Poll: What is most secure Web-based email? in Security

Poll: What is most secure Web-based email? in Security http://www.dslreports.com/forum/r13077168 en Sat, 28 Nov 2009 21:33:46 EDT Sat, 28 Nov 2009 21:33:46 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13083686 Daniel : I personally like Squirrelmail, and I use it as the interface to the mail server that I built myself. I'm using 256-bit AES for both login and all subsequent viewing of mail, and any sensitive email data is encrypted by PGP.

Between Squirrelmail and Horde/IMP, I'd have to say that Squirrelmail is probably more secure given no specific informaiton on the matter. I say this based solely on the fact that Squirrelmail is far smaller, i.e. less code than the Horde project that has many facets and directions.

Hope this helps...
--
dmiessler.com - grep understanding knowledge]]> http://www.dslreports.com/forum/remark,13083686 Mon, 04 Apr 2005 10:26:34 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13083190 sded : One of the main beneficiaries of SSL email is public wireless use. With Gmail, or SSL/TLS access to you ISP mailservers, at least you can send and receive email anywhere without others reading and exploiting it. And it is free and not difficult to administer.]]> http://www.dslreports.com/forum/remark,13083190 Mon, 04 Apr 2005 08:59:53 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13083108 ghicken : The original poster doesn't clarify what is meant by 'web-based'. I don't think he is talking about Hotmail/Yahoo!/Google but rather IMP or Squirrelmail type of application.

I used IMP when I ran a home-based web server. I sacrificed my static IP for affordable high speed so I switched my main email to Gmail and run it in https mode. I ran IMP over Apache in https. I will agree that it doesn't make plain text emails any more secure but I don't like POP or IMAP clients anymore and having access to a web-based email client is very convenient. The SSL and/or TLS connect to the server just makes me feel better.

Many people I emailed in the mid nineties used PGP and it was nice to sign and/or encrypt the emails often. I don't think a tool has been made yet to make encrypting emails a user-friendly option and I never trusted PGP since the government dropped their case against Zimmermann.]]> http://www.dslreports.com/forum/remark,13083108 Mon, 04 Apr 2005 08:41:48 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13082076 leeb00 : SSL is great, but it only encrypts the email between you and your email provider! From that point the email hits MANY servers in an unencrypted state before it reaches it final destination.

Don't get me wrong, I insist on an email provider that has SSL logins and sessions. For me the best email company out there if Fastmail. www.fastmail.fm

The only really secure email solution is using PGP/GPG, and NOT storing your private key on any server other than your own PC, but I think this requirement would eliminate a web-based email solution.]]> http://www.dslreports.com/forum/remark,13082076 Mon, 04 Apr 2005 01:13:31 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081848 nonymous :

said by sded

:

The only secure Web based email I have used is gmail. Yahoo and Hotmail are not, except for login. Best is an ISP that supports secure SSL/TLS email for POP and IMAP, along with a secure webmail site (mine does). Or enable the secure POP interface for gmail if you need it.
Note on gmail: In FF I get redirected to an http site after https login, and need to access the page again with https from the address bar for secure messages. PITA. Opera does it correctly. IE appears to also.

just read the gmail disclosure or whatever it is called. lol
custom advertising? well how could it do that?]]> http://www.dslreports.com/forum/remark,13081848 Mon, 04 Apr 2005 00:19:28 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081769 Brano : I like »www.squirrelmail.org
Not sure if it's the most secure one, but you can use SSL to access the page and IMAPS when accessing mailboxes.
...and it's free ;)]]> http://www.dslreports.com/forum/remark,13081769 Mon, 04 Apr 2005 00:04:47 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081747 Raphion :

said by sded

:

Note on gmail: In FF I get redirected to an http site after https login, and need to access the page again with https from the address bar for secure messages. PITA. Opera does it correctly. IE appears to also.

