On Monday, January 15, 2018 12:53:20 PM Alessandro Vesely wrote: > On Mon 15/Jan/2018 16:23:54 +0100 rhkramer wrote: > > On Monday, January 15, 2018 04:39:17 AM Alessandro Vesely wrote: > >> Since most email messages are sent in cleartext, it is also worth to > >> note explicitly the difference in terms of privacy between receiving > >> and collecting. > > > > I don't understand, can you (or someone) attempt to clarify / amplify? > > Personal (non-list) email messages happen to contain confidential > information, from innocent shopping preferences to passwords. Although it > is possible to use end-to-end encryption to safeguard confidentiality, the > vast majority of messages are sent in cleartext. A good percentage[*] of > SMTP servers apply transport encryption (STARTTLS), so the chances that a > message is read in transit are low. However, the chances that MX servers > can read cleartext messages is 100%, which hence is the rate of trust > users have to grant to their mailbox providers. The amount of info that > can be extracted is directly proportional to their AI skills, while what > they do with it only depends on how much greedy they are. > > Given this state of affairs, the absence of a clean method for setting up > an email server is particularly obnoxious, IMHO.
Thanks very much--that helps a lot, but due to my ignorance of email systems, let me ask a followup: Does the SMTP server encrypt both between it and the "client" and between it and the other end destination / source? (My understanding of SMTP may be faulty, but, AIUI, if your ISP is your SMTP server, email is stored there (unless deleted) (so that you can access it from more than one of your computers. Is it the transmittal between that server and your computer(s) that is encrypted, or between that server and the source / destination of the email, or both?
