[tor-talk] Thunderbird, GMail and Tor - is it safe?

[Joe Btfsplk]

On 8/9/2011 11:49 AM, cmeclax-sazri wrote:
> On Tuesday 09 August 2011 11:03:55 Phillip wrote:
>> My question is whether the SSL/TLS connections between my e-mail client
>> and the GMail server are being made through the Tor network, and whether
>> using Tor in such a way exposes my otherwise unencrypted e-mail to a
>> greater risk of being skimmed by, say, a potentially hostile Tor exit node?
>>
>> My goal is simply to anonymise my IP, which gets leaked gratuitously by
>> Thunderbird, and to ensure that the e-mail gets to the GMail server as
>> securely as if I was using the https web mail.
> As far as I can tell from the headers, it is working. When you send email
> through the web interface, your IP does not appear in the headers. Your
> message contains this header:
>
> Received: from [0.0.0.0] (spftor3.privacyfoundation.ch [62.220.135.129])
>   by mx.google.com with ESMTPS id r5sm7674eef.36.2011.08.09.08.04.01
>   (version=SSLv3 cipher=AES128-SHA);     Tue, 09 Aug 2011 08:04:03 -0700 (PDT)
>
> which shows that your mail was sent through encrypted SMTP from a Tor node.
>
> I have a Gmail account that I created through the web using Tor; it was
> immediately flagged as suspect as soon as I finished. How do you use
> Thunderbird with Gmail?
You will have to either create an acct while using Tor, or when using 
Tor to access an existing acct (not sure of the value in that - if the 
acct wasn't created using Tor), or almost certainly have to use an exit 
node in the same country that you created the gmail acct from (by 
editing your torrc file to use country specific exit nodes).  Gmail 
doesn't like it when you try to access an acct from an  address in 
another country than the one they saw / recorded when the acct was 
created.  I think they believe it may be a hacking attempt.