0

My ISP (Spectrum, out of Time-Warner) has apparently made some changes to their mail system, and a lot of people (in particular, me) have been unable to send mail (Incoming works fine).

In my case, using Eudora, I get an error of "Server SSL certificate rejected". [1]

I am able to send mail if I turn off SSL in Eudora's 'sending mail' setup.

Question: How important is this?

I think, not much - that it would only bring the security of e-mail traffic between my PC and the ISP's mail server down to the same level (none) as it would have for the rest of its trip through the 'net.

[1] If it matters, Wireshark shows my PC sending a "Fatal decrypt error" packet.

Improve this question
4
  • All best practices regarding security aside: the thing I would worry most about is my traffic being sniffed near me, like being on a public WiFi network.
    – mtak
    Commented Oct 3, 2017 at 13:40
  • 1
    If I were to guess it sounds like Spectrum has enabled SSL/TLS server side and are only allowing TLS 1.1+ clients, if Eudora or your OS does not have support for it the fact the certificate is rejected by client seems to point to this fact
    – Ramhound
    Commented Oct 3, 2017 at 14:06
  • @Ramhound - Does it say anything that WireShark lists the protocol on those pkts as "TSLv1"?
    – George
    Commented Oct 4, 2017 at 1:42
  • Right; Its confirmation TLSv1.1+ is being used. I still suspect the client is the problem. It’s possible the certificate is invalid but that seems unlikely even if we are talking about Spectrum
    – Ramhound
    Commented Oct 4, 2017 at 1:46

1 Answer 1

Reset to default
0

Quite. In the old days, email was often refereed to as a "Postcard" because it has no envelope as it were. If some party is sniffing the connection between you and the relay, and they capture all the packets, they can easily read your email just by encoding the bytes as Unicode (ASCII back in the old days) and read your message. Most sniffers will automatically decode packet data, so you don't even have to do anything to make it human readable.

Improve this answer
2
  • What is the physical scope of 'sniffing'? Is it limited to wireless, or can anyone connected (nearby?) to the Spectrum cable 'sniff' to other ppl's communications on said cable? (Our connection requires a cable modem, which Spectrum had to 'activate', if that matters.)
    – George
    Commented Oct 3, 2017 at 19:33
  • any party on the direct path between the client and the server. It is more likely from a party that is "close" (by hop count) to either the sender or receiver, as it is most likely that they would encounter all the packets. It is most likely to occur within your ISP network. Keep in mind, they probably wouldn't be sniffing your network connection per se, they'd be sniffing on a connection carrying traffic you sent/requested (as well as thousands of other customers traffic).
    – Frank Thomas
    Commented Oct 3, 2017 at 19:49

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .