I’ve set up a number of e-mail accounts on one of my domains. I’m very happy with the Atmail service, it’s quite good.
However, I find it very strange that Dreamhost allows plain-text access to this service. This results in user passwords (which are supposed to be sensitive data) being sent over plain-text HTTP.
My suggestion is that http://webmail.dreamhost.com access is removed and replaced with a 301 to https://webmail.dreamhost.com.
Furthermore, I’d like the option of either:
being able to install a LetsEncrypt cert for https://webmail.mydomain.com; or
forcing a 301 redirect to https://webmail.dreamhost.com from http://webmail.mydomain.com
The same goes for mailboxes.* as well.
Also, at https://mailboxes.dreamhost.com, why can’t I login using a non-dreamhost.com e-mail address? This forces users to go to https://mailboxes.mydomain.com and accept an invalid cert if they want to securely update their password.