Bitcoin Forum

Mt Gox does not bother to encrypt mail going to customers, they use ordinary plain SMTP:

Received: from unknown (HELO mail.mtgox.com) (54.241.19.236)
by xxx.xx.xxx with SMTP; 17 Aug 2013 10:01:19 +0000

Such a shame! Mt Gox is really doggy and you should avoid it.


_{(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)}

I cannot agree, I have msg volume of ~1mln/day and more than 85% is encrypted, including mail from most of bigger providers. It is really easy to make your mail server encrypting traffic and the fact Mt Gox is not doing it, shows them in a very bad light. They do not care about security of their customers.

Honestly you are better off doing GPG...

This. Email is inherently insecure and should be treated as such. It's not much different than sending a postcard. Adding SSL to some of the connections over which a message might travel doesn't change this. PGP (or GPG) is the email equivalent of stuffing a letter in an envelope before it goes in the mail; it keeps your message secure en route.

If the OP is really concerned about the security of his correspondence with MtGox, he should ask to exchange PGP public keys with them.

If between my mail server and Mt.Gox there is SSL link, no third person is able to read that mail.

PGP is not needed. SSL encrypted SMTP would be sufficient and is commonly deployed, but not at Mt Gox.

If you want to kill an ant, you do not need to use a ManPad. Encrypted traffic is secure enough to eliminate the risk, assuming the mail server belongs to you. PGP gives an additional level of security, above the mandatory SSL SMTP.