Is this secure email?

gvisoc

Well-Known Member
Joined
May 29, 2020
Messages
282
Reaction score
314
Credits
2,804
Gotcha, thanks do you have a VPS you recommend or place to start on this?
The domain is, or can be, a separate thing from the hosting.

What I did was to purchase the domain somewhere with a proper DNS control panel (personally I use Cloudflare, which is very cheap -- US $8.57/year for a .com), and then create DNS records to point the mail extensions to your hosting, which can be managed by third parties or on a VPS. You can point the mail extensions of the DNS to a VPS, and the web to others. It's quite flexible.

All my email hostings are managed by third parties on which I trust, so I will leave the VPS part of the set up for others to recommend.
 


f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,082
Reaction score
2,838
Credits
29,478
If you don't have any experience setting up and hosting your own mailserver than you will have an easier time using a trusted third-party as mailhosting provider, it will take a lot of time if you haven't done it before.
 
Last edited:

gvisoc

Well-Known Member
Joined
May 29, 2020
Messages
282
Reaction score
314
Credits
2,804
Ok I am confused on this issue. When you send protonmail to a NON-protonmail person, it gives you the option of an encryption password. Doesn't this mean by default, most email across different domains is NOT encrypted? Like protonmail to randomsite.com?
What happens is that the mail protocols use best effort encryption and the TLS encryption only works in transit. If your message trip has several legs, there's no warranty that a given network equipment (e.g.: a gateway), won't terminate the TLS tunnel to create another one.

In that "in between" gap between TLS tunnels, your email is cleartext. It can end in a log, in a cache,...

With end to end encryption (protonmail's or PGP based) you encrypt the message before the TLS tunnel, so it never is shown in cleartext until it reaches the destination user's email client.

What protonmail does is:
  1. Encryption at rest, using a zero knowledge model. Only you can decrypt your inbox. This is always active and it means that you can trust on the email storage.
  2. If the destination is a protonmail address, it will give you transparent end to end encryption that also includes the email metadata (destination and source email addresses, subject,...) and not only the body.
  3. If the destination is not a protonmail address, you can:
    1. apply that thingie thing of a password you mentioned. In this case, what is really sent is an email with a link to a static page with your message, that never leaves protonmail.com. The destination can click the link and input the password. That is proven to be inefficient and super confusing, because unaware recipients can think that it's a phishing email, even if you've sent them a password through an unrelated channel. Clicking a link that asks for a password! Ha!
    2. Use PGP / GPG Encryption if the destination has a PGP key available. Few people has.
    3. Use protonmail as a regular email provider and do not send sensitive information.
In general, 3.3 defines the 99.999% of the cases and "do not send sensitive information" should be taken as a hard rule. Email, as a service, is designed very poorly and has the same level of privacy as a postcard (those picture things that do not have an envelope).
 

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
606
Reaction score
546
Credits
4,254
I've used Proton mail and what has been said is true just don't use email for sensitive communications. There are other much more secure means for that. Proton provides a good service. and it's fairly secure for most normal things.
 

KGIII

Super Moderator
Staff member
Gold Supporter
Joined
Jul 23, 2020
Messages
4,513
Reaction score
4,189
Credits
36,208
Ok I am confused on this issue. When you send protonmail to a NON-protonmail person, it gives you the option of an encryption password. Doesn't this mean by default, most email across different domains is NOT encrypted? Like protonmail to randomsite.com?

If I'm reading correctly (I do not use their services) it's encrypted by default and you must manually choose to send it in plain text. Being sent in plain text is different than yesteryear, in that it's still encrypted during transit (with any reputable service). So, most people use the defaults in all applications. One could make a reasonable assumption that their mail is encrypted the entire time

The person that opens it at the other end is perfectly free to do whatever they want with it. Including publishing/sharing it in plain text and unencrypted.
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Members online


Top