Greg Troxel <[email protected]> wrote: > [email protected] writes: >> Is it feasible to add a feature to K9 so that it checks the security of >> the connection before synching email(s)? I only ask as there are times >> whilst out and about, that K9 will synchronise email accounts irrespective >> of the connection. The respective email providers will then question this, >> usually by denying access, and in the worst case, blocking access, >> requiring a new password to be set up(!). >> >> Therefore, as I may be on a temporary, or insecure network, K9 may >> synchronise messages, thereby negating any security. So I ask if K9 can at >> least display a message to acknowledge that it is about to synchronise over >> an insecure connection... > > Are you using TLS for SMTP/IMAP? > > If not, set up TLS and start your analysis over :-) (Seriously, not > having TLS and being even a little bit concerned about security do not > go together.)
He apparently uses opportunistic encryption (STARTTLS) for some reason. In such a case a paranoid default behaviour of a server might be understandable (yet not tolerable, if is not optional). >> I only ask as there are times whilst out and about, that K9 will >> synchronise email accounts irrespective of the connection. It actually should not. It used to have an option to perform an encryption in a truly opportunistic way, but it was removed years ago (cf. daea7f1ec). What version do you use? Anyway, you really do not want to use STARTTLS instead of full-plate TLS, if your server supports it (if they are so concerned about security, they ought to). > Are you using a VPN? If not, would it help with the above security > concerns? Would not it be rather superfluous here? -- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: PGP signature
