A Good, Secure & Free E-mail Provider??

[Nick R]

Originally Posted By: badtlc
Originally Posted By: Nick R


Child predators and people sharing child pornography have gone to jail because of it- something I have no issue with. And if anyone truly thinks anything you put on the internet is safe, anywhere- they are being naive. Personally, there are few enough corporate entities I trust with my personal information, and google is one of the few.


There are plenty of ways to send and store secure data on the internet. It just requires some due diligence by individuals.

Personally, i run my own VPN server linux box and route everything including my mobie phone data through it no matter where I am in the world. I know connections between that box and places I use for secure data transfer/storage are secure because I control the encryption at every level.

And not everyone is OK with the ends-justify-the-means mentality of modern society that results in the loss of civil liberties.


There is a fine line regarding this issue, and as far as I'm concerned, computer algorithms that search my email for such images, and use them to target ads at me, are within the boundary of what I personally consider acceptable.

 

[Garak]

Hushmail is another option.

 

[Turk]

I don't care about all that stuff & have nothing to hide, I just want an e-mail provider that:

- Is not a fly-by-night operation.
- Secure so hackers, etc. don't really target it/me.
- Is free.
- One so I can have an easy & short name.

That's all.

 

[Hokiefyd]

Originally Posted By: Turk
I don't care about all that stuff & have nothing to hide, I just want an e-mail provider that:

- Is not a fly-by-night operation.
- Secure so hackers, etc. don't really target it/me.
- Is free.
- One so I can have an easy & short name.

That's all.

I've been through this before. I use both Gmail and Outlook.com. Without the personal investment of time and/or money to set up your own server and keep it running, there's really no such thing as "personal"; I get that, I acknowledge that, and I'm okay with that. Gmail and Outlook both are backed by major corporations, are both reasonably secure, are both free, and both allow you to choose your own user name. If it's Gmail, it's @gmail.com. If it's Outlook, it's @outlook.com.

What matters more to me is integrated functionality with other services, such as online productivity (Gmail has Google Docs, Outlook has Office online), calendars (both have calendars), contacts (both have contacts), and cross-platform integration. Both fully support all types of OSes and mobile devices.

Quite honestly, I think the choice between these two boils down to which of the online drives/productivity packages you like better. If you don't use that, then it's likely a toss of the coin.

 

[javacontour]

No e-mail is secure. SMTP sends mail in clear text. As I've taught my kids, never send anything in e-mail that you wouldn't write on the back of a postcard.

In other words, don't send CC#'s SSN's etc in an e-mail.

Even with an e-mail provider you personally run, it's not private. Once you send it, the traffic can be seen by anyone on the network between the two SMTP servers exchanging mail.

 

[badtlc]

Originally Posted By: javacontour
No e-mail is secure. SMTP sends mail in clear text. As I've taught my kids, never send anything in e-mail that you wouldn't write on the back of a postcard.

In other words, don't send CC#'s SSN's etc in an e-mail.

Even with an e-mail provider you personally run, it's not private. Once you send it, the traffic can be seen by anyone on the network between the two SMTP servers exchanging mail.


You can encrypt SMTP data with TLS.

 

[MolaKule]

Quote:


And not everyone is OK with the ends-justify-the-means mentality of modern society that results in the loss of civil liberties.
.

 

[javacontour]

But who is to say every provider supports this?

I would not count on every SMTP server in the path a message takes to use encryption.

Originally Posted By: badtlc
Originally Posted By: javacontour
No e-mail is secure. SMTP sends mail in clear text. As I've taught my kids, never send anything in e-mail that you wouldn't write on the back of a postcard.

In other words, don't send CC#'s SSN's etc in an e-mail.

Even with an e-mail provider you personally run, it's not private. Once you send it, the traffic can be seen by anyone on the network between the two SMTP servers exchanging mail.


You can encrypt SMTP data with TLS.

 

[Garak]

Originally Posted By: javacontour
I would not count on every SMTP server in the path a message takes to use encryption.

Agreed. On a side note, my credit card company has apparently started using PGP/GPG when they need to send secure emails to clients. The only problem is that probably fewer than 1 in a 1000 people have the slightest idea how to use it.

 

[badtlc]

Originally Posted By: javacontour
But who is to say every provider supports this?

I would not count on every SMTP server in the path a message takes to use encryption.



I think you are a bit confused on hwo SMTP traffic works. The only two servers on a "path" that need encryption are the sending and receiving servers. Everything else in between is just a switch that does nothing but pass the packets on, not read them.

Many email providers use TLS encrypted SMTP now days.

 

[javacontour]

You are assuming there are only two servers in the path from the sender to the server providing the users mailbox.

Now, it's been a while since I've written a sendmail.cf file. But I do know that it's possible that mail will go through more than two servers.

There is also no way to know that any server on the path, even if it's just one, is using encryption.

Do you really think everyone out there is using the most modern, up to date servers?

Personally, I still believe the safest approach is to assume that anything I send in an e-mail is little different from what I might send on the back of a post card. If I'm wrong, little harm. If you are wrong about e-mail being sent securely, what are you risking?

Originally Posted By: badtlc
Originally Posted By: javacontour
But who is to say every provider supports this?

I would not count on every SMTP server in the path a message takes to use encryption.



I think you are a bit confused on hwo SMTP traffic works. The only two servers on a "path" that need encryption are the sending and receiving servers. Everything else in between is just a switch that does nothing but pass the packets on, not read them.

Many email providers use TLS encrypted SMTP now days.

 

[rjundi]

The "cloud" downfall is insecure email.

I amazed companies include my own clamour towards using a paid Google offering. Its not secure nor encrypted.

