[liberationtech] The missing awareness: SMTP Security Indicator in Email|WebMail clients
Rich Kulawiec
rsk at gsp.org
Sun Nov 1 07:57:22 PST 2015
On Sun, Nov 01, 2015 at 12:32:37PM -0300, fauno wrote:
> there's a thunderbird addon called "paranoia" that does this
Correction: there's a Thunderbird addon called "Paranoia" that pretends
to do this. Everyone should know by now that you can't trust any
"Received" headers other than those written by your own MTA. (They might
be accurate and truthful; they might be partially wrong; they might
be complete fabrications.)
Paranoia's own documentation says:
"Click on the emoticon and you'll see a list of connections
which were made before this message arrived in your inbox,
and state of encryption of each of them."
Which means that Paranoia makes the mistake of trusting headers that
can't be trusted.
---rsk
More information about the liberationtech
mailing list