Saturday, January 29, 2011

Can ISPs track emails?

I'm curious about this because i read that in some countries, all emails being sent/received are stored for 3 months by the ISP/government. I suppose this can happen when emails are being sent/receieved through SMTP or POP3, however what about web based emails like gmail, hotmail, etc? How can those emails be stored by the ISPs?

From serverfault Click Upvote

  • Can they? yes, yes they can. Do they? that depends on your country and ISP, some definitely do, some say they don't. It would be stupid to assume that large, centralised mail systems such as Google, hotmail etc. wouldn't have the ability to snoop on emails as required.

    I've had some limited experience of email snooping at this level and in general terms there are too many emails to inspect in detail even a very small percentage of them. What is very capable is to monitor every email from a set group of accounts and/or look for specific search criteria on every email from every account - this isn't even difficult. It's not a particularly accurate page but THIS link might be of interest.

    Milan Babuškov : Can they? Of course not, provided that traffic is SSL tunneled. Please read the question carefully, it does not ask about monitoring port 25, but webmail, which typically goes through SSL on port 443. There is no way for any ISP to monitor that.
    Chopper3 : If you don't think governments and other organisation can, and do every moment of every day, read SSL/TLS/3DES/AES encrypted data almost as easily as traffic in the clear you're either very innocent, stupid or both. I've seen it happen, with my own eyes, in real-time, many times over the last decade and half. So please remove your inexperienced downvote.
    Oskar Duveborn : Well it's only SSL-tunneled between your client and the service provider... somehow the e-mails must then be sent to other providers, most likely using SMTP so to protect from that you need to encrypt the actual content as well. Also, the service provider still has complete access, SSL or not, as it's terminated at their end.
    Chopper3 : Well said OD, plus there's a HUGE market for encryption-cracking tech - the latest trick I've seen is to use banks of high-end-but-relatively-cheap GPUs via CUDA - they can do for tens of thousands of dollars what took millions only five years ago.
    Farseeker : Whilst I agree with your post and rebuttal, insulting people by implying they are stupid won't win you many friends. Plus, it's Christmas! (well it is here at least)
    Chopper3 : He downvoted me when he was patently wrong and criticised my reading of the question when he'd done the same. Plus I'm Jewish, happy Hanukkah!
    From Chopper3

  • Your data passes through several routers before reaching a certain point on the Internet, and there isn't always a direct path between your ISP and Hotmail (for example), and as such your data may pass through AT&T routers, and they can grab the packets.

    If you're worried about the privacy of e-mail or data in general on the Internet, you should only send data through SSL, so that anyone that tries to capture packets of data will receive encrypted data.

    From gekkz

  • Email cloud services such as yahoo, Hotmail and Gmail could potentially have agreement with each government their services get accessed from. ISPs cannot track these types of emails effectively as they normally get accessed through port 80 or 443, and not SMTP(25) or POP3 (which would be easier to capture). Google, Microsoft or Yahoo could be theoretically the only ones effectively tracking cloud-based email access depending on the retention/security/monitoring agreements between them and the government. Use China as a more strict example of Cloud-based services and Governments involvement.

    ...back to your question: "Can ISPs track emails", my answer would be "they can capture/track EVERYTHING, but most-likely they're not doing it to ALL their subscribers"

    From l0c0b0x

  • they can unless you use ssl/vpn for pop/imap or pgp for your emails.

    From disserman

  • Unless you are tunnelling somehow, your ISP can track your email -- and probably practically anything you do on line.

    If you are using your ISP's mail server, tracking email is trivial, and sender/recipient information is probably logged as a matter of course. Whether anyone actually reads those logs is another matter entirely.

    If you don't use your ISP's mail server, they still have the ability to watch what you are doing.

    Case in point. Pretend you are a customer of my network. My network has a single fiber to the internet. I port-mirror that fiber to a system that records netflow information: source, destination, when, what ports, and how many bytes. So if I see your IP communicating with some other computer's port 25, I can assume you are sending mail to that system. While I do this so that I can see who is using what amount of bandwidth (so I never actually look at the port numbers) the information is captured for me to look at if the requirement occurs.

    With this kind of setup it would be relatively easy to drop a tcpdump on that mirrored interface, and then I can capture the entire session. I don't, but I could.

    And with that framework, it would be theoretically possible to automate such things so that I could capture emails that you sent.

    Milan Babuškov : Please read the question carefully, it does not ask about monitoring port 25, but webmail, which typically goes through ports 80 or 443.
    David Mackintosh : So it does. My mistake.
    From David Mackintosh

  • In some situations, countries are forcing all traffic through proxies. You communicate solely with the proxy, which then communicates with the SSL site on the other end, passing the results back to you. This would allow them to monitor traffic even if SSL encrypted.

    From ceejayoz

  • Most webmail implementations are front ends to either IMAP or a database backend. In both cases, the emails has already been delivered, so any attempts to encrypt connection to the webmail account to avoid snoops by the ISP would be moot - a competent mail administrator can simply parse the message store and find the source and/or destination address with a few simple unix commands or scripts.

    Long term, if a person is concerned about people snooping their messages, your best option would be to encrypt the message itself with (i.e. with PGP). You may not be able to hide headers, but the message itself will not readable by anyone except you and the recipient.

    From Rilindo
Posted by Ku XI at 5:33 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)