Re: SSL/TLS still seems to be screwed up (retrieving Mail with Thunderbird)
On Mon, Apr 11, 2016 at 1:10 AM, Elmar Stellnberger <estellnb@gmail.com> wrote:
> I still had the STARTTLS setting activated for my revido account and changed
> it to SSL/TLS as soon as I had heard how dangerous that might be.
> Unfortunately there are no geographical warnings for login attempts from the
> revido account (Accordings to ¿German law? they do not even expose me their
> server log cotaining the IPs with login attempts which could be backtraced
> with geoip). I`d personally believe that unsuspecting users should be warned
> of the fallback option of STARTTLS as it sounds like TLS but it can start an
> unencrypted connection as well.
Implemented properly it shouldn't matter which option you pick. The
SSL/TLS option is actually depreciated. Thunderbird should refuse a
connection if you have STARTTLS checked and the server doesn't support
it. It sounds more like your login was what was throwing the alert.
The best advice I can offer is to not use an "untrusted" VPN. Free VPN
services have to make money somehow.
Brandon Vincent
Reply to: