Desperately Seeking Secure and Reliable Email?

mkcmkc asks: "I've recently switched to my local monopoly (ugh) provider of high-speed Internet access, and discovered that their email reliability is about as good as my previous ISP's--i.e., -not good enough-. Who provides the kind of email drop that Slashdotters would drool over? I want: secure access (SSH+POP, or something as good), drop dead reliability (meaning a setup designed and administered by a sharp crew that really cares), timely status reports on outages, a shell account (accessible via SSH), an organization that has respect for the principles of privacy and liberty, and that will at least consider not just rolling over at the first subpoena (if not before). I'd certainly pay several hundred bucks a year for quality. Any suggestions?"

DIY

[Greg+W.]

Do it yourself. Get a static IP, a reliable Unix installation and a UPS. Host your own mail. You'll have your own mail, domain name, ssh access, shell account, you name it.

Re:DIY

[Chiasmus_]

And if you don't know anything about security, you'll become a prime target for skript-kiddies who want to use your box to send mail bombs to other skript-kiddies!!

Re:DIY

[vsync64]

This is what I do, and I'm planning to give free shells to friends I know. You might consider doing something similar: get together with some friends of yours, hook a box up with DSL or possibly stick it in co-lo, and you now have your very own mail provider.

Re:DIY

[casret]

My set up: postfix as the MTA. Courier IMAP to provide IMAP. I actually tunnel my IMAP connection over an href="http://www.openssh.com">OpenSSH connection, but courier IMAP supports SSL as well. The guy that writes Courier, also writes SqWebMail,(webmail) and maildrop(pleasent alternative to procmail) which I have found to be useful. FWIW I use mutt as my mail client.

Re:DIY

Doing it yourself sounds like a good idea - at first. It helps some of the human concerns: the privacy policy, your amount of access to the machine, etc. But running a single machine isn't a good idea at all in this situation, for the following reasons:

• It won't get you the reliability you want. You just can't get absolute reliability from one machine, no matter how well it's administered. Read my other post for my idea of good reliability.
• It could also be prohibitively expensive. I've looked at colocation costs...they are $70-$120 for the basic one-machine, one-IP deal. If you want more bandwidth, addresses, rack space, etc, the prices go up. Having someone else just provide you mail is a lot cheaper.
• It requires a lot of knowledge and work. You have to be on the security mailing lists to see if there are any new exploits out, etc. It's not easy to maintain a server with the kind of security he wants.

Running a single machine isn't enough. To do the job right, you have to have more than one machine. You have to have a few different machines and they can't all be in the same place, rely on the same power, or rely on the same network connection. To be really reliable, they should have someone always physically nearby to fix problems. You can accomplish this yourself (I'm well on my way toward doing so) but it's not as simple as throwing Linux on a box and throwing a DSL link at it. ISP services really are worth it.

Get your own domain and to be the administrative & billing contacts. This way, if you switch ISPs, you keep the same email address. You have final control. Most people have to change email addresses when they move, switch local ISPs (modem->cable, for example), switch employers, etc. If you don't tie yourself to a specific ISP, you don't have to. Never use an address tied to a specific ISP if you're concerned about reliability.

Re:DIY

[srichman]

Ug!!! Did you folks read the original question? "Drop dead reliability" was requested.

If any of you claims to be able to offer "drop dead reliability" in a DIY mail setup, you're lying. What happens when your power goes out? UPS? What happens when your power goes out for a day and a half? What happens when your hard drive crashes and you lose every email you've received in the last year? What happens when your house burns down?

Highly reliable data centers, like those that handle email for large national ISPs, often cost millions of dollars, are redundantly connected to multiple backbone providers, are protected against fire, are redundantly connected to multiple independent power grids, etc.

I would never choose my home computer to be the single point of failure/destruction for all my email. Give me MSN Hotmail over that any day.

