LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Looking for recommendations for a good secure email provider (http://www.linuxquestions.org/questions/linux-general-1/looking-for-recommendations-for-a-good-secure-email-provider-4175453269/)

taylorkh 03-08-2013 09:11 AM

Looking for recommendations for a good secure email provider
 
Not exactly a Linux question but I trust the expertise here and would just as soon go with a Linux friendly provider. Here is the situation...

My DSL ISP of course provides "free" email as part of the package. It generally works OK. Last evening one of my account would not authenticate from Thunderbird on CentOS 6. This happens some time but usually clears in a couple of minutes. This time it persisted. I called the ISP's tech support.

The tech support personnel have access to customer email credentials in PLAINTEXT on their server. This is of course a significant security/privacy concern. I worked in senior IT positions at a Fortune 250 company for 18 years. I NEVER had access to client credentials. I could reset them but not see them. And I NEVER accessed applications using the clients' credentials.

In trying to investigate my issue, the tech support rep configured an email client on a test PC with with my credentials. This managed to connect to the POP3 server and download some of my email to the PC. He had no way to securely delete the data from the test PC. So, I am looking for a new email provider. The criteria are:

Email stored on the provider's servers is encrypted
Secure (SSL, TLS etc.) connections available to the email server
Support personnel do NOT have access to client credentials nor to unencrypted email on the servers.

Can anyone offer any recommendations?

TIA,

Ken

brianL 03-09-2013 07:29 AM

I don't use it myself, but I've seen Hushmail recommended:

http://www.hushmail.com/about/

Habitual 03-09-2013 08:23 AM

hushmail is great.

starter setup not so much.
Subscription gets you IMAP access and more room.

taylorkh 03-11-2013 11:06 AM

Thanks folks. I had heard of hushmail in the past although it was generally in reference to its use by "less desirable" on the Internet. It appears that they are a legitimate company. Their FAQ tells me that email from one hushmail account to another hushmail account is encrypted all the way. I have not determined how/when/if email from a hushmail account to a non-hushmail account or from a non-hushmail account to a hushmail account is encrypted. I have asked the question and am awaiting a reply.

If I send an email to a non-hushmail account it would have to leave their server in plain text. Would it be stored on the server in the "sent mail" box in plain text or encrypted with my hushmail key? Same concern for incoming from a plain text account. I will update the thread if I hear anything back from my inquiry.

Ken

JWJones 03-11-2013 11:14 AM

Riseup:

https://mail.riseup.net/

Lavabit is good, too:

https://lavabit.com/

sundialsvcs 03-11-2013 11:34 AM

Okay, the bottom line really is that "email is not secure." It wasn't designed to be. Although SSL is customarily used when connecting to an e-mail server, it shouldn't really be considered a surprise that a technician at the central office can find the plaintext password.

If you need secure email, you need to secure the mail. Privacy Enhanced Mail (PEM).

Habitual 03-11-2013 11:46 AM

Quote:

Originally Posted by taylorkh (Post 4909244)
Thanks folks. I had heard of hushmail in the past although it was generally in reference to its use by "less desirable" on the Internet. It appears that they are a legitimate company. Their FAQ tells me that email from one hushmail account to another hushmail account is encrypted all the way. I have not determined how/when/if email from a hushmail account to a non-hushmail account or from a non-hushmail account to a hushmail account is encrypted. I have asked the question and am awaiting a reply.

If I send an email to a non-hushmail account it would have to leave their server in plain text. Would it be stored on the server in the "sent mail" box in plain text or encrypted with my hushmail key? Same concern for incoming from a plain text account. I will update the thread if I hear anything back from my inquiry.

Ken

The body of message will be sent be encrypted with whom-ever's key you encrypted it to, regardless of recipient. ie. you encrypt to jerry@xyz
and mail to terry@xyz. Only jerry@xyz will be able to decrypted the encrypted body.
terry would be @**out, and most likely see garbage.

Quote:

Originally Posted by taylorkh (Post 4909244)
Their FAQ tells me that email from one hushmail account to another hushmail account is encrypted all the way

Ken, technically this may be accurate relating to traffic and mail delivery, but that does NOT mean all bodies of all hushmail transmissions are encrypted.

Quote:

Originally Posted by taylorkh (Post 4909244)
Would it be stored on the server in the "sent mail" box in plain text or encrypted with my hushmail key?

outbox should only contain encrypted body-of-message(s) since it is encrypted before it it processed into the "outbox".
...NO, not with your hushmail key, the recipient's key'.

I hope this helps.

taylorkh 03-12-2013 08:56 AM

Thanks Habitual,

I received a reply to my inquiry from hushmail. Email arriving at their server in plaintext or leaving their server in plaintext is stored as plaintext. That in a way is worse than my current ISP which (claims) that all email stored on their server is stored encrypted - except that a zillion droids at their call center have access to all email account passwords.

As to email being "secure" I have played with gpg and Enigmail. Such email is encrypted end to end and any copy stored on an email server requires the recipient's private key to decrypt. However, I to not correspond with other folks who use encrypted email so the capability does not accomplish much.

Thanks eyeofliberty,

riseup.net - I think I will pass on the black helicopters for the time being (or use tor) :)

lavabit.com looks promising - I will take a closer look.

Ken

taylorkh 06-20-2013 02:05 PM

I thought I had posted previously that lavabit looked excellent. However, back in March they were not accepting new accounts. I checked today and new accounts were being accepted and I now have one :D I think it will address my concerns.

Ken


All times are GMT -5. The time now is 11:28 AM.