Josh Levine <[EMAIL PROTECTED]> wrote: > >> If your Email provider does not support SSL encryption, you may want >> to consider getting a webmail account for use as your emergency >> contact. > > Perhaps I'm missing something, but are the OpenSRS servers really > using SSL to encrpt email?
they're not encrypting the *message* (as in PGP), but rather the *traffic* between their SMTP server and yours. that's a lot better than nothing (non-ssl email being more like just shouting your password loud enough for the recipient to hear it). IMO SMTP over SSL should be the norm, rather than the exception. i just setup a linux box with qmail and installing support for POP, SMTP and IMAP over SSL was trivial. it's a shame more service providers don't offer this -- much less *require* it. all the major email clients have supported SSL connections for years. they should offer opt-out, though. even with SSL protection in transit, once delivered to the recipient's SMTP server, plaintext emails tend to lay around in mail spools (sometimes on shared servers where anyone on the box can peruse them), get forwarded to remote mailboxes, etc. Josh, want me to use this method to try and steal your password, just to prove to opensrs that the opt-out should be an option? :-) -dave -- "In theory, there's no difference between theory and practice. But in practice, there always is."
