3
I am just curious, because I am using the SMTP of our ISP in my mailserver. Do you think it is safe to use, meaning can my ISP snoop in my emails? What do you think?
Lucas Juan
Posted 2013-10-11T09:01:17.667
Reputation: 69
Is the SMTP of the ISP safe?
Answers
9
The first thing to make clear when asking "is ABC safe?" is to define your threat model.
In this case, you have (and kudos for that): your threat model is your ISP being malicious and wanting to look at your (outgoing, presumably, since you ask about their SMTP server) e-mails.
Against such a threat model, using the ISP's mail server does indeed present the possibility of a breach of confidentiality.
Now, whether they actually will is a completely different matter.
The owner of a computer system will generally always have the ability to configure it in unusual and unexpected ways. But for what reason would the ISP devote resources to either manually looking over a specific customer's email traffic, or develop or purchase the software to automate such monitoring? What would be the upside to that for the ISP?
So yes, in theory, they can. In practice, they probably won't; at least, not in the sense of specifically looking at your mails. davidgo mentioned e.g. spam filtering which is something very different, although similar techniques could be used to select interesting-looking traffic for more thorough analysis.
You can gain some protection by using trusted end-to-end encryption, but do note that while it will protect most of the contents of the communication (the Subject field being a notable exception, as well as which mails are related to which due to that information being encoded in the unencrypted message headers), it won't protect the traffic metadata (sender, recipient, (relative) sizes of the messages involved, date and time of the traffic, and so on). For a determined adversary, metadata can be enourmously powerful in establishing what's going on. SMTP traffic encryption such as STARTTLS won't protect against a malicious ISP because they by definition have to be able to decrypt the traffic (being the intended recipient of the data, if not the intended final recipient of the e-mail itself).
a CVn
Posted 2013-10-11T09:01:17.667
Reputation: 26 553
What about if I am using the https of the mailserver? Do you think that is already enough? – Lucas Juan – 2013-10-11T09:21:02.090
4@LucasJuan SMTP and HTTPS are two completely different protocols. What you are thinking of is almost certainly either SMTP over SSL or SMTP with STARTTLS (which I already covered in my answer). For the purposes of this question, those two do exactly the same thing: transport-layer encryption of the SMTP data stream, though they do it in slightly different ways technically. – a CVn – 2013-10-11T09:25:12.487
1Michael Kjörling -Another threat vector is that when traversing a mail server emails are put into a mail queue. As a system administrator I monitor the number of messages in a queue - extremely large queues are a sign of a hacked system or network error - and will look mails in these queues to help track down the issue. Like most ISP's I'm covered by terms and conditions in the contract. If your mail happens to be in the queue at just the right time, I may land up seeing it even if its not the cause of a problem. – davidgo – 2013-10-12T05:40:36.207
"But for what reason would the ISP devote resources to either manually looking over a specific customer's email..." Well, usually not. But a court order would be one reason. – Debra – 2013-10-12T17:58:13.107
@Debra Of course, but that goes under the "probably" in "they probably won't". – a CVn – 2013-10-12T21:41:57.997
6
Despite other assertions, ISPs can triviallly intercept any email you send through their servers - in fact they systematically do this all the time - for example by using spam filters (which are legit). They also almost certainly log metadata - including from address, to address, date at minimum.
That said, SMTP is not a secure protocol and can be intercepted in many cases anyway - even if it does not go through the ISPs servers but it is harder to do, and using SSL makes it harder still (but not impossible). Ofcourse , this can be done by any ISP between you and the recipient.
BTW, I have set up a few ISPs so I talk from experience.
davidgo
Posted 2013-10-11T09:01:17.667
Reputation: 49 152
2
As long as the files reside in your ISP's infrastructure, yes, they can.
Also, it is very likely they do need to fiddle with the actual files containing your emails due to server maintenance.
A very different thing is your ISP's staff harvesting information from the emails. That is plain illegal. Review your contract for details.
Finally, if you don't want your mail to be inspected, encrypt it.
dawud
Posted 2013-10-11T09:01:17.667
Reputation: 1 305
2
I generally assume the paranoid stance here: they can, and they do. Thus, anything that they should not be reading needs to be encrypted.
There are two possible scenarios:
- They are honorable and do not read your email. They do not notice that you started encrypting your email.
- They are reading your email. In this case, encrypting it was the correct choice.
The main benefit to encrypt everything is that it is valuable training in security processes. If you have the urgent need to send an encrypted email, chances are that you are occupied with the actual message contents and have no spare mental capacities to learn about encryption and apply it without beginners' mistakes, so it is best to get training with less important messages (be sure to get feedback).
In short, you want to be in a situation where you do not have to trust your ISP.
Simon Richter
Posted 2013-10-11T09:01:17.667
Reputation: 2 384
Encrypting the message body does not protect the metadata in any way. – a CVn – 2013-11-15T14:44:10.693
1If your email goes through it, they can read it. Whether this is a human reading or a machine is another thing (ever wondered why the adverts in email clients such as Hotmail/Yahoo etc are so accurate to you? ) – Dave – 2013-10-11T11:56:17.507