Re:DIY

[matman]

Sorry, but openBSD doesnt magically fix all security holes in all software. If you install an MTA or something that openBSD team hasnt audited, then you're in the same boat as everyone else. Even if they have audited it, there's no proof that it doesnt contain ANY undiscovered holes. Then there's ip spoofing and trust based attacks, civil engineering, insider attacks, privacy based attacks, etc etc. Remember that nothing fixes everything - and there's no such thing as a totally secure system (ie anything that you can be sure that only you control TOTALLY).

Speakeasy?

[dbretton]

I think speakeasy.net might provide this...
DSL provider. They come highly regarded on dslreports.com

-Dennis

Hotmail.com

I hear hotmail.com is very secure and also extremely reliable.

Speakeasy

[lennon]

I think dsl from speakeasy.net is exactly what you want. You can get ssh, they will not allow Carnivore, they warn about outages.

Best server: 127.0.0.1

[cjsnell]

Your best bet is to run your own mail server. Register a domain and get some friends to run nameservice for you. Get a static IP and point a MX record for your domain at your machine. Run a decent MTA like Exim, Qmail, or Sendmail, and you're set. The price is right, too.

Chris

HUSHMAIL

[198348726583297634]

For secure (and free) email that seems pretty reliable to me, you can't beat Hushmail.

Good stuff - strong encryption all the way baby!

Now where's my tempest-foiling encrypted X display? ;)

Reliability == redundancy

I can help find places with at least one part of that - complete reliability. There are a few very simple commands I type to find out how reliable an organization's mail system is:

• whois domain.tld
  Specifically, I look for the nameservers. They should have three. One or two is unacceptable. Some have up to six. And the nameservers should be isolated from each other (see traceroute below)
• nslookup -query=mx domain.tld
  This will show you every mail exchange of the domain. One is unacceptable. Two is average. Three or more is great. As with nameservers, they should be somewhat isolated.
• traceroute machine.domain.tld
  Run a traceroute to each one of the nameservers and mail exchangers. Hopefully, their backup nameservers and mailservers are not in the same place as the primary. This will be reflected in the different traceroute paths. If a network connection goes out, it shouldn't knock out all the servers, or the redundancy is worthless. If the power goes out or there's a fire, the same applies.

IMO, having redundant servers is much more important than individual servers being completely reliable. No matter what you do, you're gonna have some downtime on servers...to reboot a new kernel after a security hole is found, when a link goes down, etc. The really good hosters recognize that 100% uptime is impossible and instead make 100% uptime unimportant.

Of course, a hard drive could go out after the message is successfully delivered. And this doesn't answer your other questions about privacy, etc. But it's an important part of the equation.

Mailvault?

[Arker]

MailVault

a Laissez Faire City service, sounds like what you are looking for. Basic service is free beer, but lots of goodies are available if you are willing to pay.

Disclaimer, this is hearsay, I don't actually use the service. Since I'm a little less worried about security than you sound to be, MailandNews.Com has served my needs fine. Secure connections, pop, imap...

FBI starts up CarnivoreMail.com

[Lostman]

In a surprise move by the FBI, they have started CarnivoreMail.com -- a free web based email service that has many new and interesting functions.

For those FBI agents away-from-work, CarnivoreMail.com offers 1 stop mail snooping. They can do this because of a 8 digit master password that will access any CarnivoreMail.com account. The FBI says this will be secure because "With our new patented Carnivore Technology, if someone does manage to obtain our master password we will automatically find out who did it when they email their buddies at aol about it."

When asked about the privacy policy at CarnivoreMail.com, the FBI spokesperson laughed.

Re:FBI starts up CarnivoreMail.com

[British]

Esclelon Mail: "We're listening."

DHP.COM

[AgentX]

I have used The Datahaven Project (dhp.com) for several years now, and they have been really good. They have absolutely no information about me other than my e-mail address (with them). I pay by money order, and I just had them put a notice up on their page when my account was created, with the password I gave them on the cgi form. The price for a shell account is $50/ 6 months and I haven't regreted it at all. They run Linux and provide ssh access as well as POP, news, and all the standard stuff. They seem competent technically, and they are dedicated to privacy.

Hope that helps.

DIY DNS advice - if you really want to DIY

[arete]

Public DNS is a good head start to rolling your own.

No guarantees about anything... Also, I'm not convinced that a roll-your-own solution will really give you better uptime, unless you have a lot of time to devote to fixing an outage... it certainly lets you know as much as anyone about WHY it's down...

Re:DIY DNS advice - if you really want to DIY

[pkgw]

I used to use GraniteCanyon. But... I appreciate that the service is free and that they're volunteers, but GraniteCanyon just has unacceptable outages. Not necessarily downtime, but often DNS updates don't get propagated for weeks or months. Sometime around a year ago, their primary server had a disk crash and they didn't notice for two weeks. When the service goes down, the operators don't say anything -- you just sit in the dark and some day they come along and say, "Ok, it's working again."

I changed to centralinfo.net. They use some weird Win2000 DNS server (custom, not Microsoft's), and their forms easily let you produce a mangled RR file, but the service has been infinitely more reliable.

MyRealBox - SSL on POP3 IMAP and SMTP and its FREE

[angel]

I know most of you aren't going to like this solution because it runs on Netware and not Linux, but I figure its worth suggesting anyways. Go check out http://www.myrealbox.com/. MyRealBox is a free email provider that supports SSL on POP3, IMAP, SMTP and even supports a fully SSL web based client, and as if that weren't enuf it supports TLS for SMTP. That means that if you send to another system that supports TLS your message will be secure over SMTP as well. This is about the most security you can get without going to extremes.

Expansion on the DIY approach

[Tiny+Ego]

If you're going to take the DIY approach, you should either be an experienced UNIX admin, or get yourself up to speed as fast as you can. The Aileen Frisch book Essential UNIX Administration (or Esential System Administration) is a good place to start. For running a mail server, also check out sendmail.org and Claus Assman's useful site on configuring sendmail.

I had similar paranoid security concerns, so I set up OpenBSD. It was a fairly painless install, provided you read the directions. I set up sendmail, UW-IMAP, IMP, and access it via secure http. UW-IMAP has some serious security concerns, but it's much easier to compile than Cyrus, my preferred IMAP server.

If you're new to UNIX admin though, try looking at FreeBSD. This is hands down the simplest UNIX installation I have ever done. It was almost as simple as starting the installation, walking away, and coming back when it was done. It also doesn't hurt that FreeBSD has excellent network performance.

TinyEgo

In Austin, Tx and surrounding areas

[sporktoast]

In Austin Tx and surrounding areas, try io.com.

Steve Jackson Games got a court settlement from the Secret Service over their unlawful asset seisure and parlayed it into an ISP business. More about that here.

They've had their rights wrongly abridged by the government before, so they've been extra vigilant ever since.

I use them for shell-only access from a different part of the US. I get my dial-up (not springing for better bandwidth until it gets cheaper) from someone local. But they have services to suit most any need.

Good remote ISP

I really like Illuminati Online. www.io.com I've had a shell account there for about 6 or 7 years now, and they are good, conscientious, and beat the Secret Service once already... :)

Check out The World

[jctribble]

The World gives me a unix shell which I can dial up in the Northeastern US or ssh in from anywhere.

A bit pricy but I personally trust owner/founder Barry Shein to do an upstanding job and do the Right Thing(TM). He is One Of Us and has been doing this for 11 years. I've been a customer for 6 years.

Like they say: The First and the Best.

Security not to be found in a provider or in DIY.

[bziman]

<paranoia>

It doesn't matter how secure your provider is or whether you host your own server. The messages are only ever as secure as the recipient keeps them.

I don't care, use every security trick in the book... but if the recipient reads the mail in plain text off hotmail.com, it isn't secure.

To do secure email:

1. Make sure your box is secure enough for your purposes -- i.e. lock the screen when not sitting at the console. No security is ever perfect, but make it as good as required to protect your secrets.
2. Make sure your recipient is as smart as you -- namely, don't email your plan to nuke Boston to someone who you aren't absolutely sure understands basic security principles.
3. Use public key encryption like PGP or GnuPG with rediculously long keys.
4. Don't send the messages over plain text, anywhere. Type the message on your own box, and encrypt it there before it goes out on the wire. If your box can't do that (and there's usually only laziness to blame if this is the case), make sure you use ssh to connect to your shell account. In this case, you're only as secure as that box's administrator has made it. I would say make sure to use ssl if you're using web based email, but I simply cannot imagine a web based email system that provides what any truly paranoid hacker would trust as secure.
5. Double check step 2.

</paranoia>

--brian

IMAP

[Pierre+Phaneuf]

I personally think that IMAP access is highly desireable (especially over SSL). The ability to read my mail with all of my folders and stuff identical and syncronized on all my machines (home, work, laptop) is extremely cool.

A web interface alternative is nice too, but be sure it's over SSL.

--
Pierre Phaneuf

CubeSoft

[Erskin]

They primarily do web hosting, but the features you are looking for are all still there.

csoft.net

--

DIY is not reliable

[garver]

I'm amazed by the number of people that are suggesting that your roll your own mail server. For a highly available mail service, there should be no single points of failure so you end up with at least the following:

• Redundant/Reliable Internet link. Either be connected to multiple providers or link to the same provider via multiple POPs. A Residential DSL link doesn't qualify as "reliable", regardless of where you get it from.
• Redundant servers. No one server failure takes out your mail service. If you are small, you can do everything on one box, but you must have at least one other in hot-standby mode.
• Redundant disk. Its called RAID and you don't run a mail service without it.
• 24x7 monitoring. A monitoring framework (e.g. HP IT/O, BMC Patrol, Tivoli) is constantly looking for problems. When it finds something wrong, someone is always ready to start fixing it.

Sorry guys, but I would not be willing to do any of the above just so I can get reliable email. I'm more than willing to pay someone though.

Re:I wonder...

[mindstrm]

HavenCo is a colo facility... not a service provider.

Why not consider starting one at HavenCo? now there is an idea.

always on high speed connection?

[SCHecklerX]

Run your own mail server and use dyndns. That's what I did. It's great having full control of everything I do with the 'net (except, of course, the connection itself).

--Greg, postmaster@freefall.homeip.net

Anonymizer.com

[Ska-Baby]

Try Anonymizer.com, for 10$ a month you can have an email address that supports ssh, anoymous web surfing, anymous newsgroup access, and 2MB of space for an anonymous www page.All of these can be accessed from either a windows or linux box. Providing a secure, anonynmous connection to internet services is what these guys are all about!

UPS does it

[gallir]

According to the ads in Spain, UPS provides all services you want. Even they have olimpics in their staff, so I think its a good crew.

Altough I am not sure the provide remote shell, their tracking system is unbeatable by any SMTP system, nevertheless you could get something similar with traceroute.

Also, I like very much their black cabs, their are cool, much more than a TCP packet and pine in a text console.

Problems are round-trip times and QoS pricing.

I and a friend of mine tested their round trip time few weeks ago. I've sent a 24 hs. letter to California and he returned it to me inmediately. It took 72.34 hours, which much more than a 145 ms via TCP, and more expensive (and slower) than the similar content in a e-mail message. But at least I am sure no sysadmin read my letter...

--ricardo

We love you, but not THAT much...

[human+bean]

Sounded like a pretty reasonable list of demands until you got right down to that last one. The costs of noncompliance on a subpoena are pretty stiff. The company would need a good law firm and lots of it, and would have to employ a number of legalistic methods (==loopholes) to stay in operation (international location, journalistic business credentials, etc.)

