-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 2016-04-12 at 13:48 -0700, Steve Atkins wrote: > It's also possible that Reflexion is just sending terribly structured > mail that "looks like" spam - not unusual amongst companies who build > their own mail software - but I'd need to see the mail they're sending > before judging that.
I just asked reflexion to send me an encrypted mail to test some of this. They indeed send an email with an embedded link asking the user to go to a web site to retrieve the actual content. But they don't send any password in the email. I needed to "register" with them by picking my own password, and could then read the mail. So anyone that can intercept that first message owns that mail address as far as reflexion is concerned. Also anyone that can guess what password the user picked. This particular message expires in two weeks, so presumably anyone that grabs an entire mailbox won't be able to see very old messages, even if they know the key. It was dkim signed, but dkim=fail reason="key not found in DNS". It was signed with s=default d=securemail.reflexion.net, so that should be dig default._domainkey.securemail.reflexion.net txt +short if I have done that correctly. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlcP//AACgkQL6j7milTFsGpPgCfbwHxJReWEFESo4kOMpqZJ7dH r+QAnjqyW1/ZAUHASRr6vsxqzMYoKlKi =kWXx -----END PGP SIGNATURE----- _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
