Bitcoin Forum>Economy>Marketplace>Currency exchange
Author

Topic: Mt Gox insecure SMTP mail, such a shame! (Read 1030 times)

it-zone
newbie
Activity: 37
Merit: 0
Mt Gox insecure SMTP mail, such a shame!
August 17, 2013, 07:57:34 PM
#5
If between my mail server and Mt.Gox there is SSL link, no third person is able to read that mail.

PGP is not needed. SSL encrypted SMTP would be sufficient and is commonly deployed, but not at Mt Gox.

If you want to kill an ant, you do not need to use a ManPad. Encrypted traffic is secure enough to eliminate the risk, assuming the mail server belongs to you. PGP gives an additional level of security, above the mandatory SSL SMTP.
salfter
hero member
Activity: 651
Merit: 501
My PGP Key: 92C7689C
Re: Mt Gox insecure SMTP mail, such a shame!
August 17, 2013, 12:53:05 PM
#4
Quote from: Atruk on August 17, 2013, 12:40:21 PM
Quote from: it-zone on August 17, 2013, 09:17:07 AM
(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)

Honestly you are better off doing GPG...

This. Email is inherently insecure and should be treated as such. It's not much different than sending a postcard. Adding SSL to some of the connections over which a message might travel doesn't change this. PGP (or GPG) is the email equivalent of stuffing a letter in an envelope before it goes in the mail; it keeps your message secure en route.

If the OP is really concerned about the security of his correspondence with MtGox, he should ask to exchange PGP public keys with them.
Atruk
hero member
Activity: 700
Merit: 500
Re: Mt Gox insecure SMTP mail, such a shame!
August 17, 2013, 12:40:21 PM
#3
Quote from: it-zone on August 17, 2013, 09:17:07 AM
(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)

Honestly you are better off doing GPG...
it-zone
newbie
Activity: 37
Merit: 0
Re: Mt Gox insecure SMTP mail, such a shame!
August 17, 2013, 11:58:22 AM
#2
I cannot agree, I have msg volume of ~1mln/day and more than 85% is encrypted, including mail from most of bigger providers. It is really easy to make your mail server encrypting traffic and the fact Mt Gox is not doing it, shows them in a very bad light. They do not care about security of their customers.
it-zone
newbie
Activity: 37
Merit: 0
Re: Mt Gox insecure SMTP mail, such a shame!
August 17, 2013, 09:17:07 AM
#1
Mt Gox does not bother to encrypt mail going to customers, they use ordinary plain SMTP:

Received: from unknown (HELO mail.mtgox.com) (54.241.19.236)
by xxx.xx.xxx with SMTP; 17 Aug 2013 10:01:19 +0000

Such a shame! Mt Gox is really doggy and you should avoid it.


(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)
Bitcoin Forum>Economy>Marketplace>Currency exchange
Jump to: