Hi all,

while learning some postfix basics, I realize, that plain and login are extremely poor authentication methods if used without encryption, since in both cases username and passwords are sent over the network in cleartext.
Now, I am thinking about the general security standard. Most people around me don't use TLS for thir e-mail traffic. And e-mail service providers don't encourage their customers to much to do so.
Do I conclude correct, that most of our e-mail traffic is highly exposed to the "dark side of the web" - meaning hackers, crackers, identity thiefs?
And why do bad things happen not that often?

I really like to hear, what you think about this.
And what do you to make e-mail traffic more secure?

Clemente

You never get spam with 'From:' address that you know (unrelated to source of spam, surely)? You are lucky. I would not call that "that good". And full-scale password theft is not easy enough to pay back: you have to sniff traffic, it is pretty much work to do - compared to sending with fake 'From:'.

Sure, I have tons of mails with faked sender addresses in my inbox day by day. But a gathered login opens a server for full relay. Admins do so much work to seal servers, maintain blacklists, carefull user management and so on. In opposition to all this work, the authentication mechanisms seem to be kind of weak.
With growing use of imap, stolen passwords open access to possible sensible information, too.

To get password through weak authentication, you need to have control over a box that is close - in sense of network topology - to victim. And yes, thanks to MAC-cache in switch, you have to do extra work to intercept anything not intended for you to see. To send a virus - and you get a lot of sensitive information, and surely all passwords that are stored unencrypted or simply entered from keyboard - you need only user being unfamiliar with computer security and running some rogue programs he got in unsolicited e-mail (that means 90+ % of users - thanks to Microsoft for protecting me by converting into too hard a target to hit regardless all my guessable passwords)

Now you get more for less effort. Will you accept the offer?

The plain authentication isn't really an issue in most cases, and if you think about it any authentication is really vulnerable to at least a replay attack if it's sent over an unencrypted channel.

The cases when unencrypted authentication matters:
1.) Wireless
2.) Corporate network
3.) Unprotected loop networks, such as cable modems

The first should be obvious. With the second, it's possible that a sufficiently clever, malicious insider could snoop credentials for other individuals and use them to perform harmful activities. Third, all the original cable modem infrastructure had your local loop as basically a giant hub with the packets being broadcast around. You could simply put your NIC in promiscuous mode and pickup all the traffic. The cable companies tried to crack down a little by putting new firmware on the modems that ignore packets not meant for their MAC, but people found out that they could flash the firmware to remove that restriction. I think the current cable spec has better controls built-in, but a lot of deployments might still be using legacy equipment and standards.

It's always a good idea to setup your e-mail accounts with TLS when possible, only log in to webmail with HTTPS, etc.