Archive

Posts Tagged ‘Mail.app’

Encryption bug in Apple Mail (… or feature?)

November 15th, 2010 1 comment

Hi Steve

When using s/mime encryption, which is nicely integrated in the users keychain, with IMAP configured accounts in mail.app, the app does not encrypt the mail and stores it (e.g. as draft) unencrypted on the server before it has been sent.

An attacker can either read the unencrypted mail, if he has access to the server (sysadmin), or in case the IMAP connection is unencrypted, read the unencrypted message on the nodes/routers.

Please fix this.

Take care & best, lx