I’ve used https formatted Microsoft’s Hotmail.com for sending and receiving
email for years. I have a working knowledge of https, but I want to ensure that
I’m correct in my knowledge. So my question is: when I send an email via
https, via a Wi-Fi network that is not password-enabled but open to the public
(for example, a public library), and before the email is received by the server
that I’m sending to, can the sending email address be read while the email is
sent via https format using the Wi-Fi network?
Now with time and money I understand that anything is possible with
computers and source code; I know that’s true. I’m speaking of a general
concept on this issue. You’ve covered the topic recently on interpreting email
headers but I don’t recall reading this specific question or answer.
In this excerpt from
Answercast #29, I look at the way https views data and how that keeps you
Security with https
Https is a general-purpose connection encryption and validation technology.
- What that really means is: the https has no concept of what it is you’re doing.
It doesn’t know that there’s email involved. All it’s doing is sending data to a web server and receiving data from that web server.
In the case of Hotmail, those are web pages: those are nothing more than web pages. When you fill out a web page that has a “To” and a “CC” and a “Subject” and an email message, it’s just a web page that is containing a bunch of information that you send up to Hotmail.
Data is encrypted
Https causes that data to be encrypted and it’s actually encrypted from point to point. It’s encrypted on your machine and it’s only decrypted when it finally reaches the https Hotmail server at the other end.
- Nobody in-between can see the contents of that message.
Not only can they not see the contents of that message, they can’t see the “To” line. Heck, they can’t even tell that you are sending email because all they’re seeing is data going from your machine to Hotmail and that’s it.
Same thing with the response; all they’re seeing is data. It’s encrypted but it’s just data coming back from the Hotmail server to your machine.
They can’t tell what it is or why it is.
The https can be used with multiple different kinds of servers. Https with Hotmail is something we use regularly and encourage people to use regularly for exactly the kinds of reasons that you’re suggesting.
You’re protecting people from being able to see not only what you’re sending and who you’re sending it to.
You’re also protecting people from being able to see your login credentials.
The same thing applies with banking. It’s the same old https, but in this case, you’re actually exchanging banking information.
The https doesn’t care; it doesn’t know what kind of data you’re exchanging with the web server. All that it’s doing is encrypting this bundle of data when it gets sent up, decrypting it when it gets there, and then decrypting the response when it comes back.
Next from Answercast 29 – Why has opting out of ads in Hotmail not turned them off?