Email security
by upnort from LinuxQuestions.org on (#5C16G)
I'm looking to clarify some email questions. I've been looking for some tutorials but everything I have found only addresses the transmission.
My understanding is using SSL/TLS with an email client such as Thunderbird creates a secure tunnel during the transmission of the email. Thus a person in the middle, such as an ISP, cannot see the email contents.
So far so good, but emails spend some time at rest on servers. Do I understand correctly that:
* Unless explicitly encrypted before sending with something like PGP, the email rests on a server in plain text.
* Even when using SSL/TLS during the transmission, a person the middle, such as an ISP, can still see the source and destination IP address or domain names during the hello handshake.
Am I understanding correctly?
Thanks. :)
My understanding is using SSL/TLS with an email client such as Thunderbird creates a secure tunnel during the transmission of the email. Thus a person in the middle, such as an ISP, cannot see the email contents.
So far so good, but emails spend some time at rest on servers. Do I understand correctly that:
* Unless explicitly encrypted before sending with something like PGP, the email rests on a server in plain text.
* Even when using SSL/TLS during the transmission, a person the middle, such as an ISP, can still see the source and destination IP address or domain names during the hello handshake.
Am I understanding correctly?
Thanks. :)