Testing e mail

Discussion in 'Email Discussions' started by compleo, Jul 16, 2015.

  1. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Is anyone familiar with this tool.It uses the words " e mail client", so i don't know if this includes e mail providers...> Email Privacy Tester
     


    popowich likes this.
  2. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    148
    Likes Received:
    32
    Yes, I used this tool to test my service
     

    popowich likes this.
  3. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Just tried it & i received this pop up before i opened the e mail...
    TEST.JPG

    Test results show grey turned to red but i click on them to see results.They all show info that doesn't make any sense to me,such as
    How does this info help me to determine if there is an issue & if there is how do i fix it.
     
  4. SCRYPTmail

    SCRYPTmail Email Service Provider

    Joined:
    May 6, 2015
    Messages:
    148
    Likes Received:
    32
    it's mostly technical data useful for developers, in your case pop up means, that your email client tried to execute javascript that was supplied instead of image. (this is very bad)
     
  5. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Is the pop up issue anything i can fix or is up to the e mail service provider.
     
  6. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    I tested scrypt with the tester,i didn't get that pop up warning regarding the java script warning.Also there are less red ovals to click on,does less mean better.
     
  7. grepular

    grepular Email Privacy Tester

    Joined:
    Jul 17, 2015
    Messages:
    5
    Likes Received:
    3
    Hi. I'm the author of emailprivacytester.com (can provide proof if needed). A guy who I think runs this forum sent me an email to ask if I'd like to comment here. Firstly, I recognise that the user interface is a bit clunky and difficult to understand for the lay person, but it's really intended for people who either run mail systems, build mail clients or have a deepish understanding of the way emails are constructed. The about page describes how it works - About | Email Privacy Tester - Essentailly every time one of the ovals turns red, it means that your email client has connected back to my website, which is potentially bad. It means that something in the email allowed me to determine that the email had been opened, when it had been opened, and the IP address of the person opening it. More red, means there are more ways of getting this info.

    The thing it tests is the email client. So if you enter a gmail.com address, it's not testing the "Gmail service", it's testing the thing that you use to open the email. So it's either testing the gmail web interface, or whatever Android/iOS email client you're using, or Thunderbird or Outlook or whatever.
     
    popowich likes this.
  8. grepular

    grepular Email Privacy Tester

    Joined:
    Jul 17, 2015
    Messages:
    5
    Likes Received:
    3
    Also, what email client were you using when you saw that popup? It's extremely bad. My tester sends a simple bit of JavaScript which just pops up a message. If I was malicious, I could send a different piece of JavaScript which allowed me to completely take over your email account instead.
     
    popowich likes this.
  9. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,999
    Likes Received:
    120
    Yes, that was me.
    Welcome to EQ and :thanks:
     
  10. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    Welcome to EQ greular.

    Isn't gmail the e mail client?

    What do you mean the thing i open the e mail,i thought the browser opened it?

    Whats the difference between gmail service & gmail web interface?

    The test was for safe mail>in post# 3>click on the spoiler button to view the whole message.
     
  11. grepular

    grepular Email Privacy Tester

    Joined:
    Jul 17, 2015
    Messages:
    5
    Likes Received:
    3
    "GMail" is an email service. It comes with a web interface which you can optionally use to access your email. You could also install Microsoft Outlook or one of dozens of other email clients, and connect them to your GMail account. At that point, you're no longer using the GMail web interface to view your GMail email, you're now using Outlook to view your GMail email, even though that email is still hosted by GMail.

    Re "Safe Mail". How did you make that popup happen? I just signed up for a test account and tested it with emailprivacytester.com and Firefox, and saw no such popup when viewing an email. What did you click on immediately before your saw the popup? Also, what web browser and version are you using?

    [EDIT] Discovered it. It's when you click "Show HTML". Yes, this is about as bad as security bugs in webmail clients get. I'll send them an email to let them know it needs fixing.

    [EDIT] I've changed my mind about reporting it. They don't even make the most basic attempt to block javascript. These bugs usually occur because of some weird edge case that providers didn't catch, but in this case, it is not a weird edge case. They simply haven't attempted to block it. This is the least secure email service I have ever seen.
     
  12. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    I didn't click anything,the second i opened safe mail the pop up showed up.

    I use the best,most secure web browser there is.It spoofs web sites,the user has the option to select FF,chrome etc....> white hat aviator
     
  13. grepular

    grepular Email Privacy Tester

    Joined:
    Jul 17, 2015
    Messages:
    5
    Likes Received:
    3
    White Hat Aviator sounds interesting. I might have to give it a look. I would really recommend against using safe-mail.net. I had a look at scryptmail earlier and it looks pretty good. I did find one security flaw (XSS) in scryptmail, but they fixed it very quickly after I reported it. I didn't give it a full security audit though, just a quick once over.
     
    popowich likes this.
  14. compleo

    compleo Valued Member

    Joined:
    Jul 11, 2015
    Messages:
    297
    Likes Received:
    58
    RE: e mail client(s),i don't have anything installed.I have scrypt,proton,tutaonta & safe mail & i don't install anything to them.I just leave them as they are,not big on bells & whistles."Essentailly every time one of the ovals turns red, it means that your email client has connected back to my website".Some of the ovals were red but i don't have an e mail client?

    White hat aviator is an excellent browser.A heads up,when installed it automatically makes it the default browser.

    On top right is what looks like the lone ranger mask & 3 horizontal lines.The 3 lines is for the many options.,including settings.1 of the great options is the selection of which search engine,i use DDG(disconnect).In addition to many great features & security,it doesn't track IP or search history.I avoid any word that starts with G

    Click mask>drop down menu>options to select FF,chrome IE etc.This spoofs the web site into thinking that you are using that browser.
     
  15. grepular

    grepular Email Privacy Tester

    Joined:
    Jul 17, 2015
    Messages:
    5
    Likes Received:
    3
    "Some of the ovals were red but i don't have an e mail client?" - By "email client", when you're using webmail, I mean "web browser".
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...