Unencrypted?

Discussion in 'Email' started by brando130, Jun 1, 2013.

  1. I've been thinking about leaving my free web mail and making more use of my domain email, so I downloaded Thunderbird, entered the mail address listed in Site Manager, and it comes up in bright red with a warning:

    Incoming settings: mail.***.com does not use encryption
    Outgoing settings: mail.***.com does not use encryption

    Thunderbird can allow you to get to your mail using the provided configurations. However, you should contact your administrator or email provider regarding these improper connections. See the Thunderbird FAQ for more information.


    I attached a couple of screenshots. Is this a settings problem on my end or a limitation of Winhost?
     

    Attached Files:

    Last edited by a moderator: Oct 14, 2015
  2. ComputerMan

    ComputerMan Winhost Staff

    For the User field you should enter the full email address.

    As for the security warning it's true we don't use encryption so you have to select I understand the Risks and click on Done.

    Also, change the settings for the SMTP's Authentication to Normal Password don't use "Encrypted Password"
     
  3. Just making sure I understand this correctly. We are supposed to send our passwords out in plain text? If so then that seems like a security concern. I already feel exposed having to login to the forums without an https login page.
     
  4. I don't know of a forum anywhere that uses an https login.

    As far as account compromises that we see (and we see a lot of them), they are almost exclusively due to compromised home or workplace computers, or insecure web sites, not intercepted Internet traffic.

    I'm not saying it doesn't happen anymore, but it's exceptionally rare these days, primarily because it's infinitely easier to drop malware or viruses on tens or hundreds of thousands of people in one fell swoop than it is to intercept and analyze an individual users traffic looking for logins.

    Security concerns are certainly always valid, and if you have reason to believe someone is targeting you, I can understand the desire for heightened security everywhere you enter a login. But the fact is most people would be better served ensuring security closer to home.
     
  5. I've always been very happy with Winhost, but this issue causes me some concern. Without naming you guys, I posed this question to the community at hacker news and you can read their responses.

    https://news.ycombinator.com/item?id=6174837

    Apparently I'm not the only one that thinks this is a bad practice.
     
    Last edited by a moderator: Oct 14, 2015
  6. Not too shocking that they would respond that way, is it. ;)

    But the idea that because we don't provide https for everything, we are inherently insecure is a little misguided.

    If the forum login is unacceptable to you, I would invite you to use the support portal for your questions, which does provide secure login.
     
    Last edited: Oct 14, 2015

Share This Page