Author Topic: Mail accounts with and without SSL  (Read 3763 times)

0 Members and 1 Guest are viewing this topic.

Offline Hubbaman

  • Jr. Member
  • **
  • Posts: 47
Mail accounts with and without SSL
« on: May 18, 2011, 08:27:55 PM »
Hi,
Sorry if this is too far off topic, but I'd like to ask this as a follow up to this thread:
http://forum.avast.com/index.php?topic=78214.0

My recent mail problems (solved) got me thinking. My mail account with my ISP uses SSL. I also have mail accounts for a domain I own, hosted through a web hotel. These are not secured with SSL. I am investigating how I can set this up with them now, it seems I have to pay an extra fee, hopefully not much.

I wonder what the risks are in using mail accounts without SSL? I connect from home using my ADSL connection. However, I have sometimes logged into my mail accounts using the web interface which has been http and not https.

And by the way, why are non-SSL accounts listed under SSL accounts in Avast? (They are marked with Encryption: None.)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: Mail accounts with and without SSL
« Reply #1 on: May 18, 2011, 08:48:29 PM »
Well they can be intercepted during transit, but that really is trying to shoot a moving target. They would also be either trying random IP addresses to try to monitor/intercept http/smtp traffic or targeting a specific IP address.#

All of this makes the actual chances of your email traffic http or smtp/pop3 a bit of a low risk.

I don't use webmail, generally only through an email client (currently thunderbird). I haven't specifically used SSL email in all the time I have been using the Internet (quite some time) and I haven't had an email account compromised (e.g. user name and password harvested).

Only recently since getting broadband one of my email accounts btinternet, which uses Yahoo to handle mail does it get sent using SSL. This email account however, I very rarely use as I too have my own domain name and email hosting for that and it isn't SSL either. I haven't considered upgrading that email hosting service to SSL as I personally don't think the risk great enough for the content of my emails.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Hubbaman

  • Jr. Member
  • **
  • Posts: 47
Re: Mail accounts with and without SSL
« Reply #2 on: May 18, 2011, 09:03:40 PM »
Thanks. So we are in the same boat.  :)

I have never found any indications that my accounts have been compromised. I guess there might be a chance that e-mail contents could be compromised, though? Anyway, I take care not to send very sensitive information by e-mail.


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: Mail accounts with and without SSL
« Reply #3 on: May 18, 2011, 09:11:17 PM »
Yes, the argument goes out of the window if the content of the email is sensitive/confidential/business, etc. But for rare occasions it could be sent in a zipped password protected attachment, sending the password in a separate email.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline sded

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1721
  • Me llamo Ed
Re: Mail accounts with and without SSL
« Reply #4 on: May 18, 2011, 09:30:13 PM »
Greatest risk of compromise of open email would be if you use wireless without WPA encryption of the link, as many public services do.  Any sniffer can then read all of the mail transmitted and received on that AP that does not use SSL.  For wired, you are at risk at all of the relays/servers along the way, but they are much more difficult to compromise.  Unless maybe you are worried about the Government.  Then use something like PGP in addition.  ;)
Windows 7 x64HP-SP1-No UAC, Opera 11.51, Avast! Internet Security 6.0.128, Webroot SecureAnywhere latest beta, Windows FW off, MVPS HOSTS, SAS/MBAM offline, Macrium Reflect just in case ;)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71416
  • No support PMs thanks
Re: Mail accounts with and without SSL
« Reply #5 on: May 18, 2011, 10:43:51 PM »
Thanks for the reminder about PGP I had completely forgotten about that.

Edit: and now the bad news.
Quote
PGP and Symantec are now one company. We are currently in the process of migrating content and functionality from the Altiris websites, and have created ...

I didn't know they had been taken over by the devil incarnate.
« Last Edit: May 18, 2011, 10:50:34 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2215 R2/ Outpost Firewall Pro9.1/ Firefox 36.0.4, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.4/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline sded

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1721
  • Me llamo Ed
Re: Mail accounts with and without SSL
« Reply #6 on: May 18, 2011, 11:07:06 PM »
Complain to the NSA then.  Oh wait; you are not in the US anyway.   ;D
Windows 7 x64HP-SP1-No UAC, Opera 11.51, Avast! Internet Security 6.0.128, Webroot SecureAnywhere latest beta, Windows FW off, MVPS HOSTS, SAS/MBAM offline, Macrium Reflect just in case ;)

Offline Hubbaman

  • Jr. Member
  • **
  • Posts: 47
Re: Mail accounts with and without SSL
« Reply #7 on: May 18, 2011, 11:58:24 PM »
Great. Thanks for the info!