andyv420
join:2005-02-06 | Poll: What is most secure Web-based email?
And why??
Please post your replies. Thanks. Just worth something new as for polls. |
|
garys_2k
join:2004-05-07
Farmington, MI | »www.hushmail.com/
Secure because it uses browser encryption end to end and only stores the encrypted data on their servers. |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| reply to andyv420
Email isn't truly secure unless you encrypt it, because no matter who hosts your email, it passes through other servers and nodes on its way from origin to destination. That is why you should never put your credit card numbers or SSN (SIN in Canada) in an unencrypted email.
How secure do you need your email to be?
Assuming that you aren't putting anything as confidential as a credit card number or SSN in your email, I have this to say...
One could argue a small web based email is going to be more secure because it is a smaller target. Hackers and scriptkiddies won't be targetting it.
So a small ISPs webmail offering might be the most secure.
(One can scoff and call this security by obscurity, but for many things security by obsurity is a valid layer. But like any other security layer security by obscurity cannot be relied upon.)
On the other hand, if the ISP is too small, they might not have the expertise or the budget for all the other layers of security.
Also, the larger sites, like Hotmail and Yahoo have been probed and tested.
--
(Virus&Hijacking FAQ + Submit suspected malware + Backups FAQ + Security FAQ TOC) |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to andyv420
Here is the FAQ on creating polls.
»Site FAQ »How do I make a POLL? |
|
andyv420
join:2005-02-06 | I tried Hushmail and its VERY VERY VERY VERY SLOWWWWWWWW...
I do not know why maybe because its encryption or something but its very slow.
And as for Polls, I will work on that later... |
|
g3guy
join:2002-08-03
Sedona, AZ
| reply to andyv420
Some questions lead to others. I have a few Yahoo email accounts in addition to my "real" one. I never thought to try the secure mode until now. It seems the login is secure "lock" , check, yes 128 bit encryption. But from then on including the sent messages there is no indication of any "secure" mode.
No more lock, no more encryption. What am I missing here? Where is the "secure"? |
|
andyv420
join:2005-02-06 | You know what? you are right. I was on Yahoo's login page, and there is no pad-lock on my browser. And its even on the Secure mode.
Thats scary |
|
Djdeadly
join:2000-11-03
San Jose, CA | Its only secure for the login, the rest is unsecure. |
|
sded
Premium
join:2002-11-04
San Diego, CA
 ·DSL EXTREME
4 edits | reply to andyv420
The only secure Web based email I have used is gmail. Yahoo and Hotmail are not, except for login. Best is an ISP that supports secure SSL/TLS email for POP and IMAP, along with a secure webmail site (mine does). Or enable the secure POP interface for gmail if you need it.
Note on gmail: In FF I get redirected to an http site after https login, and need to access the page again with https from the address bar for secure messages. PITA. Opera does it correctly. IE appears to also. |
|
g3guy
join:2002-08-03
Sedona, AZ | reply to andyv420
And what does a secure login get me? My point is that when you see "secure", just as in banking, credit, puchases, on line, the entire event is secured. So your login info is encrypted and your mail is in plain sight. Makes sense to me! |
|
zetan
Heart Of Steel
Premium
join:2003-11-22
Vallejo, CA
| reply to andyv420
Encrypt the text of the Email. Then upload it.
Whoever downloads it, needs the password. Then they manage the stuff locally.
Software for Steganography (hiding text in pictures and wav files) is what I use for sensitive material. Even if intercepted, if the software is good - they got nothing. Use a strong password and voila.
You can also make self un encrypting files, so the other person does not need to have the same program. It will self unpack.
Any text sent unencrypted is going to be on someone's server, to be read by anyone who has access.
I'm not an expert. Far from it. Some of these guys here are. But I thought I chime in, since this has been working for me very well for many years.
--
Life is an Express Elevator to Hell. |
|
sMh
join:2003-08-24 | reply to andyv420
Does anyone here trust web based email services enough to use them to store contacts addresses/phone numbers etc? |
|
zetan
Heart Of Steel
Premium
join:2003-11-22
Vallejo, CA
| said by sMh  :Does anyone here trust web based email services enough to use them to store contacts addresses/phone numbers etc? I'd never put my address book on any web based email. Also, all the emails used are for just casual use, and heavily encrypted files for storage.
I do use Gmail's G-drive thing, so I can store some data, but they're of medium sensitivity and encrypted up to 1344 bit strength.
Other than that, no way no how. My HD is vulnerable enough. Although it is also fully encrypted. So call me paranoid - again 
--
Life is an Express Elevator to Hell. |
|
silasshu
join:2004-04-25
Vancouver, BC | reply to andyv420
Here's a good email forum:
»www.emailaddresses.com/forum/for···rumid=16 |
|
marti
Color outside the lines
Premium,MVM
join:2001-12-14
Houston, TX
clubs: | reply to andyv420
SSL is not secure email, as I can read emails sent to me via a SSL connection, in any POP3 email client, or web-based email account.
Maybe the OP should tell us why he (she?) is asking the question? |
|
mboy
Premium
join:2001-04-13
Little Falls, NJ | reply to andyv420
ziplip.com is very secure (even checked by sniffing traffic). Obviosuly, you have to use the encrypt feature, but it does Secure Sockets at the very least.
Too bad they will cease to exist by June. |
|
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
1 edit | reply to andyv420
The problem with insecure email goes beyond someone signing on to your account.
First, unless you digitally sign your email, and the recipients know how to validate your signature, anyone can fake sending an email by you -- even if they cannot sign onto your actual email account. They simply have to spoof the sent-by address. Something most POP3 based email tools will allow them to do.
Second, unless the recipient of your email is using the same service, AND unless ALL the web pages presenting the email have the "lock" icon in the window border, then your email will be passing, unencrypted through various email relays on the internet. And at any of these points the email contents could be read.
So answering this question really does require knowing what kind of security you are looking for.
As to storing contacts in a webmail address book, I do that.
Just make sure you have a copy of the address book you can access and read locally, independant of the webmail tool, in case the webmail account suddenly stops working (which can happen if there is an errant spam complaint). |
|
sded
Premium
join:2002-11-04
San Diego, CA
·DSL EXTREME
4 edits | reply to marti
SSL supports secure email. You can read it via https from a web browser or a pop3 client that supports it. The email is secure from the server to your email client; after that it is your problem. Yahoo and Hotmail do only secure login, and send the email in the clear to you-not good if you have a wireless link, for example. One deficiency of gmail is that you can also read it through a standard http page that is not encrypted-why they allow that for the website I don't understand, it is disallowed for pop access. But both the https website and the pop3 access via ports 995 (pop3) and 587 (smtp) are secure and discussed on their pop setup page. I use both. Message encryption is another issue, and assumes you have a plaintext link or are being intercepted by someone within your LAN after you have decrypted the SSL email in your client. Difference between owning a STU and a copy of PGP. |
|
marti
Color outside the lines
Premium,MVM
join:2001-12-14
Houston, TX
clubs: | sded,
I use SSL email everyday, and I do understand how it works. The OP asked about a secure web-based email provider.
Again, my question to the OP is why are you asking the question? |
|
sded
Premium
join:2002-11-04
San Diego, CA
·DSL EXTREME
3 edits | For gmail, at least, you can't read email via port 110 of an email client or send via port 25 unencrypted, so I think saying you can read it using any email client is not recognizing the inherent security of gmail-they deserve some credit. It can only be read/sent using encrypted SSL access to the gmail server. I mentioned above that I think allowing unsecured http access to it is an anomaly, and I certainly wouldn't use it, but they do also provide a secure https webmail alternative not supported by either Hotmail or Yahoo mail. And I don't really understand the question either. Or what one might ask in a poll?:) |
|
