UK diy (uk.d-i-y) For the discussion of all topics related to diy (do-it-yourself) in the UK. All levels of experience and proficency are welcome to join in to ask questions or offer solutions.

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 296
Default How secure was / is email

Hi All,

I always believed that in the olden days (10-20 years ago). email travelling across the internet
Was unencrypted and insecure.

Recently a couple of people have suggested to me that these days its encrypted and always was.

Is it?

Was it?

TIA

Chris
  #3   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 40,893
Default How secure was / is email



wrote in message
...
Hi All,

I always believed that in the olden days (10-20 years ago). email
travelling across the internet
Was unencrypted and insecure.

Recently a couple of people have suggested to me that these days its
encrypted and always was.


Is it?


Some of it is, particularly with apple.

Was it?


No.

  #6   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 10,998
Default How secure was / is email

Depends on what you mean by encrypted I guess.
You most certainly could send encrypted email, but not many actually
bothered most of the time.
Brian

--
----- --
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...

Blind user, so no pictures please
Note this Signature is meaningless.!
wrote in message
...
Hi All,

I always believed that in the olden day's (10-20 years ago). email
travelling across the internet
Was unencrypted and insecure.

Recently a couple of people have suggested to me that these days it's
encrypted and always was.

Is it?

Was it?

TIA

Chris


  #7   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 10,998
Default How secure was / is email

Yes the packets could be intercepted if they all went the same way I guess.

There really is no such thing as secure, just the likelihood of it being
insecure.
After all in transit you first have to be looking when it goes past unless
you want to store everything, examine it and then pass it on and I'd imagine
that would end up with a detectable latency!

I think in many ways the biggest danger today is that if somebody gets lots
of little clues about a person they may be able to identify them even if the
identity was encrypted as this is how private investigators used to work
with paper clues.
Brian

--
----- --
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...

Blind user, so no pictures please
Note this Signature is meaningless.!
"TimW" wrote in message
...
On 23/01/2019 09:58,
wrote:
Hi All,

I always believed that in the olden day's (10-20 years ago). email
travelling across the internet
Was unencrypted and insecure.

Recently a couple of people have suggested to me that these days it's
encrypted and always was.

Is it?

Yes, almost always

Was it?

No, not always

Secure 'in transit' as it were. A lot of people with server access at each
end could just read it if they wanted.

TW



  #8   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 40,893
Default How secure was / is email

Brian Gaff wrote

Yes the packets could be intercepted if they all went the same way I
guess.


There really is no such thing as secure, just the likelihood of it being
insecure.


Thats bull****, most obviously with net banking.

After all in transit you first have to be looking when it goes past unless
you want to store everything, examine it and then pass it on and I'd
imagine that would end up with a detectable latency!


Nothing to stop you keeping what passes thru your system.

I think in many ways the biggest danger today is that if somebody gets
lots of little clues about a person they may be able to identify them even
if the identity was encrypted as this is how private investigators used
to work with paper clues.


"TimW" wrote in message
...
On 23/01/2019 09:58, wrote:
Hi All,

I always believed that in the olden day's (10-20 years ago). email
travelling across the internet
Was unencrypted and insecure.

Recently a couple of people have suggested to me that these days it's
encrypted and always was.

Is it?

Yes, almost always

Was it?

No, not always

Secure 'in transit' as it were. A lot of people with server access at
each end could just read it if they wanted.

TW



  #10   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 296
Default How secure was / is email

Thanks all!


  #13   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 7,829
Default How secure was / is email

Biggles wrote:

Internet mail between servers uses SMTP which isn't encrypted.


With a large number of users coalescing around gmail.com,
office365/outlook.com/hotmail.com etc, they do use SMTP between servers
when the sender and receiver both support it

Search for TLS or SMTPS in headers, you may be surprised, but it isn't
universal.
  #14   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 39,563
Default How secure was / is email

On 24/01/2019 00:45, Biggles wrote:
Internet mail between servers uses SMTP which isn't
encrypted.


pretty sure it can be and routinely is. But not universally.

Viz TLS and friends.


--
Future generations will wonder in bemused amazement that the early
twenty-first centurys developed world went into hysterical panic over a
globally average temperature increase of a few tenths of a degree, and,
on the basis of gross exaggerations of highly uncertain computer
projections combined into implausible chains of inference, proceeded to
contemplate a rollback of the industrial age.

Richard Lindzen
  #15   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 1,970
Default How secure was / is email

The Natural Philosopher wrote:
On 24/01/2019 00:45, Biggles wrote:
Internet mail between servers uses SMTP which isn't
encrypted.


pretty sure it can be and routinely is. But not universally.

