Looking for recommendations for a good secure email provider
Not exactly a Linux question but I trust the expertise here and would just as soon go with a Linux friendly provider. Here is the situation...
My DSL ISP of course provides "free" email as part of the package. It generally works OK. Last evening one of my account would not authenticate from Thunderbird on CentOS 6. This happens some time but usually clears in a couple of minutes. This time it persisted. I called the ISP's tech support. The tech support personnel have access to customer email credentials in PLAINTEXT on their server. This is of course a significant security/privacy concern. I worked in senior IT positions at a Fortune 250 company for 18 years. I NEVER had access to client credentials. I could reset them but not see them. And I NEVER accessed applications using the clients' credentials. In trying to investigate my issue, the tech support rep configured an email client on a test PC with with my credentials. This managed to connect to the POP3 server and download some of my email to the PC. He had no way to securely delete the data from the test PC. So, I am looking for a new email provider. The criteria are: Email stored on the provider's servers is encrypted Secure (SSL, TLS etc.) connections available to the email server Support personnel do NOT have access to client credentials nor to unencrypted email on the servers. Can anyone offer any recommendations? TIA, Ken |
|
hushmail is great.
starter setup not so much. Subscription gets you IMAP access and more room. |
Thanks folks. I had heard of hushmail in the past although it was generally in reference to its use by "less desirable" on the Internet. It appears that they are a legitimate company. Their FAQ tells me that email from one hushmail account to another hushmail account is encrypted all the way. I have not determined how/when/if email from a hushmail account to a non-hushmail account or from a non-hushmail account to a hushmail account is encrypted. I have asked the question and am awaiting a reply.
If I send an email to a non-hushmail account it would have to leave their server in plain text. Would it be stored on the server in the "sent mail" box in plain text or encrypted with my hushmail key? Same concern for incoming from a plain text account. I will update the thread if I hear anything back from my inquiry. Ken |
|
Okay, the bottom line really is that "email is not secure." It wasn't designed to be. Although SSL is customarily used when connecting to an e-mail server, it shouldn't really be considered a surprise that a technician at the central office can find the plaintext password.
If you need secure email, you need to secure the mail. Privacy Enhanced Mail (PEM). |
Quote:
and mail to terry@xyz. Only jerry@xyz will be able to decrypted the encrypted body. terry would be @**out, and most likely see garbage. Quote:
Quote:
...NO, not with your hushmail key, the recipient's key'. I hope this helps. |
Thanks Habitual,
I received a reply to my inquiry from hushmail. Email arriving at their server in plaintext or leaving their server in plaintext is stored as plaintext. That in a way is worse than my current ISP which (claims) that all email stored on their server is stored encrypted - except that a zillion droids at their call center have access to all email account passwords. As to email being "secure" I have played with gpg and Enigmail. Such email is encrypted end to end and any copy stored on an email server requires the recipient's private key to decrypt. However, I to not correspond with other folks who use encrypted email so the capability does not accomplish much. Thanks eyeofliberty, riseup.net - I think I will pass on the black helicopters for the time being (or use tor) :) lavabit.com looks promising - I will take a closer look. Ken |
I thought I had posted previously that lavabit looked excellent. However, back in March they were not accepting new accounts. I checked today and new accounts were being accepted and I now have one :D I think it will address my concerns.
Ken |
All times are GMT -5. The time now is 03:34 PM. |