I figured out a fix for this. Just change your Gmail bookmark to include the 's' for secure, like: »https://gmail.google.com/gmail . If you do that, you'll be directed to the secure inbox right after login.]]> http://www.dslreports.com/forum/remark,13081747 Mon, 04 Apr 2005 00:02:45 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081559 BillRoland : I just use point to point telepathy. Safest method I've found so far, YMMV.
--
"Don't steal. The government hates competition."]]> http://www.dslreports.com/forum/remark,13081559 Sun, 03 Apr 2005 23:35:34 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081444 sded : For gmail, at least, you can't read email via port 110 of an email client or send via port 25 unencrypted, so I think saying you can read it using any email client is not recognizing the inherent security of gmail-they deserve some credit. It can only be read/sent using encrypted SSL access to the gmail server. I mentioned above that I think allowing unsecured http access to it is an anomaly, and I certainly wouldn't use it, but they do also provide a secure https webmail alternative not supported by either Hotmail or Yahoo mail. And I don't really understand the question either. Or what one might ask in a poll?:)]]> http://www.dslreports.com/forum/remark,13081444 Sun, 03 Apr 2005 23:19:00 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081253 marti : sded,

I use SSL email everyday, and I do understand how it works. The OP asked about a secure web-based email provider.

Again, my question to the OP is why are you asking the question?]]> http://www.dslreports.com/forum/remark,13081253 Sun, 03 Apr 2005 22:54:41 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081177 sded : SSL supports secure email. You can read it via https from a web browser or a pop3 client that supports it. The email is secure from the server to your email client; after that it is your problem. Yahoo and Hotmail do only secure login, and send the email in the clear to you-not good if you have a wireless link, for example. One deficiency of gmail is that you can also read it through a standard http page that is not encrypted-why they allow that for the website I don't understand, it is disallowed for pop access. But both the https website and the pop3 access via ports 995 (pop3) and 587 (smtp) are secure and discussed on their pop setup page. I use both. Message encryption is another issue, and assumes you have a plaintext link or are being intercepted by someone within your LAN after you have decrypted the SSL email in your client. Difference between owning a STU and a copy of PGP.]]> http://www.dslreports.com/forum/remark,13081177 Sun, 03 Apr 2005 22:44:54 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081109 keith2468 : The problem with insecure email goes beyond someone signing on to your account.

First, unless you digitally sign your email, and the recipients know how to validate your signature, anyone can fake sending an email by you -- even if they cannot sign onto your actual email account. They simply have to spoof the sent-by address. Something most POP3 based email tools will allow them to do.

Second, unless the recipient of your email is using the same service, AND unless ALL the web pages presenting the email have the "lock" icon in the window border, then your email will be passing, unencrypted through various email relays on the internet. And at any of these points the email contents could be read.

So answering this question really does require knowing what kind of security you are looking for.

As to storing contacts in a webmail address book, I do that.

Just make sure you have a copy of the address book you can access and read locally, independant of the webmail tool, in case the webmail account suddenly stops working (which can happen if there is an errant spam complaint).]]> http://www.dslreports.com/forum/remark,13081109 Sun, 03 Apr 2005 22:36:36 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13081057 mboy : ziplip.com is very secure (even checked by sniffing traffic). Obviosuly, you have to use the encrypt feature, but it does Secure Sockets at the very least.
Too bad they will cease to exist by June.]]> http://www.dslreports.com/forum/remark,13081057 Sun, 03 Apr 2005 22:29:02 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13080970 marti : SSL is not secure email, as I can read emails sent to me via a SSL connection, in any POP3 email client, or web-based email account.

Maybe the OP should tell us why he (she?) is asking the question? ]]> http://www.dslreports.com/forum/remark,13080970 Sun, 03 Apr 2005 22:19:14 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13080811 silasshu : Here's a good email forum:

»www.emailaddresses.com/forum/for···rumid=16]]> http://www.dslreports.com/forum/remark,13080811 Sun, 03 Apr 2005 22:00:47 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13080604 zetan :

said by sMh

:

Does anyone here trust web based email services enough to use them to store contacts addresses/phone numbers etc?

I'd never put my address book on any web based email. Also, all the emails used are for just casual use, and heavily encrypted files for storage.

I do use Gmail's G-drive thing, so I can store some data, but they're of medium sensitivity and encrypted up to 1344 bit strength.

Other than that, no way no how. My HD is vulnerable enough. Although it is also fully encrypted. So call me paranoid - again :)
--
Life is an Express Elevator to Hell.]]> http://www.dslreports.com/forum/remark,13080604 Sun, 03 Apr 2005 21:34:06 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13079236 sMh : Does anyone here trust web based email services enough to use them to store contacts addresses/phone numbers etc? ]]> http://www.dslreports.com/forum/remark,13079236 Sun, 03 Apr 2005 18:08:36 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13078083 zetan : Encrypt the text of the Email. Then upload it.

Whoever downloads it, needs the password. Then they manage the stuff locally.

