Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




12148 posts

Uber Geek
+1 received by user: 3963

Trusted
Lifetime subscriber

Topic # 161917 23-Jan-2015 10:58
Send private message

I have my Yosemite email app using both my Apple email addresses and my Gmail addresses. I never log in using the browser unless I am away from my office.

If I send an email from the Gmail address written in Mac Mail app, is it secure? If not, can I make it so?





Create new topic
1418 posts

Uber Geek
+1 received by user: 269

Subscriber

  Reply # 1221951 25-Jan-2015 17:55
Send private message

From what I understand when you send email via GMail the SMTP connection is secure but I'm unsure whether Google has end to end encryption once it leaves their own servers - according to one blog entry they do.




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: iPhone Xs Max 256GB 'Space Grey'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: iCloud, YouTube Premium, Wordpress, Skinny

 


27270 posts

Uber Geek
+1 received by user: 6699

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1221984 25-Jan-2015 19:33
3 people support this post
Send private message

Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.


 
 
 
 


379 posts

Ultimate Geek
+1 received by user: 30

Trusted

  Reply # 1221996 25-Jan-2015 19:55
Send private message

sbiddle: Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.


Wouldn't the receiver be connecting via a POP or IMAP server, rather than SMTP?

One potential problem is if the receiver replies to your message using unsecured SMTP, and copies your original message.

Dr C.





BDFL - Memuneh
61784 posts

Uber Geek
+1 received by user: 12438

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1222018 25-Jan-2015 20:07
2 people support this post
Send private message

The connection from your email client to Google servers is secure. The connection from one Google server to another is secure. Anything that goes out to another server - it's a postcard.

That's with any email service.




27270 posts

Uber Geek
+1 received by user: 6699

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1222022 25-Jan-2015 20:16
Send private message

DrCheese:
sbiddle: Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.


Wouldn't the receiver be connecting via a POP or IMAP server, rather than SMTP?

One potential problem is if the receiver replies to your message using unsecured SMTP, and copies your original message.

Dr C.


The service the end user uses is irrelevant - it's the fact plain text SMTP is still used to deliver the vast majority of the world's email BETWEEN providers. Once your email leaves your provider there is a fairly high probability of it using plain text SMTP to send that to the destination email server.

1828 posts

Uber Geek
+1 received by user: 215
Inactive user


  Reply # 1222025 25-Jan-2015 20:18
Send private message

Unless your using your own encryption never trust anything via email especially Gmail 



12148 posts

Uber Geek
+1 received by user: 3963

Trusted
Lifetime subscriber

  Reply # 1222827 26-Jan-2015 22:10
Send private message

Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.





27270 posts

Uber Geek
+1 received by user: 6699

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1222924 27-Jan-2015 07:22
Send private message

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


The solution is to not use email.

Email is inherently insecure. You can't change that without building something from scratch that would not be backwards compatible - and you could argue there are plenty of such IM solutions out there already that do just that and are the modern replacement.






12148 posts

Uber Geek
+1 received by user: 3963

Trusted
Lifetime subscriber

  Reply # 1223177 27-Jan-2015 12:44
Send private message

sbiddle:
Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


The solution is to not use email.

Email is inherently insecure. You can't change that without building something from scratch that would not be backwards compatible - and you could argue there are plenty of such IM solutions out there already that do just that and are the modern replacement.





I'm imagining something that encrypts when you press send and decrypts when the recipient enters a PIN you agreed on in advance.





BDFL - Memuneh
61784 posts

Uber Geek
+1 received by user: 12438

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1223191 27-Jan-2015 13:03
Send private message


12148 posts

Uber Geek
+1 received by user: 3963

Trusted
Lifetime subscriber

  Reply # 1223202 27-Jan-2015 13:12
Send private message

freitasm: There are a few solutions that will do that for you. But not a standard so parties have to agree on tools in first place.


Oh OK. Seems like time for a standard..!

Which solutions like that work with Mac?





98 posts

Master Geek
+1 received by user: 56


  Reply # 1292090 27-Apr-2015 09:25
Send private message

Which solutions like that work with Mac?


You might want to start by looking at GPG Tools. As stated earlier both parties would need to agree on a tool beforehand.

21614 posts

Uber Geek
+1 received by user: 4430

Trusted
Subscriber

  Reply # 1292101 27-Apr-2015 09:48
Send private message

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


They have, many times over, they all go and make something to satisfy their obsession of being technically perfect  (which it isnt) and totally screw over the usability of the products. And because there are so many of them you have to be using the same one as the recipient to be able to communicate, and that breaks the universal compatibility which makes email the sucess that it is.




Richard rich.ms

21614 posts

Uber Geek
+1 received by user: 4430

Trusted
Subscriber

  Reply # 1292103 27-Apr-2015 09:50
Send private message

Geektastic:
I'm imagining something that encrypts when you press send and decrypts when the recipient enters a PIN you agreed on in advance.


So totally not secure at all then? How do you agree on this pin number? How long will it be? how do you ensure that you are giving the pin number to the right person, how to you ensure that the pin number being given is not intercepted by someone else who can then decode or modify the message? What are you doing to just stop brute force of the pin?




Richard rich.ms

18748 posts

Uber Geek
+1 received by user: 5376

Trusted
Lifetime subscriber

  Reply # 1292106 27-Apr-2015 09:55
Send private message

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


Every single person on the planet who isn't using a secured internal network (and lots that are) are using SMTP. Coming up with a new secure transmit function would be by some margin, easier, than getting everyone to switch, and even harder again, would be getting people to agree on said standard.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.