Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


11912 posts

Uber Geek
+1 received by user: 3861

Trusted
Lifetime subscriber

Topic # 161917 23-Jan-2015 10:58
Send private message

I have my Yosemite email app using both my Apple email addresses and my Gmail addresses. I never log in using the browser unless I am away from my office.

If I send an email from the Gmail address written in Mac Mail app, is it secure? If not, can I make it so?





Create new topic
1408 posts

Uber Geek
+1 received by user: 261

Subscriber

  Reply # 1221951 25-Jan-2015 17:55
Send private message

From what I understand when you send email via GMail the SMTP connection is secure but I'm unsure whether Google has end to end encryption once it leaves their own servers - according to one blog entry they do.




Laptop: MacBook Pro (15-inch, 2017)
Desktop: iMac (27-inch, 2017)
Smartphone: Samsung Galaxy S9 Plus 256GB 'Lilac Purple'
Additional devices: Unifi Security Gateway, Unifi Switch, Unifi AP AC HD, Unifi Cloud Key, Apple TV 4K 64GB
Services: G-Suite, YouTube Premium, Wordpress, Skinny

 


27071 posts

Uber Geek
+1 received by user: 6510

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1221984 25-Jan-2015 19:33
3 people support this post
Send private message

Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.


379 posts

Ultimate Geek
+1 received by user: 30

Trusted

  Reply # 1221996 25-Jan-2015 19:55
Send private message

sbiddle: Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.


Wouldn't the receiver be connecting via a POP or IMAP server, rather than SMTP?

One potential problem is if the receiver replies to your message using unsecured SMTP, and copies your original message.

Dr C.





BDFL - Memuneh
61339 posts

Uber Geek
+1 received by user: 12089

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1222018 25-Jan-2015 20:07
2 people support this post
Send private message

The connection from your email client to Google servers is secure. The connection from one Google server to another is secure. Anything that goes out to another server - it's a postcard.

That's with any email service.




27071 posts

Uber Geek
+1 received by user: 6510

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1222022 25-Jan-2015 20:16
Send private message

DrCheese:
sbiddle: Email is an inherently insecure platform being based on SMTP. Even if your end is secure the destination may be plain text SMTP.


Wouldn't the receiver be connecting via a POP or IMAP server, rather than SMTP?

One potential problem is if the receiver replies to your message using unsecured SMTP, and copies your original message.

Dr C.


The service the end user uses is irrelevant - it's the fact plain text SMTP is still used to deliver the vast majority of the world's email BETWEEN providers. Once your email leaves your provider there is a fairly high probability of it using plain text SMTP to send that to the destination email server.

1828 posts

Uber Geek
+1 received by user: 215
Inactive user


  Reply # 1222025 25-Jan-2015 20:18
Send private message

Unless your using your own encryption never trust anything via email especially Gmail 



11912 posts

Uber Geek
+1 received by user: 3861

Trusted
Lifetime subscriber

  Reply # 1222827 26-Jan-2015 22:10
Send private message

Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.





27071 posts

Uber Geek
+1 received by user: 6510

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1222924 27-Jan-2015 07:22
Send private message

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


The solution is to not use email.

Email is inherently insecure. You can't change that without building something from scratch that would not be backwards compatible - and you could argue there are plenty of such IM solutions out there already that do just that and are the modern replacement.






11912 posts

Uber Geek
+1 received by user: 3861

Trusted
Lifetime subscriber

  Reply # 1223177 27-Jan-2015 12:44
Send private message

sbiddle:
Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


The solution is to not use email.

Email is inherently insecure. You can't change that without building something from scratch that would not be backwards compatible - and you could argue there are plenty of such IM solutions out there already that do just that and are the modern replacement.





I'm imagining something that encrypts when you press send and decrypts when the recipient enters a PIN you agreed on in advance.





BDFL - Memuneh
61339 posts

Uber Geek
+1 received by user: 12089

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1223191 27-Jan-2015 13:03
Send private message

There are a few solutions that will do that for you. But not a standard so parties have to agree on tools in first place.






11912 posts

Uber Geek
+1 received by user: 3861

Trusted
Lifetime subscriber

  Reply # 1223202 27-Jan-2015 13:12
Send private message

freitasm: There are a few solutions that will do that for you. But not a standard so parties have to agree on tools in first place.


Oh OK. Seems like time for a standard..!

Which solutions like that work with Mac?





94 posts

Master Geek
+1 received by user: 55


  Reply # 1292090 27-Apr-2015 09:25
Send private message

Which solutions like that work with Mac?


You might want to start by looking at GPG Tools. As stated earlier both parties would need to agree on a tool beforehand.

21469 posts

Uber Geek
+1 received by user: 4362

Trusted
Subscriber

  Reply # 1292101 27-Apr-2015 09:48
Send private message

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


They have, many times over, they all go and make something to satisfy their obsession of being technically perfect  (which it isnt) and totally screw over the usability of the products. And because there are so many of them you have to be using the same one as the recipient to be able to communicate, and that breaks the universal compatibility which makes email the sucess that it is.




Richard rich.ms

21469 posts

Uber Geek
+1 received by user: 4362

Trusted
Subscriber

  Reply # 1292103 27-Apr-2015 09:50
Send private message

Geektastic:
I'm imagining something that encrypts when you press send and decrypts when the recipient enters a PIN you agreed on in advance.


So totally not secure at all then? How do you agree on this pin number? How long will it be? how do you ensure that you are giving the pin number to the right person, how to you ensure that the pin number being given is not intercepted by someone else who can then decode or modify the message? What are you doing to just stop brute force of the pin?




Richard rich.ms

18324 posts

Uber Geek
+1 received by user: 5251

Trusted
Lifetime subscriber

  Reply # 1292106 27-Apr-2015 09:55
Send private message

Geektastic: Hmm. You'd think some clever nerdy type somewhere would have figured out how to deal with this by now to make it secure - it's been a while.


Every single person on the planet who isn't using a secured internal network (and lots that are) are using SMTP. Coming up with a new secure transmit function would be by some margin, easier, than getting everyone to switch, and even harder again, would be getting people to agree on said standard.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.