On Mon, Apr 11, 2016 at 1:10 AM, Elmar Stellnberger <[email protected]> wrote: > I still had the STARTTLS setting activated for my revido account and changed > it to SSL/TLS as soon as I had heard how dangerous that might be. > Unfortunately there are no geographical warnings for login attempts from the > revido account (Accordings to ¿German law? they do not even expose me their > server log cotaining the IPs with login attempts which could be backtraced > with geoip). I`d personally believe that unsuspecting users should be warned > of the fallback option of STARTTLS as it sounds like TLS but it can start an > unencrypted connection as well.
Implemented properly it shouldn't matter which option you pick. The SSL/TLS option is actually depreciated. Thunderbird should refuse a connection if you have STARTTLS checked and the server doesn't support it. It sounds more like your login was what was throwing the alert. The best advice I can offer is to not use an "untrusted" VPN. Free VPN services have to make money somehow. Brandon Vincent
