blog: email safety

[nikos]

here's the comment area for today's blog post found at
http://zabkat.com/blog/email-security-smtp.htm

[Tuxman]

POP3? There is still someone using it?

E-mail is, by default, the opposite of secure. Secure communication was not among its design goals. - GnuPG is available for this simple reason.

[nikos]

I use POP3. I don't trust google or anyone else to carry my email

[Tuxman]

So why not IMAP?

[nikos]

with IMAP email stays on the server doesn't it? Convenient when accessing from multiple computers but I mostly use the same computer. I use IMAP for the exceptional times when I'm on the road. Anyway what I say in the article holds for IMAP too, if you stick to the default client port settings your IMAP will be unsecure too

[Tuxman]

with IMAP email stays on the server doesn't it?

If you want it to.

The main advantage is that you can filter into subdirectories on the server, so you won't lose your structure on a different client.

[terraswiss]

here's the comment area for today's blog post found at
http://zabkat.com/blog/email-security-smtp.htm

Hello Nikos

I tried it with my 2007 Outlook. It works but I have to accept this Security Warning. Any idea why, can I turn it off ?

Thanks,

[Tuxman]

Now this is why certificates exist.

[nikos]

your server's certificate has expired. This is something you should report to the guys that offer you the email server

[snemarch]

Please keep in mind that it's not the port numbers that are doing the magic - while it would be pretty stupid, somebody could easily host non-SSL/TLS mail services on those ports.

Also keep in mind that both IMAP and POP3 support authentication methods where your password isn't sent in plaintext... and that even if you use a SSL/TLS connection to your mail server, there's no guarantee that an email isn't going to be caught in plaintext somewhere along the way.

I hope you're not using Outlook for your own emails, that's a security problem in itself

[nikos]

I tried using port 465 to send emails without forcing SSL encryption, and the email server declined. So the port number in this case implies the use of encryption. I am not 100% certain that all email servers are as smart, so yes it is advisable to also tick the encryption boxes

as for outlook, I find it splendid for managing my huge email database, instant search, scripting and what have you

[Tuxman]

as for outlook, I find it splendid for managing my huge email database, instant search, scripting and what have you

MailStore Home and Thunderbird.

[Kilmatead]

Yeah, I'd vote thunderbird as well... I actually have the full licensed office version of Outlook but had to uninstall it as just being nonsense.  Couldn't find a single worthwhile aspect to it, certainly nothing "splendid" (I assume that's pronounced in your best colonial accent and served with tea and crumpets, yes?).  Thunderbird, however, could at least qualify as "spiffy".  Though it is amusing to see how much people arbitrarily charge for meaningless Outlook plugins, seemingly just to rape and the pillage the captive office community.  Scary.

[nikos]

can you write scripts in thunderbird to extract emails from a mail folder? We are not talking about casual use here, outlook is one of my most used programs

[Kilmatead]

Never having tried, I couldn't say (email is is just regular mail without stamps to me, it doesn't have to dance for its dinner) - but the starting point for Mozilla products like Firefox and Thunderbird has always been that there's basically nothing you can't do if you want to, and they invite the user to do so.  MS only invite you to download rather large service packs that never seem to do very much besides break things (my experience with Outlook, Office, and VS, at least).

Besides, the only reason you're still using outlook is that they haven't gotten around to forcing The Ribbon upon you, yet.  Never mind turning you into a Metrosexual.