Bitcoin Forum
October 24, 2017, 10:02:12 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Mt Gox insecure SMTP mail, such a shame!  (Read 909 times)
it-zone
Jr. Member
*
Offline Offline

Activity: 37



View Profile
August 17, 2013, 02:17:07 PM
 #1

Mt Gox does not bother to encrypt mail going to customers, they use ordinary plain SMTP:

Received: from unknown (HELO mail.mtgox.com) (54.241.19.236)
by xxx.xx.xxx with SMTP; 17 Aug 2013 10:01:19 +0000

Such a shame! Mt Gox is really doggy and you should avoid it.


(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)

My contribution to Bitcoin: I run Electrum server btc.random.re and two open bitcoin nodes.
1508839332
Hero Member
*
Offline Offline

Posts: 1508839332

View Profile Personal Message (Offline)

Ignore
1508839332
Reply with quote  #2

1508839332
Report to moderator
1508839332
Hero Member
*
Offline Offline

Posts: 1508839332

View Profile Personal Message (Offline)

Ignore
1508839332
Reply with quote  #2

1508839332
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508839332
Hero Member
*
Offline Offline

Posts: 1508839332

View Profile Personal Message (Offline)

Ignore
1508839332
Reply with quote  #2

1508839332
Report to moderator
it-zone
Jr. Member
*
Offline Offline

Activity: 37



View Profile
August 17, 2013, 04:58:22 PM
 #2

I cannot agree, I have msg volume of ~1mln/day and more than 85% is encrypted, including mail from most of bigger providers. It is really easy to make your mail server encrypting traffic and the fact Mt Gox is not doing it, shows them in a very bad light. They do not care about security of their customers.

My contribution to Bitcoin: I run Electrum server btc.random.re and two open bitcoin nodes.
Atruk
Hero Member
*****
Offline Offline

Activity: 700



View Profile
August 17, 2013, 05:40:21 PM
 #3

(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)

Honestly you are better off doing GPG...

salfter
Hero Member
*****
Offline Offline

Activity: 632


My PGP Key: 92C7689C


View Profile WWW
August 17, 2013, 05:53:05 PM
 #4

(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)

Honestly you are better off doing GPG...

This. Email is inherently insecure and should be treated as such. It's not much different than sending a postcard. Adding SSL to some of the connections over which a message might travel doesn't change this. PGP (or GPG) is the email equivalent of stuffing a letter in an envelope before it goes in the mail; it keeps your message secure en route.

If the OP is really concerned about the security of his correspondence with MtGox, he should ask to exchange PGP public keys with them.

My Bitgem Pool - PPLNS, Stratum | BTG Explorer
Tipjars: BTC 1TipsGocnz2N5qgAm9f7JLrsMqkb3oXe2 LTC LTipsVC7XaFy9M6Zaf1aGGe8w8xVUeWFvR BTG gTipsVB9qmyYHuqMMKTuCYMHpfkUFBXKrZ | My Bitcoin Note Generator
it-zone
Jr. Member
*
Offline Offline

Activity: 37



View Profile
August 18, 2013, 12:57:34 AM
 #5

If between my mail server and Mt.Gox there is SSL link, no third person is able to read that mail.

PGP is not needed. SSL encrypted SMTP would be sufficient and is commonly deployed, but not at Mt Gox.

If you want to kill an ant, you do not need to use a ManPad. Encrypted traffic is secure enough to eliminate the risk, assuming the mail server belongs to you. PGP gives an additional level of security, above the mandatory SSL SMTP.

My contribution to Bitcoin: I run Electrum server btc.random.re and two open bitcoin nodes.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!