Cricket Revealed As Mobile ISP That Was Blocking Encrypted Emails
from the nicely-done dept
A few weeks ago, we wrote about how VPN company Golden Frog had quietly revealed in an FCC filing that an unnamed mobile broadband provider had been (even more) quietly blocking people from sending encrypted emails -- basically blocking users from making use of STARTTLS encryption. The Washington Post has now revealed that the mobile operator in question was Cricket -- a subsidiary of AT&T, and that it stopped blocking such encryption a few days after our post was published.Cricket did not address repeated questions about the issue and did not alert customers, many of whom rely on Cricket as their sole Internet service, that they would not be able to protect their e-mails from prying eyes. AT&T, which absorbed Cricket when it acquired Leap Wireless last spring, did not respond to a request for comment.The issue appears to be that Cricket started using some Cisco firewall equipment to block sending encrypted emails through Port 25. It's true that many ISPs block Port 25 entirely, as it's often used for spamming. What Cricket did here was to just try to block encrypted emails over Port 25, which in some ways is being more permissive than other providers who block it entirely. Yet, still, the way it did so was somewhat misleading and still concerning. While the intent here may have been reasonable, any time you have an ISP stepping in and quietly making the decision itself to block encrypted traffic while allowing other traffic it should raise questions about the security for end users. Yes, there's a constant battle against spam, but there may be better ways to deal with it than single-handedly blocking email encryption.
Cricket said in a statement to The Post that it "is continuing to investigate the issue but does not intentionally prevent customers from sending encrypted emails."
Filed Under: blocking, encryption, fcc, net neutrality, open internet, port 25, spam
Companies: cricket, golden frog
