Mt Gox insecure SMTP mail, such a shame!

it-zone (OP)

Newbie

Offline

Activity: 37
Merit: 0

Mt Gox insecure SMTP mail, such a shame!

August 17, 2013, 02:17:07 PM

Mt Gox does not bother to encrypt mail going to customers, they use ordinary plain SMTP:

Received: from unknown (HELO mail.mtgox.com) (54.241.19.236)
by xxx.xx.xxx with SMTP; 17 Aug 2013 10:01:19 +0000

Such a shame! Mt Gox is really doggy and you should avoid it.

_{(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)}

"Bitcoin: mining our own business since 2009" -- Pieter Wuille

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1714996719

Hero Member

Offline

Posts: 1714996719

Ignore

1714996719

1714996719


	Report to moderator

1714996719

Hero Member

Offline

Posts: 1714996719

Ignore

1714996719


	Report to moderator

it-zone (OP)

Newbie

Offline

Activity: 37
Merit: 0

Re: Mt Gox insecure SMTP mail, such a shame!

August 17, 2013, 04:58:22 PM

I cannot agree, I have msg volume of ~1mln/day and more than 85% is encrypted, including mail from most of bigger providers. It is really easy to make your mail server encrypting traffic and the fact Mt Gox is not doing it, shows them in a very bad light. They do not care about security of their customers.

Atruk

Hero Member

Offline

Activity: 700
Merit: 500

Re: Mt Gox insecure SMTP mail, such a shame!

August 17, 2013, 05:40:21 PM

Quote from: it-zone on August 17, 2013, 02:17:07 PM

_{(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)}

Honestly you are better off doing GPG...

Bingo Blog - A Blog of Bitcoin and Boingo
qntra - Bitcoin News

salfter

Hero Member

Offline

Activity: 651
Merit: 501

My PGP Key: 92C7689C

Re: Mt Gox insecure SMTP mail, such a shame!

August 17, 2013, 05:53:05 PM

Quote from: Atruk on August 17, 2013, 05:40:21 PM

Quote from: it-zone on August 17, 2013, 02:17:07 PM

_{(yes, my mail server is capable to receive SSL encrypted mail, and most of providers use that capability)}

Honestly you are better off doing GPG...

This. Email is inherently insecure and should be treated as such. It's not much different than sending a postcard. Adding SSL to some of the connections over which a message might travel doesn't change this. PGP (or GPG) is the email equivalent of stuffing a letter in an envelope before it goes in the mail; it keeps your message secure en route.

If the OP is really concerned about the security of his correspondence with MtGox, he should ask to exchange PGP public keys with them.

Tipjars: BTC 1TipsGocnz2N5qgAm9f7JLrsMqkb3oXe2 LTC LTipsVC7XaFy9M6Zaf1aGGe8w8xVUeWFvR | My Bitcoin Note Generator | Pool Auto-Switchers: zpool MiningPoolHub NiceHash
Bitgem Resources: Pool Explorer Paper Wallet

it-zone (OP)

Newbie

Offline

Activity: 37
Merit: 0

Re: Mt Gox insecure SMTP mail, such a shame!

August 18, 2013, 12:57:34 AM
Last edit: August 18, 2013, 01:27:11 AM by it-zone

If between my mail server and Mt.Gox there is SSL link, no third person is able to read that mail.

PGP is not needed. SSL encrypted SMTP would be sufficient and is commonly deployed, but not at Mt Gox.

If you want to kill an ant, you do not need to use a ManPad. Encrypted traffic is secure enough to eliminate the risk, assuming the mail server belongs to you. PGP gives an additional level of security, above the mandatory SSL SMTP.

Pages: [1]

Bitcoin Forum > Economy > Marketplace > Currency exchange > Mt Gox insecure SMTP mail, such a shame!

« previous topic next topic »