Viz TLS and friends.

When you specify TLS for an E-Mail account I think it simply means
that TLS is used to encrypt the password, not when actually
transferring the E-Mail.

--
Chris Green
·


  #18   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 25,191
Default How secure was / is email

On 24/01/2019 09:27, Chris Green wrote:
The Natural Philosopher wrote:
On 24/01/2019 00:45, Biggles wrote:
Internet mail between servers uses SMTP which isn't
encrypted.


pretty sure it can be and routinely is. But not universally.

Viz TLS and friends.

When you specify TLS for an E-Mail account I think it simply means
that TLS is used to encrypt the password, not when actually
transferring the E-Mail.


If you use STARTTLS, or SSL[1] for the transport layer, then the entire
content is encrypted for transport as well.

[1] SSL using secure sockets layer and all of the conversation between
client and mail server is encrypted from the start. STARTLS starts the
connection on an unencrypted link, but then negotiates up to a fully
encrypted one for the message exchange takes place.

--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/
  #19   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 81
Default How secure was / is email

On 24/01/2019 08:07, Andy Burns wrote:
Biggles wrote:

Internet mail between servers uses SMTP which isn't encrypted.


With a large number of users coalescing around gmail.com,
office365/outlook.com/hotmail.com etc, they do use SMTP between servers
when the sender and receiver both support it

Search for TLS or SMTPS*** in headers, you may be surprised, but it
isn't universal.


I stand corrected!

As you say though, not universal, so can't rely on encryption (yet).
--
Biggles
  #20   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 524
Default How secure was / is email

On Thursday, 24 January 2019 09:12:18 UTC, The Natural Philosopher wrote:
On 24/01/2019 00:45, Biggles wrote:
Internet mail between servers uses SMTP which isn't
encrypted.


pretty sure it can be and routinely is. But not universally.


It's getting there. Most large-scale tests report e.g. (https://transparencyreport.google.co...overview?hl=en) that ~90% of all SMTP traffic is now encrypted in transit.

The vast majority of this is with opportunistic TLS which is pretty much as vulnerable to compromise to no TLS at all as the session initiation is performed in the clear and thus is vulnerable to a man-in-the-middle attack. Mandatory TLS for all SMTP traffic is becoming the ultimate goal with various mechanisms now emerging to enabled a gradual move towards that.



  #21   Report Post  
Posted to uk.d-i-y
external usenet poster
 
Posts: 299
Default How secure was / is email

On Friday, 25 January 2019 23:47:16 UTC, Mathew Newton wrote:
On Thursday, 24 January 2019 09:12:18 UTC, The Natural Philosopher wrote:
On 24/01/2019 00:45, Biggles wrote:
Internet mail between servers uses SMTP which isn't
encrypted.


pretty sure it can be and routinely is. But not universally.


It's getting there. Most large-scale tests report e.g.
(https://transparencyreport.google.co...overview?hl=en)
that ~90% of all SMTP traffic is now encrypted in transit.

The vast majority of this is with opportunistic TLS which is pretty
much as vulnerable to compromise to no TLS at all as the session
initiation is performed in the clear and thus is vulnerable to a
man-in-the-middle attack. Mandatory TLS for all SMTP traffic is
becoming the ultimate goal with various mechanisms now emerging
to enabled a gradual move towards that.


My service provider forced me to start using TLS last year for the link
between my email client and their mail server. This forced me to stop
using Eudora. They use TLS for onward transmission whenever possible,
but only if it is supported at the other end. As you say, that does
allow the possibility of MITM attacks for some routes.
John
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can corporations read your email with the corporate domain? Was: Who can read your email? micky Home Repair 21 October 3rd 17 11:19 AM
email extractor , site , solutions , email based marketing , email marketing solution , email extractor , newsletter software , mass email , e-mail marketing , email marketing solutions , bulk email software , web advertising , email marketing , mark Nuclear Incorporation. www.nuclear-inc.com UK diy 0 April 5th 07 10:31 PM
Kitchen Floor Units and Granite - Secure before template ? ANt UK diy 10 January 14th 04 12:18 PM
Since I don't have any plans...whatsa best way to secure desk's back panel to side panels? (and other questions) Leon Woodworking 5 August 27th 03 05:08 AM
Lost my all my email and change of email addy Grant Erwin Metalworking 2 August 15th 03 12:30 AM


All times are GMT +1. The time now is 06:18 AM.

Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright 2004-2024 DIYbanter.
The comments are property of their posters.
 

About Us

"It's about DIY & home improvement"