dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
6
« Good...which is why »
This is a sub-selection from How secure...

TuxRaiderPen2
Make America Great Again
join:2009-09-19

TuxRaiderPen2 to ptb42

Member

to ptb42

Re: How secure...

said by ptb42:
All you have to do is enable it. When another MTA connects to your mail server, it will ask if you support TLS, and negotiates the connection if you do.
Ahhh..but there is the rub... FEW actually ENABLE IT. Trust me... I've had tons of howling over this...it is widely DISABLED.

We refuse any non secure email now.. too bad... it is either sent on a secure connetion or go away!
ptb42
join:2002-09-30
USA

ptb42

Member

said by TuxRaiderPen2:

Ahhh..but there is the rub... FEW actually ENABLE IT. Trust me... I've had tons of howling over this...it is widely DISABLED.

I already showed how Google Mail has SMTP TLS enabled.

And here, you can see how sending email from a Yahoo account to a Gmail account uses TLS:

Received: from nm31.bullet.mail.ne1.yahoo.com (nm31.bullet.mail.ne1.yahoo.com. [98.138.229.24])
by mx.google.com with ESMTPS id asdfasff.21.2014.05.16.14.19.56
for TuxRaiderPen@gmail.com
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Fri, 16 May 2014 14:19:56 -0700 (PDT)

I am sure a lot of smaller mail servers haven't bothered to enable TLS. But, the big email providers, accounting for a very large portion of email address, have enabled TLS.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

said by ptb42:

I am sure a lot of smaller mail servers haven't bothered to enable TLS. But, the big email providers, accounting for a very large portion of email address, have enabled TLS.

Probably among the smallest ISPs in the U.S.:
Received: from [192.168.102.222] (reki.aosake.net [173.228.7.217])
        (authenticated bits=0)
        by d.mail.sonic.net (8.14.4/8.14.4) with ESMTP id s3K2BnPK031067
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT)
        for <**********@pacbell.net>; Sat, 19 Apr 2014 19:11:50 -0700
 

Almost certainly the largest:
Received: from FamilyPC ([24.20.126.137])
        by omta12.emeryville.ca.mail.comcast.net with comcast
        id ALxH1n00D57wvhC8YLxHpy; Sun, 05 Jan 2014 20:57:18 +0000
 

I need to find out if my Comcast correspondent is using SSL, because I thought Comcast allowed it.
ptb42
join:2002-09-30
USA

ptb42

Member


Received: from FamilyPC ([24.20.126.137])
by omta12.emeryville.ca.mail.comcast.net with comcast
id ALxH1n00D57wvhC8YLxHpy; Sun, 05 Jan 2014 20:57:18 +0000

This looks like the initial submission of a message from a PC mail client to Comcast's mail server. If they haven't configured their mail client to use SSL/TLS, it won't do so -- even if Comcast supports it.

As a consequence, they may also be exposing their account password, if Comcast requires it when accepting email from a customer.

I use Mozilla Thunderbird. It configures itself to use SSL by default, at least when connecting to Google Mail. I believe that Outlook Express supports it, but I don't think it's by default.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

said by ptb42:

I use Mozilla Thunderbird. It configures itself to use SSL by default, at least when connecting to Google Mail. I believe that Outlook Express supports it, but I don't think it's by default.

I am pretty sure the client has to be configured to use SSL; even T-Bird. I notice that the recent versions will automagically set up SSL for most of the "well-known" services; but I have to use the "manual override" to set up AT&T (Yahoo!) and my ISP accounts.

My Comcast correspondent is using MS Outlook 14.0; and probably defaulting to port 25.
« Good...which is why »
This is a sub-selection from How secure...