the E-Mail. If you use STARTTLS, or SSL[1] for the transport layer, then the entire content is encrypted for transport as well. [1] SSL using secure sockets layer and all of the conversation between client and mail server is encrypted from the start. STARTLS starts the connection on an unencrypted link, but then negotiates up to a fully encrypted one for the message exchange takes place. -- Cheers, John. /================================================== ===============\ | Internode Ltd - http://www.internode.co.uk | |-----------------------------------------------------------------| | John Rumm - john(at)internode(dot)co(dot)uk | \================================================= ================/ |
How secure was / is email
On 24/01/2019 08:07, Andy Burns wrote:
Biggles wrote: Internet mail between servers uses SMTP which isn't encrypted. With a large number of users coalescing around gmail.com, office365/outlook.com/hotmail.com etc, they do use SMTP between servers when the sender and receiver both support it Search for TLS or SMTPS*** in headers, you may be surprised, but it isn't universal. I stand corrected! As you say though, not universal, so can't rely on encryption (yet). -- Biggles |
How secure was / is email
On Thursday, 24 January 2019 09:12:18 UTC, The Natural Philosopher wrote:
On 24/01/2019 00:45, Biggles wrote: Internet mail between servers uses SMTP which isn't encrypted. pretty sure it can be and routinely is. But not universally. It's getting there. Most large-scale tests report e.g. (https://transparencyreport.google.co...overview?hl=en) that ~90% of all SMTP traffic is now encrypted in transit. The vast majority of this is with opportunistic TLS which is pretty much as vulnerable to compromise to no TLS at all as the session initiation is performed in the clear and thus is vulnerable to a man-in-the-middle attack. Mandatory TLS for all SMTP traffic is becoming the ultimate goal with various mechanisms now emerging to enabled a gradual move towards that. |
How secure was / is email
On Friday, 25 January 2019 23:47:16 UTC, Mathew Newton wrote:
On Thursday, 24 January 2019 09:12:18 UTC, The Natural Philosopher wrote: On 24/01/2019 00:45, Biggles wrote: Internet mail between servers uses SMTP which isn't encrypted. pretty sure it can be and routinely is. But not universally. It's getting there. Most large-scale tests report e.g. (https://transparencyreport.google.co...overview?hl=en) that ~90% of all SMTP traffic is now encrypted in transit. The vast majority of this is with opportunistic TLS which is pretty much as vulnerable to compromise to no TLS at all as the session initiation is performed in the clear and thus is vulnerable to a man-in-the-middle attack. Mandatory TLS for all SMTP traffic is becoming the ultimate goal with various mechanisms now emerging to enabled a gradual move towards that. My service provider forced me to start using TLS last year for the link between my email client and their mail server. This forced me to stop using Eudora. They use TLS for onward transmission whenever possible, but only if it is supported at the other end. As you say, that does allow the possibility of MITM attacks for some routes. John |
| All times are GMT +1. The time now is 10:10 PM. |
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright 2004 - 2014 DIYbanter