Re: Is mutt secure enough?

To: Mutt-users-list <mutt-users@xxxxxxxx>
Subject: Re: Is mutt secure enough?
From: David Yitzchak Cohen <lists+mutt_users@xxxxxxxxxxxxxx>
Date: Sat, 21 Feb 2004 19:48:35 -0500
In-reply-to: <Pine.LNX.4.58.0402220558530.4485@lnubb>
List-unsubscribe: <mailto:mutt-users-request@mutt.org?body=unsubscribe>
Mail-followup-to: Mutt-users-list <mutt-users@xxxxxxxx>
References: <Pine.LNX.4.58.0402210236260.14916@lnubb> <20040220232617.GB25061@xxxxxxxxxxxxxxx> <Pine.LNX.4.58.0402210532001.14711@lnubb> <20040221071319.GA28773@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.58.0402220558530.4485@lnubb>
Sender: owner-mutt-users@xxxxxxxx
User-agent: Mutt/1.5.6i

On Sat, Feb 21, 2004 at 07:35:12PM EST, Mutt-user wrote:
> On Sat, 21 Feb 2004, Mark Frank wrote:
> > * On Sat, Feb 21, 2004 at 05:40:54AM +0530 Mutt-user wrote:
> > > On Fri, 20 Feb 2004, jacob[at]buildtheb0x.com wrote:

> > > This might be a good idea since I'm the only one using this puter, and
> > > your assumtion was correct, sorry if I caused any confusion. Actually I
> > > have a bash script that runs the whole command ... I have 3 scripts, one
> > > for each account. Now, I'm relaxed knowing that the isp guys or anyone in
> > > the middle can't get the password so easily.
> >
> > The ISP guys who have root privilege and can read any of your email any
> > time they want and the people in the middle who saw your email traverse
> > the whole Internet unencrypted before it got to your mail server?
> >
> > If your email is as interesting to strangers as mine is, I doubt anyone
> > will bother.
> 
> Sometimes it is interesting and those emails I wouldn't like the isp
> guys to read ...

If you want the content of your email to be safe from the admins of all
the SMTP servers between every sender and your IMAP server, an option is
to ask everybody to encrypt email sent to you.  If you want the contents
of your outgoing mail to be safe from prying eyes, simply encrypt your
own outgoing mail.

> but well, I said it's possible too but not easy. Do you
> mean it's easy for the isp guys to read the passwords and ssl emails too?
> I mean this small isp who has some windoze guys as admins?

If they are running an SMTP server that mail to you travels through
(say, the sender uses them as his outgoing SMTP server), the script
kiddy son of one of 'em will be more than glad to sniff any email they're
interested in reading.

> My emails are not at the isp server, btw, the email server is far away and
> in trusting hands! Would you mind explaining a bit more clearly please?

If your IMAP server were under your ISP's control, the problem would
be far worse, since they'd not only know every mail that came for you,
but they'd also know all your mail activities (which messages you read,
which you responded to, etc.).  I'd hestitate to let anybody else control
my IMAP server, unless I really trusted the guy.  (I simply treat my
external IMAP accounts as if they were POPs, and fetchmail everything
off them onto my own local IMAP server.)

 - Dave

-- 
Uncle Cosmo, why do they call this a word processor?
It's simple, Skyler.  You've seen what food processors do to food, right?

Please visit this link:
http://rotter.net/israel

Attachment: pgpF0cjIecgf5.pgp
Description: PGP signature

References:
- Re: Is mutt secure enough?
  - From: jacob[at]buildtheb0x.com
- Re: Is mutt secure enough?
  - From: Mark Frank

Prev by Date: Re: send-hook upon preceding To:
Next by Date: Re: Multiple Recipient Confusion
Previous by thread: Re: Is mutt secure enough?
Next by thread: [no subject]
Index(es):
- Date
- Thread