Emails sent via browser, encrypted?

Selam everybody,

I would like to draw your attention to the fact that some well known free-mail service provider do not encrypt emails sent via web browser.
What have I done? I have logged onto my free-mail account and sniffed my own outgoing network traffic while sending test-mails.
I didn’t know that any free-mail provider exchange data in plain text, although they make a lot of advertising 😉
Investigated free-mail provider: Freemail, GMX Freemail, Yahoo Mail.
You can check your free-mail provider with a traffic analyzer (e.g. wireshark).

Yahoo Mail:

Yahoo mail sent via browser

Amongst others, you can see that following information were sent in plaintext to its destination at port http\80:
Sender: „defFromAdress=*****“
Receiver: „to=****“
Subject: „Subj=SecretSubject“
Message: „Content=SecretMessageSecretMessageSecretMessage…“

GMX Freemail:
GMX Freemail 1
Here, at frame 8 you can also see sender (name=“from“) and receiver(name=“to“) in plaintext. Further on, reassembled in frame 9…
GMX Freemail 2
… you can have a look at its subject „SecretSubjectGMX“ and its content „SecretMessageGMXSecretMessageGMXSecretMessageGMX…“.
Protocols: TCP and HTTP. Freemail:
As expected, the whole transmission is encrypted; used protocols TLSv1 and SSLv3.

Maybe there are some settings, were I can enable encryption, if disabled?
Usually, labels like „SSL Login“, „Secured Login“, etc. applies to the login process; and in very few cases to the transmission process also.

Be aware that everybody could read those „plain texted“ transmissions.


Schlagwörter: , , , , , , , , ,

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

Du kommentierst mit Deinem Abmelden /  Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Twitter-Konto. Abmelden /  Ändern )


Du kommentierst mit Deinem Facebook-Konto. Abmelden /  Ändern )


Verbinde mit %s

%d Bloggern gefällt das: