Search  Rules  Login
TheBat English » The Bat! - Configuring the E-mail Client
Pages: 1
RSS
Some general questions about security
 
#1
0  
I don't know much about the way email systems work internally, so this question may seem stupid to some - but anyway please reply.

I have a theBat account where the connection to pop3 and smtp servers is 'Regular'

1. Does this mean that someone (ISP, LAN admin etc.) can intercept and read the emails that I receive & send (if messages are not encrypted)?

2. Does this mean that someone may get my mailbox password, or any information that can be used to logon to my mailbox ?

3. If the answer for 1. and/or 2. is Yes, what to do to prevent this? I mean, what I should require from my hosting company to ensure security?

Thanks.
 
 
 
#2
0  
The answer to question 1 and 2 are yes.

And I don't know for Bulgaria, but in a lot of countries your ISP has to store your internet traffic for some time, so the authorities can check those data when they're starting a criminal investigation against you.

In general your ISP won't use those tools on your traffic themselves as it would be Very Bad for their business if they were found out (not considering the possibility of lawsuits)

Concerning any LAN admins, you shouldn't use a LAN you don't trust the admin and that's not only because of this kind of stuff. Especially when you're so ignorant in these matters as you claim to be, the LAN is the first firewall between you and the big bad world. (Not to mention what a malicious admin could do to your system.)

In order to keep your ISP or LAN admin from reading your mail you should instruct your hosting company to offer secure connections. TLS, STARTTLS or SSL, whatever they call it.
However that only means that your ISP and admin won't be able to access your stuff. Folks at your hosting company can read your mail, after all it arrives at their server, doesn't it?
So do you trust your hosting company?

To make things even worse, your hosting company has an uplink too. And folks there can install sniffers too and thus intercept your mail. Because all mail sent unencrypted across the internet (unless the sender deleberately encrypted it) Of course it'll be more difficult for them as your mail is buried between a whole shitload of other traffic. But the same goes for your ISP compared to your LAN admin.

So there you are, you can't trust anybody, so you start your own mail server, but unfortunately all of your unencrypted messages can be intercepted by your ISP, their uplink and their uplink, etc. Though ýour traffic is likely to drown amidst the total traffic at your ISP's.

Oh. A free option for TLS is gmail. But do you trust a company that even stores your search conditions for 'future analysis'?

Trust is difficult. Somewhere you've got to trust somebody with your mail. Do your trust your bank with your money? Do you trust your phone company? Do you trust the postal agency with your snail mail? So how come you don't trust your ISP?
__________________________________
I'm just a user of The Bat! I don't work for Ritlabs.
 
 
 
#3
0  
thanks for clarifying things.
In general I trust everybody in the chain and have no reasons to worry someone will intercept my traffic. But a bit of paranoia is healthy. After all, encryption tools are used mostly by people who trust everyone and have no actual reasons to worry.  
 
 
 
#4
0  
You can use hardware tokens like iKey1000 to not allow the password to your mail account to be intercepted. Also TLS helps to protect the traffic from you to your mail server.

In order to protect the confidentiality, authenticity and integrity of messages in the whole way from you to your recipient regardless of the mail servers that both of you are using, consider working with PGP or S/MIME.
 
 
 
Pages: 1