We are still actively working on the spam issue.

Email

From InstallGentoo Wiki
Revision as of 21:41, 19 October 2015 by Ebay (talk | contribs) (Add Encryption section)
Jump to: navigation, search
Cleanup.png
Cleanup.png
CLEANUP CANDIDATE
Relevant discussion may be found on the talk page. Reason: No reason specified.


Email Providers

Self hosting is the only way to fully ensure the privacy and security of your email. Entrusting a third party to store your data on their servers always introduces some risks. Even the most trustworthy providers may be forced to turn over user data in response to a court order. We have seen this happen in the case of Hushmail and Lavabit (Edward Snowden's email provider).

However, in wake of the NSA spying scandal several privacy focused email providers have surfaced. Some notable ones are:

These providers use browser based client-side encryption. Their code is open source, so it can be easily audited. Email between users of their service are encrypted automatically. Sending encrypted email to outside users is also possible via a link with a password and password hint. This provides a high level of convenience because no additional software installation or technical knowledge is required. When a higher level of security is required GPG/PGP is still the gold standard.

For a full list of providers which respect your personal freedom check out Privacy-Conscious Email Providers.

Email Encryption

The FSF's guide to email encryption

PGP is an acronym for Pretty Good Privacy. It is software that provides both encryption and authentication. GPG or GNU Privacy Guard is a free implementation of it. Although PGP has been around since the 1990s, it is not widely adopted because of the steep learning curve required to use it. Nevertheless, it can be a very effective tool for protecting email communications. Some software installation is required, but it can be used with any existing email account.

To learn how to use PGP see the following guides:

Email Clients

Recommended_software#Email_Clients

Self Hosted Email

See also: Setting_up_a_Server#Setting_Up_Email

The only way to have full control over your email is to host your own mail server.

DNS

MX Record

A Mail eXchanger Record (MX record) specifies a mail server responsible for accepting email messages on behalf of a recipient's domain, and a preference value is used to prioritize mail delivery if multiple mail servers are available. The set of MX records of a domain name specifies how email should be routed with the Simple Mail Transfer Protocol (SMTP).

SPF Record

A Sender Policy Framework (SPF) record identifies which servers are ALLOWED to send email on behalf of your domain. The idea is to help prevent domain spoofing by spammers. If a spammer tries to use your domain to forge email, the receiver can check your SPF record and, if it doesn't match, reject it outright. These days most mail servers check for SPF records, and if they don't find one, they will also reject your mail - so you need one.

DKIM Record

A DomainKeys Identified Mail, or DKIM entry provides a 1024-bit public key, unique to your domain, that confirms that an email is actually from a legitimate account on your server. It is a complementary check to SPF records. It is not as widely used as SPF yet, but is in use by Gmail and Yahoo, and should be set up anyhow.

Mail Transfer Agent (MTA)

Postfix

Mail Delivery Agent (MDA)

Dovecot

Spam Prevention

SpamAssassin

Security

The email system is inherently insecure in many ways that will never be fixed, as it was designed in a time when passwords were rare, and IPv4 had so damn many addresses, we could never possibly use them all.

The best way to secure email is to use PGP, either by using the enigmail addon for Thunderbird, or by copy+pasting to a terminal and using gpg. This allows you to encrypt and sign email, providing confidentiality and authentication, ensuring that only the recipient can read it and that it did indeed come from you.

External Links