@skiring i may be missing something but if the email is sent via SMTP on an encrypted connexion (which should be the case nowadays), how is it different / less secure than you sending your order detail over https?
In both cases, the data isn't encrypted at rest (in the store database, or in the email), but is transmitted via encrypted channels so third parties can't really intercept it
@clacke you may be right about Gmail, though I didn't experience it myself. Why would SMTP over TLS would be bad?
Even if Gmail doesn't verify certs when delivering emails over SMTP, it wouldn't really apply to the situation described by @skiring because the order confirmation isn't sent by gmail, is it?
@clacke they're the biggest host when it come to mailboxes, but are they the biggest email sender? Most email messages we receive are automated, so services like mailgun or sendgrid may generate more SMTP traffic than Gmail users.
(sendgrid apparently send at least one billion email a day https://sendgrid.com/blog/2-trillion-emails-and-counting/)
@clacke @eliotberriot @skiring An active MITM is much more costly and risky than a passive one. I'm not saying we don't need to verify certificates, in fact I would be in favour of phasing out SMTP entirely, because we do need a more modern and safer protocol, but as of today my guess is that a TLS connection between servers isn't likely to be intercepted.
mastodon.eliotberriot.com is one server in the network