home of the madduck/ blog/
GMX sells registered mail as security feature

My brother wanted to send me a sensitive document, so he followed the suggestion by his provider (GMX) to use their feature called "registered mail") ("Einschreiben"). Here's how it works:

  1. The sender composes an Email and checks the option "registered mail"

  2. GMX stores the email on their servers, generates an access code, and sends the access code with a URL to the intended recipient -- plain text, of course.

  3. The recipient surfs to the URL and accepts (or declines).

  4. GMX then acknowledges acceptance to the sender and forwards the email to the original recipient address -- plain text, of course.

I suppose the feature does what the name suggests, namely to offer the sender a way to check whether the recipient has received the email. What pisses me off is that they sell it as a way to securely send emails on the Internet.

I think providers spreading fud like this should have their "licence" revoked and be condemned to practice encryption with an abacus over a 2400 baud modem line!

PS: If this isn't bad, the email sent to the intended recipient doesn't properly encode special characters in the headers, which is why some content scanners (like my amavisd-new) will discard or bounce it.