Menu
Reply
  • 66
  • 0
  • 0
JohnBanks
On our wavelength
450 Views
Message 1 of 12
Flag for a moderator

email connection

Why when i log into email i get i am not a robot, and when i get in and click on show images the security in the bar changes to  your connection to this site is safe but someone on the network might be able to change the look of this page

0 Kudos
Reply

Helpful Answers
  • 13.62K
  • 720
  • 4.71K
Superuser
Superuser
765 Views
Message 7 of 12
Flag for a moderator
Helpful Answer

Re: email connection

No

Essentially what is happening is this.

When you open a mail many of the images aren't actually within the mail itself but are linked to from the web.  Using a link rather than embedding the image makes the mail smaller.  However many of these images are hosted over HTTP for example here's a link to a gif from a Blizzard Email.

Looking at the network log in Chrome we get this warning.

Mixed Content: The page at 'https://mail2.virginmedia.com/appsuite/#!&app=io.ox/mail&folder=flhawlw61QOKSZ' was loaded over HTTPS, but requested an insecure image 'http://media.wow-europe.com/email/2016/hearthstone/twitch/images/header.gif'. This content should also be served over HTTPS.

Note there's nothing wrong with the gif itself.  Merely that it's being sent over http.

When the images are hidden there's no issue as you're only seeing what's served directly from Virgin's mail server over HTTPS, but once you click show images, your browser is then pulling in the external content - hence the warning.

Unfortunately unless Blizzard or any other sender for that matter changes their links to https ones, there's not a lot that can be done without a rewrite of the OX Apps code to effectively cache the image on the server and download it from there.  Which would not be an easy task, and considering the amount of emails Virgin deals with, would also need extra storage space for the image cache (although some would ultimately be shared).

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

  • 955
  • 114
  • 424
Superuser
Superuser
420 Views
Message 10 of 12
Flag for a moderator
Helpful Answer

Re: email connection

John

As explained above by Ravenstar68 and myself, practically every email which has images in it will cause the circle with the "i" in it to appear when you "Show images" because, in 99.99% of cases, the image is being collected from a site other than VM's secure email site. The warning which you see when you click the circle is just a precautionary warning generated by the Chrome browser that the downloaded images should not be regarded as 100% trustworthy. There is a very small risk that someone could have changed the image on the source site and planted some sort of virus in it. Risk factor is - very low. Note that not all browsers generate this warning. The Edge browser in Windows 10 for example does NOT generate it.


All Replies
  • 7.36K
  • 828
  • 3.1K
Superuser
Superuser
434 Views
Message 2 of 12
Flag for a moderator

Re: email connection

I Googled this because I use Chrome and I never see it. It is apparently harmless:

http://security.stackexchange.com/questions/133967/chrome-your-connection-is-private-but-someone-mig...

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 955
  • 114
  • 424
Superuser
Superuser
430 Views
Message 3 of 12
Flag for a moderator

Re: email connection

I think that you are describing what happens when you have opened your first email from your Inbox and then clicked “show images” for that email – yes/no?

The message you then get is -

your connection to this site is safe but someone on the network might be able to change the look of this page”

This means that one of the images embedded in your email is being loaded from another website using HTTP – as opposed to the secure protocol HTTPS and anyone with access to the source website could change the nature of the image which is being presented to you. It’s a sort of security threat but not a serious one.

Can you confirm that this is not happening for EVERY email you open. If it does there may be a technical fault in the VM email system.

 

  • 7.36K
  • 828
  • 3.1K
Superuser
Superuser
427 Views
Message 4 of 12
Flag for a moderator

Re: email connection

What a good reply!

-----------------------

Superuser 2017/18
Use Kudos to say thanks
Mark answer as "helpful" only when the problem is solved
Please don't send me private messages unless I ask you to.
I do not work for VM. The advice I give is based on my best understanding of VM policy and practice. You rely on it at your own risk.
0 Kudos
Reply
  • 66
  • 0
  • 0
JohnBanks
On our wavelength
396 Views
Message 5 of 12
Flag for a moderator

Re: email connection

Hi Bill,

Thanks for your reply,  yes it happens on any email i click on, at first there is a padlock then this changes to a circle with an i in it. Is there anything i can do about it?

Regards

0 Kudos
Reply
  • 955
  • 114
  • 424
Superuser
Superuser
391 Views
Message 6 of 12
Flag for a moderator

Re: email connection

Which version of Windows and which browser and version are you using?

Are you connecting to VM mail from a link on the VM homepage?

  • 13.62K
  • 720
  • 4.71K
Superuser
Superuser
766 Views
Message 7 of 12
Flag for a moderator
Helpful Answer

Re: email connection

No

Essentially what is happening is this.

When you open a mail many of the images aren't actually within the mail itself but are linked to from the web.  Using a link rather than embedding the image makes the mail smaller.  However many of these images are hosted over HTTP for example here's a link to a gif from a Blizzard Email.

Looking at the network log in Chrome we get this warning.

Mixed Content: The page at 'https://mail2.virginmedia.com/appsuite/#!&app=io.ox/mail&folder=flhawlw61QOKSZ' was loaded over HTTPS, but requested an insecure image 'http://media.wow-europe.com/email/2016/hearthstone/twitch/images/header.gif'. This content should also be served over HTTPS.

Note there's nothing wrong with the gif itself.  Merely that it's being sent over http.

When the images are hidden there's no issue as you're only seeing what's served directly from Virgin's mail server over HTTPS, but once you click show images, your browser is then pulling in the external content - hence the warning.

Unfortunately unless Blizzard or any other sender for that matter changes their links to https ones, there's not a lot that can be done without a rewrite of the OX Apps code to effectively cache the image on the server and download it from there.  Which would not be an easy task, and considering the amount of emails Virgin deals with, would also need extra storage space for the image cache (although some would ultimately be shared).

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

  • 66
  • 0
  • 0
JohnBanks
On our wavelength
377 Views
Message 8 of 12
Flag for a moderator

Re: email connection

I am using windows 8.1 and google chrome browser. I connect to email through the vm homepage

0 Kudos
Reply
  • 66
  • 0
  • 0
JohnBanks
On our wavelength
234 Views
Message 9 of 12
Flag for a moderator

Re: email connection

Hi 

I am using windows 8.1 and google chrome. i connect to email via the vm home page

0 Kudos
Reply
  • 955
  • 114
  • 424
Superuser
Superuser
421 Views
Message 10 of 12
Flag for a moderator
Helpful Answer

Re: email connection

John

As explained above by Ravenstar68 and myself, practically every email which has images in it will cause the circle with the "i" in it to appear when you "Show images" because, in 99.99% of cases, the image is being collected from a site other than VM's secure email site. The warning which you see when you click the circle is just a precautionary warning generated by the Chrome browser that the downloaded images should not be regarded as 100% trustworthy. There is a very small risk that someone could have changed the image on the source site and planted some sort of virus in it. Risk factor is - very low. Note that not all browsers generate this warning. The Edge browser in Windows 10 for example does NOT generate it.