Security of Windows 10 mail

Page 1 of 2 12 LastLast

  1. Posts : 58
    Microsoft Windows 10 Pro 64-bit
       #1

    Security of Windows 10 mail


    Is the free mail app that is built into Windows 10 secure?
    Is it safe to use in "free WiFi" networks?

    Does it encrypt the messages/attachments/etc. strongly? How does it doe this?

    Thanks.
      My Computer

  2. Caledon Ken's Avatar
    Posts : 24,230
    Windows 10 Pro x64 Version 2004
       #2

    Most if not all email clients do not encrypt your mail by default.

    You may have a secure connection to the server (https) but the mail itself is not encrypted.

    As a general rule if you are concerned about security you should look at a VPN client, especially on a free Wifi connection. I avoid using fee wifi for anything but browsing.

    Here is an article you may wish to review.

    https://docs.microsoft.com/en-us/win...nfigure-s-mime


    Ken
      My Computer

  3. bro67's Avatar
    Posts : 8,350
    Mac OS Catalina
       #3

    You have to use PGP to encrypt email, which is not a standard for email programs. You are best to use Thunderbird if you want a true email program. Also Public Hotspots are never safe, since you never know how well they are secured and that passwords are sent out in the clear.
      My Computers


  4. Posts : 58
    Microsoft Windows 10 Pro 64-bit
    Thread Starter
       #4

    But if you're using a mail client (Windows 10 Mail, Outlook) it's not using "https", right?
    https is when you're accessing the mail via browser, correct?

    Does this mean that when you connect to the say MS exchange server or gmail server, it will download your emails in plain text (with formating and pictures)? Then all of this gets broadcasted through the air?
      My Computer

  5. bro67's Avatar
    Posts : 8,350
    Mac OS Catalina
       #5

    rasmasyean said:
    But if you're using a mail client (Windows 10 Mail, Outlook) it's not using "https", right?
    https is when you're accessing the mail via browser, correct?

    Does this mean that when you connect to the say MS exchange server or gmail server, it will download your emails in plain text (with formating and pictures)? Then all of this gets broadcasted through the air?
    You do not use https with a email program, only in a web browser. Passwords are sent "Clear" text regardless with any program or web portal. Has nothing to do with how you read the emails.
      My Computers

  6. TairikuOkami's Avatar
    Posts : 4,676
    Windows Home Dev 21xxx x64
       #6

    rasmasyean said:
    Is it safe to use in "free WiFi" networks?
    Not recommended, they could exploit vulnerabilities within your browser/email client, but generally safe.


    bro67 said:
    Passwords are sent "Clear" text regardless with any program or web portal.
    That depends, how you set it up, but passwords and emails sent via an email client are usually encrypted.
    As for emails from email server to the recipient, they are sent in plain text, otherwise he could not open it.

    IMAP using port 143 - typically always encrypted
    POP3/SMTP using ports 110/587 - no encryption
    POP3/SMTP using ports 995/465 - encrypted (email clients require openssl library)

    Security of Windows 10 mail-capture_12232018_125929.jpg

    https://itstillworks.com/imap-vs-imap-ssl-3203.html
      My Computer

  7. Caledon Ken's Avatar
    Posts : 24,230
    Windows 10 Pro x64 Version 2004
       #7

    We have to separate the actual mail from the connection.

    By default the physical mail is not encrypted, that is the individual email unless you use software and certificates to encrypt and decrypt.

    The connection you establish between your device and the server is encrypted using one of the methods above and the person receiving the email connection is also secured.
      My Computer


  8. Posts : 58
    Microsoft Windows 10 Pro 64-bit
    Thread Starter
       #8

    Caledon Ken said:
    We have to separate the actual mail from the connection.

    By default the physical mail is not encrypted, that is the individual email unless you use software and certificates to encrypt and decrypt.

    The connection you establish between your device and the server is encrypted using one of the methods above and the person receiving the email connection is also secured.
    Lets see if I get this correctly.

    I log onto onto outlook.com. Anyone reading my transmission cannot reconstruct my credentials and use my account.

    I retrieve an email from CitiBank sating my balance of $10,000 will be paid in full tomorrow via automatic payment. This transmission can be collected and reconstructed (including header info like sender/recipient) because it's in plain text.

    I then send an email to my mistress telling her that the credit card will be paid off tomorrow and she can proceed to buy that $15,000 grown since there will be enough credit. This transmission is also readable.
      My Computer

  9. bro67's Avatar
    Posts : 8,350
    Mac OS Catalina
       #9

    rasmasyean said:
    Lets see if I get this correctly.

    I log onto onto outlook.com. Anyone reading my transmission cannot reconstruct my credentials and use my account.

    I retrieve an email from CitiBank sating my balance of $10,000 will be paid in full tomorrow via automatic payment. This transmission can be collected and reconstructed (including header info like sender/recipient) because it's in plain text.
    You are getting Webmail confused with email programs, but yes, if you are on a public hotspot and read stuff that is not encrypted before sent to you, it can be seen by someone snooping on the network. As for data being collected, your email stating that you have money going into a bank account, would not be worthy, unless someone was specifically targeting you to get into your bank account, knowing when there are large sums in there.
      My Computers


  10. Posts : 58
    Microsoft Windows 10 Pro 64-bit
    Thread Starter
       #10

    bro67 said:
    You are getting Webmail confused with email programs, but yes, if you are on a public hotspot and read stuff that is not encrypted before sent to you, it can be seen by someone snooping on the network. As for data being collected, your email stating that you have money going into a bank account, would not be worthy, unless someone was specifically targeting you to get into your bank account, knowing when there are large sums in there.
    I meant logging onto outlook.com using Windows Mail. Where you can add multiple accounts and enter your password to them. It saves the password and automatically logs you on.

    As for the hypothetical mail above, I tried to use a real example banks actually do. But even if they don't get to access your bank account, they would know in this scenario, that you potentially spend $120,000 per year using one credit card and can afford to pay it in full. That alone can give some ID thiefs, e.g. a potential target (for dumpster diving, etc.), if not getting anything juicy immediately.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 19:43.
Find Us




Windows 10 Forums