Why does Bell Canada not allow encrypting your email in transit?

Hint: you want your email to be encrypted in transit. Now, lets take a look at some stats. From my earlier post about ‘Why is Canada less encrypted than the US‘?, and from Google’s Transparency Report, we dig into Sympatico. This is Bell Canada‘s brand for Internet. We see that there is no encrypted email exchanged to Bell from Google (so your friend with a Gmail account mails you on your Sympatico account).

Gobsmacked, I double checked this. First we find the mail exchanger (as below), and then we head to https://www.checktls.com/. Story checks out. Bell does not allow encryption in transit of your email, from anywhere in the world.

$ nslookup
> set q=mx
> sympatico.ca.
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
sympatico.ca	mail exchanger = 0 mxmta.owm.bell.net.

 


Posted

in

by

Comments

7 Responses to “Why does Bell Canada not allow encrypting your email in transit?”

  1. Jayme Snyder

    You can’t even connect to the bellnet.ca mail servers with secure IMAP or secure pop. If you have an @bellnet.ca address you are a coffee shop away from having your creds leaked. Business owners beware…

  2. William Natter

    Could the answer be as trivial as “it used to be that way” and “Bell would have to spend extra $$$ on a server that almost nobody uses”? It wouldn’t surprise me…

  3. Andrew R

    For as long as I can remember, my dad has logged into university servers to read his email with mutt. One yeah he was surprised to note, that all his traffic (Bell Sympatico) was being routed through New York. For some reason, the shortest path from Scarborough to St George campus started to include a round trip to Montreal and across the border.

  4. db

    Nearly all traffic in Canada is routed through the US. This has to do with the (lack of) peering policies of the carriers.

    In the above example, I am talking about the MTA (not MUA) path. This is e.g. someone sends your dad an email, the path from their email server to his email server. Not the client fetching email (which is POP3, IMAP, web/html, … type protocol), but the SMTP protocol.

    There’s no excuse IMHO for this not being encrypted.

    Gather your pitchforks.

  5. Jack

    I run TLS check today; bell only fails the cert part; so does it mean it has TLS or no?

    1. db

      i just checked (https://www.checktls.com/). no, its not secure

Leave a Reply

Your email address will not be published. Required fields are marked *