Before I get into the issue, I will like to start by saying that signing and encrypting emails are necessary to protect communication and data integrity between all parties. signing is necessary because it tells the receiver that the email is actually from you and was not forged while TLS (standard encryption) helps provide privacy between communicating applications and their users during email delivery. When a server and client communicate, TLS ensures that no third party can overhear or tamper with any messages.

I was in the office yesterday working on an email server using an Ec2 instance in Aws, I had just finished adding a certificate, SPF, and Dkim and I sent an email to my Gmail account to verify if the emails are signed and encrypted.

After checking other emails to see if they are also signed and encrypted. I checked through a few and found that GTbank has not encrypted any of the emails sent to me as far back as I could check The emails are signed but there is no type of encryption at all. Even gmails says "gtbank.com did not encrypt this message"

https://ibidapoibrahim.com/gtbank-is-not-encrypting-emails/

This is what it should look like

Hmm

interesting

ib22003:
Before I get into the issue, I will like to start by saying that signing and encrypting emails are necessary to protect communication and data integrity between all parties. signing is necessary because it tells the receiver that the email is actually from you and was not forged while TLS (standard encryption) helps provide privacy between communicating applications and their users during email delivery. When a server and client communicate, TLS ensures that no third party can overhear or tamper with any messages.

I was in the office yesterday working on an email server using an Ec2 instance in Aws, I had just finished adding a certificate, SPF, and Dkim and I sent an email to my Gmail account to verify if the emails are signed and encrypted.

After checking other emails to see if they are also signed and encrypted. I checked through a few and found that GTbank has not encrypted any of the emails sent to me as far back as I could check The emails are signed but there is no type of encryption at all. Even gmails says "gtbank.com did not encrypt this message"

https://ibidapoibrahim.com/gtbank-is-not-encrypting-emails/

forgive my ignorance, what information can you intercept from those communications?
aren't those just mail server encryptions (smtp)?


asides your account balance after a transaction, GTB never sends any confidential info via email


question: do you consider a website with secured socket layer (https) as 'secured'?

.

Yes you are right this is just an encryption between the mail relays, TLS ensures that no third party can overhear or tamper with any messages. You can't really say aside from account transactions because account transactions are also confidential information. yes, I also regard any website with https as basic security, because at least they have prevented their user's credentials from being stolen in transit.

bennymark:




forgive my ignorance, what information can you intercept from those communications?
aren't those just mail server encryptions (smtp)?


asides your account balance after a transaction, GTB never sends any confidential info via email


question: do you consider a website with secured socket layer (https) as 'secured'?