Secure Email Using Public WiFi - Website Hosting - VPS Hosting - Domain Registration Ireland :: Blacknight

CuriousUser · #1 (**permalink**) 12-08-08, 09:38 PM

Hello,

I am a Blacknight customer with a Linux SOHO package. I will have some spare time soon, so I hope to explore your services a bit more... I think that I will also move to your new Minimus package... Anyway, let the questions begin...

I use open public WiFi networks a lot to access my email using IMAP. I am concerned about people sniffing my email communications and obtaining my username and password.

I use IMAP over SSL on port 993 (using the snake oil certificate

) for receiving my email, but I do not think that you support SMTP over SSL on port 465. (Encryption is required for sending since the SMTP server requires my username and password.) Instead, I use TLS on the standard SMTP port 25.

All of the above works great on my laptop (with Thunderbird).

However, I also access my email using PDAs and mobile phones that support IMAP and SMTP on the SSL ports, but they do not support these protocols on the standard ports using TLS. Therefore, sending email is a problem!

As a workaround I have created an email account that I use solely for logging into the SMPT server to send email. This means that if somebody does sniff the user name and password they cannot retrieve any of my real emails from my real account. However, they could use my SMTP server to send bad emails

Is this a better way of achieving the required security?

Thanks!

CU

blacknight · #2 (**permalink**) 12-08-08, 10:19 PM

I can ask one of our technical staff to address the queries related to our servers and what they support.
The SMTP protocol itself is not designed for security, so while you may be able to encrypt communications between your desktop / laptop / portable device and a mail server there is no encryption between that server and the rest of the internet.

CuriousUser · #3 (**permalink**) 12-08-08, 11:25 PM

Quote:

Originally Posted by blacknight

The SMTP protocol itself is not designed for security, so while you may be able to encrypt communications between your desktop / laptop / portable device and a mail server there is no encryption between that server and the rest of the internet.

Correct! If I want end-to-end security I encrypt the message itself. However, this does not prevent other people sniffing my SMTP password.

CU

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode