In this post, we are going to show you why you should be careful with the email service you use. Sometimes, our service provider offers us an email service, maybe for our business, and if we don’t check a couple of points, ANYONE, could get our username and password and use our email account.
In this post, we will show you an example of one of the email domains Telefónica offers: telefonica.net . This was a bit surprising, considering that Telefónica is a worldwide company with million of customers but keep reading and you’ll see!
1.- Credentials in clear text
Get you “under test” email account (in our case, telefonica.net) and log in while you sniff using Cain. If your email provider is offering an old technology such as POP or IMAP and it’s not offering SSL or TLS, you will find your credentials travelling in clear text:
Why offering and old technology such as IMAP and no SSL or TLS? Check this and get your own conclusions 🙂
2.- Getting all the information about the email server
If you google “telefonica.net email”, you’ll find out the login page.
In the previous section we saw that Cain tells us the IP address is 18.104.22.168, so we can make a tracert to see where it takes it to:
As you can see in the last hop, the POP server and an IMAP server have the same IP address! What does this means?
- The server supports both protocols
- These two protocols are a bit old and, as mentioned, if they are not used in conjuction with TLS or SSL, as in this case, they are insecure.
If you want to know even more about the server, again, just type “puerto IMAP telefonica.net”. This is in Spanish because Telefónica is mainly Spanish, but at the end, you will easily find this information:
3.- Telnet the Telefónica’s mail server
Using all the info we got, we can even open a Telnet session with the server:
telnet imap.movistar.es 143
and you will be in:
You can get some more info about the server or about an email account if you log in using the LOGIN command:
If you want to list the folders with the command:
01 LIST "" "*"
You can easily see more info about one email than what you would find in the browser application with the FETCH:
Conclusion: How to check if your email server is secure
In addition to check with Cain while you are login to see if your credentials travel on clear text, you can also use the WHOIS Search to find the server IP address and then do a tracert to double check.
You can then try to Telnet (each server protocol has different Telnet commands) and find out more.
Finally, you can also check using a SSL Checker and a website checker. For example, we did with the Telefónica server and we got:
As you can see in the image above, there is even a suggestion to connect to the sever 😉
We hope you enjoyed this post and will be pleased if you have any ideas, comments or questions 😀