Community Forum

Email Browsing Not Secure for All Messages

Highlighted
New Poster

Email Browsing Not Secure for All Messages

 The address bar changes from Secure to Not Secure right after loading mail and clicking on a message.  It does not happen to all messages,  But as soon as I click on a mail message "not secure" appears in the address bar .  As another user explained, "It doesn't matter if the email is of personal nature or from places that I have signed up for newsletters".   It  does not appear that there is a fix.  It happens in Microsoft Edge and Google Chrome.  The problem seems to lie in the Xfinity Email application.    "In fact, even the Xfinity newsletters have this response." 

 

Please advise on whether or not email messages are truly safe and that the Xfinity Email application can be trusted/secure.

 

Highlighted
Official Employee

Re: Email Browsing Not Secure for All Messages

its as secure as long as your device itself is secure. Your emails are stored and encrypted on the Comcast servers, not your computer or browser. The secure/not secure indicator is in reference to your browser and whether or not the data you send from your browser to the website is encrypted or not.


I am an Official Comcast Employee.
Official Employees are from multiple teams within Comcast: CARE, Product, Leadership. We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Mark the post as Best Answer!
Highlighted
Gold Problem Solver

Re: Email Browsing Not Secure for All Messages


@thepclady wrote: ... The problem seems to lie in the Xfinity Email application. ...

It's not the webmail application, it's the way most current web browsers are designed. Whenever you use any provider's webmail to open an email that references a non-secure (loaded with "http" instead of "https") image, script, or other item, the browser warns you. In webmail, this probably happens most often if you have the setting for "Allow pre-loading of externally linked images" (gear icon / Settings / Security / Mail) checked. If you don't have that option checked, you're probably getting the browser warning when you open an email that has insecure content and you click the "Show images" button.

 


... even the Xfinity newsletters have this response ...

Sadly, many of the emails Comcast sends have insecure image links and will trigger the browser's warning. Two examples are "http://log.dmtry.com/" and "http://xfinity.comcast.net/favicon.ico". To a browser both of these are "insecure" because they use "http" instead of "https". 

 

A secure web page that loads insecure content is said to be using "mixed content", and may be subject to a "man-in-the-middle" attack. Comcast seems to think this is not a problem, but Internet security experts think otherwise. See https://www.google.com/search?q=mixed+content+pages+MITM.