How secure is email from OS X Yosemite Mail?

Forums › Mac OS › How secure is email from OS X Yosemite Mail?

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#161917 23-Jan-2015 10:58

I have my Yosemite email app using both my Apple email addresses and my Gmail addresses. I never log in using the browser unless I am away from my office.

If I send an email from the Gmail address written in Mac Mail app, is it secure? If not, can I make it so?

matisyahu

1639 posts

Uber Geek
+1 received by user: 355

Trusted

#1221951 25-Jan-2015 17:55

From what I understand when you send email via GMail the SMTP connection is secure but I'm unsure whether Google has end to end encryption once it leaves their own servers - according to one blog entry they do.

"When the people are being beaten with a stick, they are not much happier if it is called 'the People's Stick'"

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1221984 25-Jan-2015 19:33

Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.

DrCheese

382 posts

Ultimate Geek
+1 received by user: 32

Trusted

#1221996 25-Jan-2015 19:55

sbiddle: Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.

Wouldn't the receiver be connecting via a POP or IMAP server, rather than SMTP?

One potential problem is if the receiver replies to your message using unsecured SMTP, and copies your original message.

Dr C.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1222018 25-Jan-2015 20:07

The connection from your email client to Google servers is secure. The connection from one Google server to another is secure. Anything that goes out to another server - it's a postcard.

That's with any email service.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1222022 25-Jan-2015 20:16

DrCheese:
sbiddle: Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.

Wouldn't the receiver be connecting via a POP or IMAP server, rather than SMTP?

One potential problem is if the receiver replies to your message using unsecured SMTP, and copies your original message.

Dr C.

The service the end user uses is irrelevant - it's the fact plain text SMTP is still used to deliver the vast majority of the world's email BETWEEN providers. Once your email leaves your provider there is a fairly high probability of it using plain text SMTP to send that to the destination email server.

Athlonite

1828 posts

Uber Geek
+1 received by user: 210
Inactive user

#1222025 25-Jan-2015 20:18

Unless your using your own encryption never trust anything via email especially Gmail

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#1222827 26-Jan-2015 22:10

Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1222924 27-Jan-2015 07:22

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.

The solution is to not use email.

Email is inherently insecure. You can't change that without building something from scratch that would not be backwards compatible - and you could argue there are plenty of such IM solutions out there already that do just that and are the modern replacement.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#1223177 27-Jan-2015 12:44

sbiddle:
Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.

The solution is to not use email.

Email is inherently insecure. You can't change that without building something from scratch that would not be backwards compatible - and you could argue there are plenty of such IM solutions out there already that do just that and are the modern replacement.

I'm imagining something that encrypts when you press send and decrypts when the recipient enters a PIN you agreed on in advance.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1223191 27-Jan-2015 13:03

There are a few solutions that will do that for you. But not a standard so parties have to agree on tools in first place.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#1223202 27-Jan-2015 13:12

freitasm: There are a few solutions that will do that for you. But not a standard so parties have to agree on tools in first place.

Oh OK. Seems like time for a standard..!

Which solutions like that work with Mac?

New World

Shop on-line at New World now for your groceries (affiliate link).

Peamsable

98 posts

Master Geek
+1 received by user: 55
Inactive user

#1292090 27-Apr-2015 09:25

Which solutions like that work with Mac?

You might want to start by looking at GPG Tools. As stated earlier both parties would need to agree on a tool beforehand.

richms

29098 posts

Uber Geek
+1 received by user: 10207

Trusted

Lifetime subscriber

#1292101 27-Apr-2015 09:48

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.

They have, many times over, they all go and make something to satisfy their obsession of being technically perfect (which it isnt) and totally screw over the usability of the products. And because there are so many of them you have to be using the same one as the recipient to be able to communicate, and that breaks the universal compatibility which makes email the sucess that it is.

Richard rich.ms

richms

29098 posts

Uber Geek
+1 received by user: 10207

Trusted

Lifetime subscriber

#1292103 27-Apr-2015 09:50

Geektastic:
I'm imagining something that encrypts when you press send and decrypts when the recipient enters a PIN you agreed on in advance.

So totally not secure at all then? How do you agree on this pin number? How long will it be? how do you ensure that you are giving the pin number to the right person, how to you ensure that the pin number being given is not intercepted by someone else who can then decode or modify the message? What are you doing to just stop brute force of the pin?

Richard rich.ms

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#1292106 27-Apr-2015 09:55

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.

Every single person on the planet who isn't using a secured internal network (and lots that are) are using SMTP. Coming up with a new secure transmit function would be by some margin, easier, than getting everyone to switch, and even harder again, would be getting people to agree on said standard.