mlord
join:2006-11-05
Nepean, ON
kudos:9 Reviews:
 ·Start Communicat..
 ·TekSavvy Cable
·TekSavvy DSL
| reply to rocca
Re: Start.ca: Authenticated SMTP for outgoing email?
Anybody can see my email password | 
Leftover expired SSL cert |
said by rocca:For roaming you can use 465, and it uses pop3 before smtp authorization. Oh, so it triggers a temporary permission for smtp based on seeing pop3 just beforehand (within a few minutes, I suppose) ? Cute.
I'm not happy with unencrypted passwords, though. That's simply not usable.
There appears to be an expired security certificate on the mail server, but nothing uses it. |
|
mlord
join:2006-11-05
Nepean, ON
kudos:9 Reviews:
·Start Communicat..
·TekSavvy Cable
·TekSavvy DSL
| said by mlord:I'm not happy with unencrypted passwords, though. That's simply not usable. Lack of SSL means anyone can read any Start.ca users' email on the same cable segment. Okay, that's not great, but commonplace.
Worse though, MUCH worse, is lack of protection for the email account credentials (password). This means anyone can similarly then log in to Start.ca email as somebody else, and read/delete their emails, and send emails "from" that user. All without the user even knowing. That's bad, really bad.
Or am I missing something here? |
|
 roccaStart.caPremium
join:2008-11-16
London, ON
kudos:11 | said by mlord:Worse though, MUCH worse, is lack of protection for the email account credentials (password). You can use encrypted port 995 for POP3. |
|
mlord
join:2006-11-05
Nepean, ON
kudos:9 | Isn't that the port with the expired certificate?
I thought I tried that already (failed). Will try again, maybe finger trouble.  |
|
mlord
join:2006-11-05
Nepean, ON
kudos:9 Reviews:
·Start Communicat..
·TekSavvy Cable
·TekSavvy DSL
| 
Encryption, yay! |
with the expired security certificate from Start.ca.
Cheers |
|