Software for Steganography (hiding text in pictures and wav files) is what I use for sensitive material. Even if intercepted, if the software is good - they got nothing. Use a strong password and voila.

You can also make self un encrypting files, so the other person does not need to have the same program. It will self unpack.

Any text sent unencrypted is going to be on someone's server, to be read by anyone who has access.

I'm not an expert. Far from it. Some of these guys here are. But I thought I chime in, since this has been working for me very well for many years.
--
Life is an Express Elevator to Hell.]]> http://www.dslreports.com/forum/remark,13078083 Sun, 03 Apr 2005 14:48:17 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077995 g3guy : And what does a secure login get me? My point is that when you see "secure", just as in banking, credit, puchases, on line, the entire event is secured. So your login info is encrypted and your mail is in plain sight. Makes sense to me! ]]> http://www.dslreports.com/forum/remark,13077995 Sun, 03 Apr 2005 14:33:54 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077840 sded : The only secure Web based email I have used is gmail. Yahoo and Hotmail are not, except for login. Best is an ISP that supports secure SSL/TLS email for POP and IMAP, along with a secure webmail site (mine does). Or enable the secure POP interface for gmail if you need it.
Note on gmail: In FF I get redirected to an http site after https login, and need to access the page again with https from the address bar for secure messages. PITA. Opera does it correctly. IE appears to also. ]]> http://www.dslreports.com/forum/remark,13077840 Sun, 03 Apr 2005 14:08:25 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077740 Djdeadly : Its only secure for the login, the rest is unsecure.]]> http://www.dslreports.com/forum/remark,13077740 Sun, 03 Apr 2005 13:51:09 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077719 andyv420 : You know what? you are right. I was on Yahoo's login page, and there is no pad-lock on my browser. And its even on the Secure mode.

Thats scary]]> http://www.dslreports.com/forum/remark,13077719 Sun, 03 Apr 2005 13:46:00 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077610 g3guy : Some questions lead to others. I have a few Yahoo email accounts in addition to my "real" one. I never thought to try the secure mode until now. It seems the login is secure "lock" , check, yes 128 bit encryption. But from then on including the sent messages there is no indication of any "secure" mode.
No more lock, no more encryption. What am I missing here? Where is the "secure"? ]]> http://www.dslreports.com/forum/remark,13077610 Sun, 03 Apr 2005 13:28:08 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077262 andyv420 : I tried Hushmail and its VERY VERY VERY VERY SLOWWWWWWWW...
I do not know why maybe because its encryption or something but its very slow.

And as for Polls, I will work on that later...]]> http://www.dslreports.com/forum/remark,13077262 Sun, 03 Apr 2005 12:30:02 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077244 keith2468 : Here is the FAQ on creating polls.

»Site FAQ »How do I make a POLL?]]> http://www.dslreports.com/forum/remark,13077244 Sun, 03 Apr 2005 12:27:59 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077239 keith2468 : Email isn't truly secure unless you encrypt it, because no matter who hosts your email, it passes through other servers and nodes on its way from origin to destination. That is why you should never put your credit card numbers or SSN (SIN in Canada) in an unencrypted email.

How secure do you need your email to be?

Assuming that you aren't putting anything as confidential as a credit card number or SSN in your email, I have this to say...

One could argue a small web based email is going to be more secure because it is a smaller target. Hackers and scriptkiddies won't be targetting it.

So a small ISPs webmail offering might be the most secure.

(One can scoff and call this security by obscurity, but for many things security by obsurity is a valid layer. But like any other security layer security by obscurity cannot be relied upon.)

On the other hand, if the ISP is too small, they might not have the expertise or the budget for all the other layers of security.

Also, the larger sites, like Hotmail and Yahoo have been probed and tested.
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC)]]> http://www.dslreports.com/forum/remark,13077239 Sun, 03 Apr 2005 12:27:08 EDT Re: Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077238 garys_2k : »www.hushmail.com/

Secure because it uses browser encryption end to end and only stores the encrypted data on their servers.]]> http://www.dslreports.com/forum/remark,13077238 Sun, 03 Apr 2005 12:27:02 EDT Poll: What is most secure Web-based email? http://www.dslreports.com/forum/remark,13077168 andyv420 : And why??

Please post your replies. Thanks. Just worth something new as for polls.]]> http://www.dslreports.com/forum/remark,13077168 Sun, 03 Apr 2005 12:14:08 EDT