The client I work for uses antique Lotus Notes but it is fully secure with the boundaries of the corporate intranet. It can also send mail encrypted with its own proprietary encoding that was spec'd by the US government agencies.

I am floored companies are moving towards cloud based offerings for internal communications.

 

[badtlc]

Originally Posted By: javacontour
You are assuming there are only two servers in the path from the sender to the server providing the users mailbox.

Now, it's been a while since I've written a sendmail.cf file. But I do know that it's possible that mail will go through more than two servers.

There is also no way to know that any server on the path, even if it's just one, is using encryption.

Do you really think everyone out there is using the most modern, up to date servers?

Personally, I still believe the safest approach is to assume that anything I send in an e-mail is little different from what I might send on the back of a post card. If I'm wrong, little harm. If you are wrong about e-mail being sent securely, what are you risking?

Originally Posted By: badtlc
Originally Posted By: javacontour
But who is to say every provider supports this?

I would not count on every SMTP server in the path a message takes to use encryption.



I think you are a bit confused on hwo SMTP traffic works. The only two servers on a "path" that need encryption are the sending and receiving servers. Everything else in between is just a switch that does nothing but pass the packets on, not read them.

Many email providers use TLS encrypted SMTP now days.


It isn't the latest and greatest modern technology. It is more than a few years old.

And again, only two servers read the SMTP data. That is the sending and receiving SMTP servers. Everything in between is a switch directing traffic based on TCP/IP headers.

 

[javacontour]

Not necessarily. There can be intermediate MTA's exchanging messages via SMTP. I'm not talking about a TCP session. I'm talking about mail passing through a variety of SMTP servers for whatever reason. It could be how the ISP handles it. It could be how the company handles it.

There is no guarantee that there are only two SMTP servers and that they only communicate via a secure session.

Possible? Yes. Guaranteed? No.

Originally Posted By: badtlc
Originally Posted By: javacontour
You are assuming there are only two servers in the path from the sender to the server providing the users mailbox.

Now, it's been a while since I've written a sendmail.cf file. But I do know that it's possible that mail will go through more than two servers.

There is also no way to know that any server on the path, even if it's just one, is using encryption.

Do you really think everyone out there is using the most modern, up to date servers?

Personally, I still believe the safest approach is to assume that anything I send in an e-mail is little different from what I might send on the back of a post card. If I'm wrong, little harm. If you are wrong about e-mail being sent securely, what are you risking?

Originally Posted By: badtlc
Originally Posted By: javacontour
But who is to say every provider supports this?

I would not count on every SMTP server in the path a message takes to use encryption.



I think you are a bit confused on hwo SMTP traffic works. The only two servers on a "path" that need encryption are the sending and receiving servers. Everything else in between is just a switch that does nothing but pass the packets on, not read them.

Many email providers use TLS encrypted SMTP now days.


It isn't the latest and greatest modern technology. It is more than a few years old.

And again, only two servers read the SMTP data. That is the sending and receiving SMTP servers. Everything in between is a switch directing traffic based on TCP/IP headers.

 

[pandus13]

Originally Posted By: rjundi
The "cloud" downfall is insecure email.
I am floored companies are moving towards cloud based offerings for internal communications.

bean counters....
OK, OK
high-tech "latest fashion in technology" bean counters "we don't need no stinkin' IT department"-type

 

[LazyPrizm]

Originally Posted By: badtlc
It isn't the latest and greatest modern technology. It is more than a few years old.

And again, only two servers read the SMTP data. That is the sending and receiving SMTP servers. Everything in between is a switch directing traffic based on TCP/IP headers.

Entirely hogwash. Look at the mail headers of an email sent through a large enterprise, or something like a school with a multi-segmented network. MTAs can relay mail around to machines for filtering, archiving (when a legal requirement) or simply keeping departments on their own LANs with their own IMAP/POP/Exchange servers.

You're making an assumption about network security, and if you know anything about security, you can never make assumptions. One of the interesting things to come out of the Snowden leaks was that large corporations with servers in multiple locations (Google and MS, I believe) were not encrypting VLAN traffic. You can't assume anything about the security at that layer. Unless you can confirm all the servers are talking through TLS, the only safe assumption is that none of them are.

The only way to be sure is to have both ends use S/MIME or PGP, or do your shady business in meat-space (or somewhere out of band).

 

[javacontour]

Exactly!

Originally Posted By: LazyPrizm
Originally Posted By: badtlc
It isn't the latest and greatest modern technology. It is more than a few years old.

And again, only two servers read the SMTP data. That is the sending and receiving SMTP servers. Everything in between is a switch directing traffic based on TCP/IP headers.

Entirely hogwash. Look at the mail headers of an email sent through a large enterprise, or something like a school with a multi-segmented network. MTAs can relay mail around to machines for filtering, archiving (when a legal requirement) or simply keeping departments on their own LANs with their own IMAP/POP/Exchange servers.

You're making an assumption about network security, and if you know anything about security, you can never make assumptions. One of the interesting things to come out of the Snowden leaks was that large corporations with servers in multiple locations (Google and MS, I believe) were not encrypting VLAN traffic. You can't assume anything about the security at that layer. Unless you can confirm all the servers are talking through TLS, the only safe assumption is that none of them are.

The only way to be sure is to have both ends use S/MIME or PGP, or do your shady business in meat-space (or somewhere out of band).

 

[crazyoildude]

There is NO 100% private e mail or internet service... Remember that. If you want to say something to someone whisper it in someones ear and hope they don't tell...lol

 

[crazyoildude]

i still use aol on my home P.C. if someone wants to read my e mails or see where i go online they need a life lol. Do i think someone is watching me online? Yes, you would have to be living under a rock to think no one can see what you are doing online. It's very easy to snoop on someone.