Wanted: Most secure unencrypted email solution

Dear lazy web,

Thanks to the global surveillance disclosures, I am searching for a secure email solution. Using end-to-end encryption seems to be the only secure solution to keep the email content private, but it does not protect your email header. End-to-end encryption has the big drawback that the communication partner has to use it, which is rarely the case. I want to communicate as secure as possible even with people that do not use end-to-end encryption. What is the most secure unencrypted email solution?

Should I rent a (virtual) server in my country (Germany) and run my own email server on it? Do you know any reliable, inexpensive server host for such use case?

16 thoughts on “Wanted: Most secure unencrypted email solution

  1. Your own mail server solution won’t work. The NSA is intercepting and obtaining the data directly from the internet backbone. Encryption is your only hope.

  2. What’s the point if your traffic is still montored? Either you go for the darknet completely with your correspondents or you might as well just leave it as it is.

  3. What I do:
    * rent a virtual server in a country where I am not resident, and for which I do not have a passport. (This makes it more difficult for the aforementioned governments to gain legal or quasi-legal access to the server.)
    * I secure all my connections to the mail server with SSL: StartTLS over SMTP, IMAPS, POP3S.
    * I run a VPN on the server, and make all connections to the server through the VPN, which conceals my IP address.
    * wherever practical, I use an e-mail address that does not contain my real name.
    * optionally rent your VM from a provider that accepts Bitcoin (there are starting to be quite a few) and use a pseudonym 😉

  4. Most emails go through all kind of relays anyway. And your communication partners will use gmail or web.de or other non-trustworthy services. As long as you neither can’t control the other end nor the communication way, it’s not worth the trouble to setup a server. Just use GnuPG whenever possible, pester everybody and their pet cat to do the same. And let’s hope that the meta-data problem will be addressed in the future. AFAIK, Tor people and others are working on that issue. Consider helping them!

    • Agreed. We should certainly do everything that we can to improve the privacy situation. If the NSA could obtain everything they wanted from packet sniffing on the backbone, why would they be requiring Yahoo, Google, Facebook, etc to give them backdoors?

      Clearly, packet sniffing is not useful, when you want to look at a collection of a particular subjects emails, which is why they need access to the server. By using a private server, you are denying them this data.

      I run snowweb.net and provide an email service there. I’m willing to register a domain for you and configure it to work with our service or you can use ours. I will never cave to pressure from spooks.

      I’m British, living in the Philippines, with server in Netherlands. I accept payment by paypal or Bitcoin. http://www.snowweb.net (use our contact page to contact me)


  5. Probably host the server as close to home as you can. Ideally inside of it, where law enforcement typically needs a warrant to conduct a search; certainly not a major email or cloud provider where it is so easy to do this sweepingly and in secret. Otherwise perhaps host the mailserver at your ISP for Internet access (since you trust them to some extent already). Or another hosting company as close as possible in terms of where the peering points and communication links are. By doing this, as much traffic as possible remains ‘local’ and so less likely to transit the largest, international peering points where it is most cost-effective to install surveillance equipment (e.g. all landing points for fibre links into/out of/between the United Kingdom and United States).

    Many SMTP hosts will offer to negotiate TLS after connecting. The major email providers and some well-known German email providers support this (but each makes their own choices about which cipher suites to try). As long as you’ve enabled TLS yourself (maybe all you need is to generate a self-signed key+cert), you get free protection against passive eavesdropping. (A more invasive MITM attack would simply negotiate ‘no support for TLS’ at either end or fake its own certificate – but you’d also have to worry about your domain’s MX records being spoofed in this case).

    You could even set up a minimal ‘satellite’ TLS-capable inbound MX at a hosting provider, which simply relays mail to you (again with TLS, or through VPN or other) to wherever you wish to hold the actual mailbox contents. In the extreme, you could set up multiple of these, even in multiple countries, use GeoIP tricks or similar to funnel incoming mail to an MX in that country, then forwarded the rest of the way to you over end-to-end VPN link…

  6. There are two aspects security and anonymity. Anonymity is sending mail in aspect that it can’t be tracked where the mail is coming from. Security is about encrypting the content of mail. If both are required then you have serious problems to solve.

    If you can’t control ALL of the servers mail go through, then there is no point of having any other solution then end-to-end encryption. The wast majority of mail is send to users OUTSIDE of the company, outside of the control.

    Protecting the mail server with SSL is just one part of solution. This will only protect eyedroppings inside internal network. When mail leaves your company mail server it will leave unencrypted to next mail server through lots of routers. This also does not protect your mail content against your company mail administrators who can still see the clear text mails. Also does not protect you against a court warrant to get access to mail server. Encryption is only done from mail-client end-user computer to mail server. At mail server (SSL server at mail server). Mails are unencrypted at mail server (so mail administrator eyedropping) and then send in clear text to other mail servers outside the company.

    If you rent a server in abroad, you can send a anonymous mail but content of mail can be easaly eyedropped. Properly strong end-to-end encrypting mail to fight against eyedroppings is only solution.

    You can have a encrypted tunnels like VPNs, SSH tunnels or similar, but this will only help inside corporate network.

    To get to the bottom of the problem, you need to first specify who are you fighting against and what is important security and anonymity or just one of them.

    • SSL/TLS happens in two places. One is in the client->server submission, which is what you mentioned here.

      Another place is server-to-server; gmail.com, hotmail.com, yahoo.com, gmx.de all negotiate TLS when delivering mail to a server supporting it. So there *is* protection against eavesdropping as mail is routed over the Internet, between countries. But it is a passive protection only; MITM attacker could prevent TLS being negotiated for example. Providers also vary in the strength of cipher suites they support/prefer; Microsoft typically uses only RC4-MD5 whereas gmx.de recently enabled AES modes with Perfect Forward Secrecy.

      • Outstanding! Thanks for the tip.

        In my Postfix installation, incoming e-mails from google do seem to use TLS by default. But outgoing not! After the addition of these two lines to /etc/postfix/main.cf:

        smtp_tls_security_level = may
        smtp_tls_loglevel = 1

        For an outgoing e-mail to a gmail account, I now see in my mail.log:

        postfix/smtp[32148]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[]:25: TLSv1.1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)

        It would seem that running one’s own e-mail server is an even better idea then I had thought. 🙂

  7. … forgot to write about cloud providers. Working with any kind of public cloud providers is not secure at all. You can’t never protect yourself against cloud mail administrators. Also if you send mail to Google’s Gmail or Yahoo mail or similar then you are in the same problem of fighting against cloud administrators. There exist browser plug-ins that can encrypt/decrypt Gmail mail, but your communication partner also must have this solution.

    In my humble opinion if security is required then the only way to securely send mails is to do it with strong end-to-end mail encryption.

    To send mails with anonymity (protect network packets headers) you need to use some anonymity network e.g. Tor. But in this case your communication partner also needs to use this type of network. Probably even harder then end-to-end encryption.

    You have to face it, mail was NOT DESIGNED to be secure, like web servers with SSLs.
    If you are required secure & anonymous communication then you probably need some other way to communicate…

    One more thing I have remembered. If using encryption then you actually can even LESS protect yourself against law, because encryption+signing PROVES that you sent a mail. To fight against this kind of problem there is only one thing coming on my mind: chatting with off-the-record messaging e.g. Pidgin with OTR plugin. This protects against PROVING that you sent/received the chat message.

  8. You might want to take a look at LEAP: https://leap.se/en

    One of the core idea is to make it as easy as possible to setup your own LEAP provider. For the email part, emails are stored fully encrypted (headers included) and gets decrypted within a local IMAP proxy The project is close to its first release.

Comments are closed.