EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   FastMail Forum (http://www.emaildiscussions.com/forumdisplay.php?f=27)
-   -   is outgoing mail to the kp.org domain normally opportunistically encrypted (http://www.emaildiscussions.com/showthread.php?t=72698)

elvey 15 May 2017 01:21 PM

is mail to the kp.org, ucsf.edu,,sfdph.org,domains opportunistically encrypted
 
Apropos Opportunistic SSL/TLS encryption on incoming emails --https://blog.fastmail.com/2009/04/16/opportunistic-ssltls-encryption-on-incoming-emails/
IIRC, there's also Opportunistic SSL/TLS encryption on OUTGOING emails. And I vaguely recall there was a some kind of post showing the fraction of mail that is actually encrypted at some point (I haven't tried to find it...)

My question is, is outgoing mail to the kp.org domain normally encrypted? I'm considering sending email there (to the records department -- oak-roi@<that domain> ) and will not do it if it isn't, and don't have a good way to message the department if I can't email it. I've been admitted to the hospital and will be here for at least another week. (The alternative is to resort to faxing with an internet fax service, which is arguably slightly less or more secure than unencrypted email.)

I'm not worried about STARTTLS downgrade attacks
-- http://www.emaildiscussions.com/showthread.php?t=71133&highlight=smtp+encryption
.

If anyone from fastmail can check the logs to answer this question, I'd appreciate it. I suppose I can open a support request, but the answer could be generally useful, so I'm asking here.

n5bb 15 May 2017 01:31 PM

I suggest using their secure message service. See:
https://share.kaiserpermanente.org/a...-care-quality/

Bill

elvey 15 May 2017 04:29 PM

Quote:

Originally Posted by n5bb (Post 601815)
I suggest using their secure message service. See:
https://share.kaiserpermanente.org/a...-care-quality/

Bill

It's not available to former members.:mad::eek:

They lock you out - no access to online records. Awful if it's unexpected, as was the case with me.

But as a member, it's great to be able to email your doctors and pharmacist, etc and get replies securely!

brong 16 May 2017 12:44 PM

2017-05-15T03:50:24.281947-04:00 gateway1 postfix-out/smtp[2091062]: Trusted TLS connection established to mail2.kp.org[162.119.233.53]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
2017-05-15T03:50:26.208210-04:00 gateway1 postfix-out/smtp[2091062]: 789442086A: to=<oak-roi@[...]

Yes, they are.

elvey 17 May 2017 12:47 AM

Thanks BronG!

Emailed 'em. Turns out they have a secure email system that kicks in when they reply.
It's separate from the usual one for current members, but lets me reply securely. It says you have a reply, click here to set up an account so you can read the message, and doing so drops me into a web app that supports replies, etc.

elvey 6 Jun 2017 07:15 AM

BronG, can you check ucsf.edu too?

brong 6 Jun 2017 07:33 AM

gateway2 postfix-out/smtp[2967920]: Trusted TLS connection established to cuda.ucsf.edu[64.54.247.181]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

yep, they all look like this.

elvey 9 Jun 2017 03:05 AM

Cool, thanks. Kind of a weird way to ensure security, but weirdly effective.

And for others, note that if you can look at the email headers, you can see whether the connection was encrypted. E.g. from the header of a message I received:

Received...
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))

elvey 31 Aug 2017 08:50 AM

BronG, can you check dmhc.ca.gov too?

brong 31 Aug 2017 09:02 AM

(Elvey - this was your email to them)

2017-08-28T21:05:01.140957-04:00 gateway2 postfix-out/smtp[1605279]: Trusted TLS connection established to dmhc-ca-gov.mail.protection.outlook.com[216.32.181.42]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)

elvey 2 Sep 2017 01:27 AM

Quote:

Originally Posted by brong (Post 603756)
(Elvey - this was your email to them)

2017-08-28T21:05:01.140957-04:00 gateway2 postfix-out/smtp[1605279]: Trusted TLS connection established to dmhc-ca-gov.mail.protection.outlook.com[216.32.181.42]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)

Thanks. (:eek: Pleasant surprise to see Microsoft got with the program on this. I would hazard a guess that all connections to MX that resolve to *.mail.protection.outlook.com are normally opportunistically encrypted. :) )


All times are GMT +9. The time now is 08:09 PM.


Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy