Secure email

markbot · 08-23-2009, 08:35 AM

Anyone know what the best way to get secure email is?

Should I just trust gmail, yahoo mail, and hotmail?

I don't like the idea of my emails being saved anywhere, accessible to the email service.

There are services like hushmail out there that state of secure they are....but I still don't trust them.

Anyone setup their own email server?

AlfonsVH · 08-23-2009, 08:44 AM

The most secure way to send information might well be sending encrypted messages written in secret ink with a homing pigeon.

If skilled people really want to read your (unencrypted) mails, there are probably ways to intercept them, even when you use your own mail server.
If you use a third-party service, just be sure to read their privacy policy.

However, Hushmail is indeed supposed to be extremely secure, but I haven't read their privacy policy. If you're looking to send extremely sensitive information, your best bet might be to encrypt the mails beforehand with e.g. OpenPGP, paste the encrypted message in Hushmail (which you access via an anonymous proxy of course) and send it.
That way, only the recipient will be able to decrypt your mail.

HarryT · 08-23-2009, 10:03 AM

Given that your e-mail will be stored on the recipient's mail server, regardless of what you do at your end, this seems like a pretty pointless thing to worry about. It's best to consider anything you send by e-mail as being protentially "public" information, since you have no control over what the recipient decides to do with it.

RWood · 08-23-2009, 10:16 AM

Quote:

Originally Posted by HarryT

Given that your e-mail will be stored on the recipient's mail server, regardless of what you do at your end, this seems like a pretty pointless thing to worry about. It's best to consider anything you send by e-mail as being protentially "public" information, since you have no control over what the recipient decides to do with it.

Plus if you are not skilled at security putting together your own email server will most likely be the least secure route. GMail is as secure as any other, perhaps more so as they can afford the firewalls to keep hackers out.

Most people are their own worst problem. Some years ago we got a copy of the password file (no associations with any accounts) and found that the following accounted for over 50% of all passwords:

sail
gold
silver
honey
love
password

So much for security for these folks. (Sail had over twice as many hits as the next entry.)

pshrynk · 08-23-2009, 04:44 PM

Quote:

Originally Posted by RWood

Plus if you are not skilled at security putting together your own email server will most likely be the least secure route. GMail is as secure as any other, perhaps more so as they can afford the firewalls to keep hackers out.

Most people are their own worst problem. Some years ago we got a copy of the password file (no associations with any accounts) and found that the following accounted for over 50% of all passwords:

sail
gold
silver
honey
love
password

So much for security for these folks. (Sail had over twice as many hits as the next entry.)

Sail? Are there a bunch of sailors out there that don't bring it up, or something?

slayda · 08-23-2009, 04:59 PM

A combination of encryption and the "purloined letter method" might work. Some years ago I wrote a program that would append a file to an image file. If no one looked too closely, it looked just like an image file and in fact could be displayed just as an image would. Another program stripped out the added file for the intended recipient. If that file were encrypted, it would further add to security.

However as has been mentioned, if someone knew what to look for and had a good decryption program you'd still be SOL.

animedude01 · 08-23-2009, 06:48 PM

Quote:

Originally Posted by markbot

Anyone know what the best way to get secure email is?

Should I just trust gmail, yahoo mail, and hotmail?

I don't like the idea of my emails being saved anywhere, accessible to the email service.

There are services like hushmail out there that state of secure they are....but I still don't trust them.

Anyone setup their own email server?

It all depends on what exactly you mean by secure. There is no real security with e-mail for a number of reasons.

1) It's plain text and readable as is
2) You have no real control of your e-mail when it leaves your system

For 1, you can encrypt your e-mail with pgp or gpg and send the recipient the key offline.

For 2, you're just out of luck as that's how the Internet works. Your e-mail server looks up the recipients e-mail server and sends it there. That might sound like it's secure if you control your server and the recipient controls theirs, but what about all the routers and potential servers the mail passes through between those two points?

It all depends on how paranoid you are and what you're trying to achieve. If you read the terms of service for all the free mail providers it gives you an idea of what they do with the e-mail.

If you want true security, don't use e-mail. Use the offline methods. If you want to use e-mail, then encrypt all mail and give a copy of the key to the recipients.

Other than that, you have to accept that you have no real control of what happens to your e-mail once it leaves your system because that's all you can control.

You do have a modicum more control if you have your own server, but what if your recipient uses gmail/hotmail/yahoo etc?

Also, I remember reading somewhere that hushmail received a subpoena and gave up user names, so even that's not guaranteed.

Hope this helps.

Trilby · 08-23-2009, 09:08 PM

https://www.privacyharbor.com/

acidzebra · 08-24-2009, 05:28 AM

If you are truly paranoid I agree with the PGP/openPGP/gnuPG/pgpi suggestion; with mail encrypted before it leaves your system it doesn't matter what the provider is. In addition, while your own email server might "protect" you from peeping email service providers (unlikely as I find that) the mails will still not be protected on the various hops it makes to its destination and be vulnerable to interception.

