Why don't they use SSL between sender and Yahoo?!
http://news.cnet.com/news/0-1005-200-3901784.html?tag=st.ne.ron.lthd
Yahoo delivers encrypted email
By Paul Festa
Staff Writer, CNET News.com
November 28, 2000, 11:30 p.m. PT
Yahoo has quietly introduced a way for people to send scrambled messages
through its email service.
As first reported in August, Yahoo is providing its email encryption option
through a deal with Zixit, a Dallas-based email encryption firm. Yahoo will
rout encrypted email through Zixit's SecureDelivery.com Web site . . .
Yahoo's free encryption option handles outgoing email messages in a
multistep procedure that the portal warns is not foolproof.
"Please be aware that this is not an end-to-end secure service," reads an
explanation of the service posted by Yahoo. "This option only avails your
recipient of a certain level of security in accessing and reading the email
message you are sending. Before your email message is encrypted by
SecureDelivery.com it is still subject to the inherent limitations of a
standard TCP/IP connection."
Yahoo's new system works like this: Once a message is composed, it travels,
unencrypted, to Yahoo, which sends it through a secure connection to
SecureDelivery. There, the message and any attachments are scrambled.
SecureDelivery then sends the recipient to a Web page, secured by Secure
Sockets Layer (SSL) and hosted by SecureDelivery, where the message can be
picked up and descrambled for up to seven days.
Recipients first have to verify that they hold the specified email account.
They then can choose a "pass phrase" that will automatically give them
access to future messages . . .
