dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9
share rss forum feed

mlord

join:2006-11-05
Nepean, ON
kudos:13
Reviews:
·Start Communicat..
reply to rocca

Re: Start.ca: Authenticated SMTP for outgoing email?

Click for full size
Anybody can see my email password
Click for full size
Leftover expired SSL cert
said by rocca:

For roaming you can use 465, and it uses pop3 before smtp authorization.

Oh, so it triggers a temporary permission for smtp based on seeing pop3 just beforehand (within a few minutes, I suppose) ? Cute.

I'm not happy with unencrypted passwords, though. That's simply not usable.
There appears to be an expired security certificate on the mail server, but nothing uses it.

mlord

join:2006-11-05
Nepean, ON
kudos:13
Reviews:
·Start Communicat..

said by mlord:

I'm not happy with unencrypted passwords, though. That's simply not usable.

Lack of SSL means anyone can read any Start.ca users' email on the same cable segment. Okay, that's not great, but commonplace.

Worse though, MUCH worse, is lack of protection for the email account credentials (password). This means anyone can similarly then log in to Start.ca email as somebody else, and read/delete their emails, and send emails "from" that user. All without the user even knowing. That's bad, really bad.

Or am I missing something here?


rocca
Start.ca
Premium
join:2008-11-16
London, ON
kudos:23

said by mlord:

Worse though, MUCH worse, is lack of protection for the email account credentials (password).

You can use encrypted port 995 for POP3.

mlord

join:2006-11-05
Nepean, ON
kudos:13

Isn't that the port with the expired certificate?
I thought I tried that already (failed). Will try again, maybe finger trouble.


mlord

join:2006-11-05
Nepean, ON
kudos:13
Reviews:
·Start Communicat..


Encryption, yay!
Yup, must have been user-error. It's working now,
with the expired security certificate from Start.ca.

Cheers