LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 03-08-2013, 09:11 AM   #1
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,192

Rep: Reputation: 96
Looking for recommendations for a good secure email provider


Not exactly a Linux question but I trust the expertise here and would just as soon go with a Linux friendly provider. Here is the situation...

My DSL ISP of course provides "free" email as part of the package. It generally works OK. Last evening one of my account would not authenticate from Thunderbird on CentOS 6. This happens some time but usually clears in a couple of minutes. This time it persisted. I called the ISP's tech support.

The tech support personnel have access to customer email credentials in PLAINTEXT on their server. This is of course a significant security/privacy concern. I worked in senior IT positions at a Fortune 250 company for 18 years. I NEVER had access to client credentials. I could reset them but not see them. And I NEVER accessed applications using the clients' credentials.

In trying to investigate my issue, the tech support rep configured an email client on a test PC with with my credentials. This managed to connect to the POP3 server and download some of my email to the PC. He had no way to securely delete the data from the test PC. So, I am looking for a new email provider. The criteria are:

Email stored on the provider's servers is encrypted
Secure (SSL, TLS etc.) connections available to the email server
Support personnel do NOT have access to client credentials nor to unencrypted email on the servers.

Can anyone offer any recommendations?

TIA,

Ken
 
Old 03-09-2013, 07:29 AM   #2
brianL
LQ 5k Club
 
Registered: Jan 2006
Location: Oldham, Lancs, England
Distribution: Slackware & Slackware64 14.1
Posts: 7,038
Blog Entries: 52

Rep: Reputation: Disabled
I don't use it myself, but I've seen Hushmail recommended:

http://www.hushmail.com/about/
 
Old 03-09-2013, 08:23 AM   #3
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,424
Blog Entries: 6

Rep: Reputation: 796Reputation: 796Reputation: 796Reputation: 796Reputation: 796Reputation: 796Reputation: 796
hushmail is great.

starter setup not so much.
Subscription gets you IMAP access and more room.
 
Old 03-11-2013, 11:06 AM   #4
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,192

Original Poster
Rep: Reputation: 96
Thanks folks. I had heard of hushmail in the past although it was generally in reference to its use by "less desirable" on the Internet. It appears that they are a legitimate company. Their FAQ tells me that email from one hushmail account to another hushmail account is encrypted all the way. I have not determined how/when/if email from a hushmail account to a non-hushmail account or from a non-hushmail account to a hushmail account is encrypted. I have asked the question and am awaiting a reply.

If I send an email to a non-hushmail account it would have to leave their server in plain text. Would it be stored on the server in the "sent mail" box in plain text or encrypted with my hushmail key? Same concern for incoming from a plain text account. I will update the thread if I hear anything back from my inquiry.

Ken
 
Old 03-11-2013, 11:14 AM   #5
JWJones
Member
 
Registered: Jun 2009
Location: Cascadia
Distribution: Slackware, LinuxBBQ, OpenBSD, Mac OSX
Posts: 723

Rep: Reputation: 187Reputation: 187
Riseup:

https://mail.riseup.net/

Lavabit is good, too:

https://lavabit.com/
 
Old 03-11-2013, 11:34 AM   #6
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,381

Rep: Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109Reputation: 1109
Okay, the bottom line really is that "email is not secure." It wasn't designed to be. Although SSL is customarily used when connecting to an e-mail server, it shouldn't really be considered a surprise that a technician at the central office can find the plaintext password.

If you need secure email, you need to secure the mail. Privacy Enhanced Mail (PEM).
 
Old 03-11-2013, 11:46 AM   #7
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,424
Blog Entries: 6

Rep: Reputation: 796Reputation: 796Reputation: 796Reputation: 796Reputation: 796Reputation: 796Reputation: 796
Quote:
Originally Posted by taylorkh View Post
Thanks folks. I had heard of hushmail in the past although it was generally in reference to its use by "less desirable" on the Internet. It appears that they are a legitimate company. Their FAQ tells me that email from one hushmail account to another hushmail account is encrypted all the way. I have not determined how/when/if email from a hushmail account to a non-hushmail account or from a non-hushmail account to a hushmail account is encrypted. I have asked the question and am awaiting a reply.

If I send an email to a non-hushmail account it would have to leave their server in plain text. Would it be stored on the server in the "sent mail" box in plain text or encrypted with my hushmail key? Same concern for incoming from a plain text account. I will update the thread if I hear anything back from my inquiry.

Ken
The body of message will be sent be encrypted with whom-ever's key you encrypted it to, regardless of recipient. ie. you encrypt to jerry@xyz
and mail to terry@xyz. Only jerry@xyz will be able to decrypted the encrypted body.
terry would be @**out, and most likely see garbage.

Quote:
Originally Posted by taylorkh View Post
Their FAQ tells me that email from one hushmail account to another hushmail account is encrypted all the way
Ken, technically this may be accurate relating to traffic and mail delivery, but that does NOT mean all bodies of all hushmail transmissions are encrypted.

Quote:
Originally Posted by taylorkh View Post
Would it be stored on the server in the "sent mail" box in plain text or encrypted with my hushmail key?
outbox should only contain encrypted body-of-message(s) since it is encrypted before it it processed into the "outbox".
...NO, not with your hushmail key, the recipient's key'.

I hope this helps.
 
Old 03-12-2013, 08:56 AM   #8
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,192

Original Poster
Rep: Reputation: 96
Thanks Habitual,

I received a reply to my inquiry from hushmail. Email arriving at their server in plaintext or leaving their server in plaintext is stored as plaintext. That in a way is worse than my current ISP which (claims) that all email stored on their server is stored encrypted - except that a zillion droids at their call center have access to all email account passwords.

As to email being "secure" I have played with gpg and Enigmail. Such email is encrypted end to end and any copy stored on an email server requires the recipient's private key to decrypt. However, I to not correspond with other folks who use encrypted email so the capability does not accomplish much.

Thanks eyeofliberty,

riseup.net - I think I will pass on the black helicopters for the time being (or use tor)

lavabit.com looks promising - I will take a closer look.

Ken
 
Old 06-20-2013, 02:05 PM   #9
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6 on my desktop, Ubuntu 12.04 LTS on my server, Ubuntu 12.04 on my netbook and the wife's PC
Posts: 1,192

Original Poster
Rep: Reputation: 96
I thought I had posted previously that lavabit looked excellent. However, back in March they were not accepting new accounts. I checked today and new accounts were being accepted and I now have one I think it will address my concerns.

Ken
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Email provider, browsing history privacy? lugoteehalt Linux - Security 9 08-21-2011 09:11 PM
Looking for VPS Provider recommendations in the USA manyrootsofallevil Linux - Server 2 08-18-2011 04:34 AM
Email provider? DaBlade General 8 06-26-2008 02:08 AM
Shell provider recommendations entz General 0 04-05-2007 02:46 PM
i need a free and secure email provider thrustan General 12 03-10-2005 04:58 AM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration