xmove's profile

New Poster

 • 

1 Message

Monday, August 17th, 2020 1:00 PM

Closed

NOT SECURE

on the address bar on emails NOT SECURE

This conversation is no longer open for comments or replies and is no longer visible to community members.

Gold Problem Solver

 • 

26.5K Messages

5 years ago

It's the way most current web browsers are designed. Whenever you use any provider's webmail to open an email that references a non-secure (loaded with "http" instead of "https") image, script, or other item, the browser warns you. In webmail, this probably happens most often if you have the setting for "Allow pre-loading of externally linked images" (gear icon / Settings / Security / Mail) checked. If you don't have that option checked, you're probably getting the browser warning when you open an email that has insecure content and you click the "Show images" button.


Sadly, many of the emails Comcast sends have insecure image links and will trigger the browser's warning. Two examples are "http://log.dmtry.com/" and "http://xfinity.comcast.net/favicon.ico". To a browser both of these are "insecure" because they use "http" instead of "https".


A secure web page that loads insecure content is said to be using "mixed content", and may be subject to a "man-in-the-middle" attack. Comcast seems to think this is not a problem, but Internet security experts think otherwise. See https://www.google.com/search?q=mixed+content+pages+MITM.

forum icon

New to the Community?

Start Here