Of course, with PGP you will have to have a receiver who is also capable/willing to decrypt.

markbot · 09-04-2009, 07:33 PM

Thanks for the suggestions guys. I've decided to to use google apps premium edition for my email and use a different alias for each website I frequent. this way I at least know if they r the source of spam and can shut them down. Also, I think google apps is probably more secure than anything I could put together on my own. and of course, I do have GnuPG encryption that I could use for super sensitive information.

UncleDuke · 09-04-2009, 10:06 PM

secure email, put a stamp on it and use the post office

08-23-2009, 08:35 AM	#1
markbot Guru Posts: 612 Karma: 7511929 Join Date: Apr 2007 Location: New York, NY Device: Amazon Kindle Paperwhite 2	Secure email Anyone know what the best way to get secure email is? Should I just trust gmail, yahoo mail, and hotmail? I don't like the idea of my emails being saved anywhere, accessible to the email service. There are services like hushmail out there that state of secure they are....but I still don't trust them. Anyone setup their own email server?

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Email password showing during Test email under Sharing?	Esquire1	Calibre	1	09-15-2010 02:50 AM
Secure mobipocket	Kumabjorn	Kindle Formats	7	07-22-2010 06:23 PM
"Secure" PDF and "Secure" Mobi docs?	AceHarddrive	iRex	9	05-08-2008 09:13 PM
Yahoo begins test of email service that looks more like desktop email programs	Bob Russell	Lounge	2	09-18-2005 07:20 PM
Verizon.net email...no email from countries outside the US?	Zire	Lounge	4	02-19-2005 09:29 PM

08-23-2009, 08:44 AM	#2
AlfonsVH Addict Posts: 253 Karma: 2113226 Join Date: Jun 2008 Device: BeBook Neo	The most secure way to send information might well be sending encrypted messages written in secret ink with a homing pigeon. If skilled people really want to read your (unencrypted) mails, there are probably ways to intercept them, even when you use your own mail server. If you use a third-party service, just be sure to read their privacy policy. However, Hushmail is indeed supposed to be extremely secure, but I haven't read their privacy policy. If you're looking to send extremely sensitive information, your best bet might be to encrypt the mails beforehand with e.g. OpenPGP, paste the encrypted message in Hushmail (which you access via an anonymous proxy of course) and send it. That way, only the recipient will be able to decrypt your mail.

08-23-2009, 10:03 AM	#3
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383099 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	Given that your e-mail will be stored on the recipient's mail server, regardless of what you do at your end, this seems like a pretty pointless thing to worry about. It's best to consider anything you send by e-mail as being protentially "public" information, since you have no control over what the recipient decides to do with it.

08-23-2009, 04:59 PM	#6
slayda Retired & reading more! Posts: 2,764 Karma: 1884247 Join Date: Sep 2006 Location: North Alabama, USA Device: Kindle 1, iPad Air 2, iPhone 6S+, Kobo Aura One	A combination of encryption and the "purloined letter method" might work. Some years ago I wrote a program that would append a file to an image file. If no one looked too closely, it looked just like an image file and in fact could be displayed just as an image would. Another program stripped out the added file for the intended recipient. If that file were encrypted, it would further add to security. However as has been mentioned, if someone knew what to look for and had a good decryption program you'd still be SOL.

08-23-2009, 09:08 PM	#8
Trilby Enthusiast Posts: 46 Karma: 350 Join Date: Aug 2009 Location: New England Device: Kindle 2	https://www.privacyharbor.com/

08-24-2009, 05:28 AM	#9
acidzebra Liseuse Lover Posts: 869 Karma: 1035404 Join Date: Jul 2008 Location: Netherlands Device: PRS-505	If you are truly paranoid I agree with the PGP/openPGP/gnuPG/pgpi suggestion; with mail encrypted before it leaves your system it doesn't matter what the provider is. In addition, while your own email server might "protect" you from peeping email service providers (unlikely as I find that) the mails will still not be protected on the various hops it makes to its destination and be vulnerable to interception. Of course, with PGP you will have to have a receiver who is also capable/willing to decrypt.

09-04-2009, 07:33 PM	#10
markbot Guru Posts: 612 Karma: 7511929 Join Date: Apr 2007 Location: New York, NY Device: Amazon Kindle Paperwhite 2	Thanks for the suggestions guys. I've decided to to use google apps premium edition for my email and use a different alias for each website I frequent. this way I at least know if they r the source of spam and can shut them down. Also, I think google apps is probably more secure than anything I could put together on my own. and of course, I do have GnuPG encryption that I could use for super sensitive information.

09-04-2009, 10:06 PM	#11
UncleDuke books & doughnuts Posts: 882 Karma: 37857 Join Date: Jan 2007 Location: usa Device: sony reader, kindle2	secure email, put a stamp on it and use the post office

Advert

Advert