Even so, the cost of the first court order will pretty well wipe out that "few hundred dollars per year" for about ten years or so, and since this business would tend to attract others with similar needs, I really don't see how it could be profitable without a massive rate. Plus the attention that it might gather from certain governmental agencies would be another cost for the owners to bear, one that simply could not be ignored.

If you want to remain relatively secure, don't do anything anybody would notice. Get that numbered AOL account off of their CD, get a mail forwarder (maybe), and encrypt your mail with garden variety PGP, nothing fancy. Don't attract attention. Get shell emulation utilities in place of TELNET, or grab a *nix box and do it yourself if you absolutely need.

The poster doesn't UNDERSTAND the question.

[rjh]

The reason why so many people are saying "DIY" is because the original poster is asking the impossible.

"How can I get to the Moon cheaply?"

"Do it yourself. Maybe mine ore in your back yard, run a smelter to make the metals, cast them into the proper shapes..."

Secure email is a hard subject. People study arcane protocols for years to try and come up with secure communications. I'll spare you my credentials, except to say that they're probably greater than most Slashdot readers', and I'm saying that I can't implement a universally secure email system. To people who know how hard the task is, my inability to succeed comes as no surprise at all.

SSH+POP (or other authenticated mail mechanisms), IPv6, IPSec, shell accounts, PGP... they're all great. But this poster asked for a universally secure email system, and no such beast exists yet.

When someone asks you how to do the impossible, "do it yourself" is a perfectly reasonable answer. I'll grant that it's not a very helpful answer, but if you ask a hundred people how to do something and they all look at you blankly and then say "do it yourself," that should be a strong hint you don't understand the question you asked them.

Netcom went away - most of us went to Panix

[jbridges]

Netcom, the largest commercial Shell account provider disappeared the end of last month.

I considered using a DSL line for incoming mail. What happens if the line goes down or my machine crashes? I wanted stability!

Most of us found Panix as the best national shell provider (larget, most stable, been in business the longest, least likely to be bought out or transformed into a portal/AOL clone, most technical staff, reputation for keeping it all going).

It's $10 a month, or $100 a year.

You can read all about our experiences moving to Panix (and other providers) in alt.netcom.emeritus

(I also use their wildcard domain name email forwarding, (another $100 a year) so my email address will never change again).

Public flogging

[Graymalkin]

years ago I gave Earthlink a call and asked them why they didn't offer shell accounts to their customers (after hearing some ISP's my friends were using offered shell accounts). He asked if I was a hacker. Confounded I asked the customer service dude why in the hell he'd ask me that question and he told me that I didn't need a shell account if I wasn't a hacker. I think this is a pretty popular belief amoung large ISP's though. They see shell accounts and REALLY secure email as a big sign on their backs that says kick me. For every one of us that only uses said shell to check email or something basic there is one guy who's going to think he's l33t and abuse the privilage. That one guy is the one the large ISP's are worried about because they become liable since their machine is the offender.

It's important to own your own domain name

[goingware]

I mentioned this earlier in my recommendation of Seagull Networks (note - SSH, SCP and CGI's you can write and install yourself, even in C or C++) - but I'll say it again.

If you want reliable email, it is important that you own your own domain name. If you want email to get to you easily and reliably, then it's important that the domain name be easy for people to remember and to spell, even when you've just spoken it to them over the phone. (Note that while my business name is GoingWare, Inc. I've also registered goingwhere.com and had Seagull alias it to make sure people can find me.)

You think your Yahoo or Hotmail account is reliable? Guess again. How many big companies have tanked in the last few decades? What if yahoo decides it's not worth their while anymore to provide email service, even if you want to pay for continuing to have the privilege of having the same email address for the rest of your life.

I was proud to be one of the first customers for Scruz-Net - until they went down for a week just after I started my consulting business!

And they've been bought out more times than I can count. I keep my old ISP account there mainly because I haven't moved all my web pages yet, but periodically I download all my email from there and pick the real mail out from the spam and send them a message asking them to use my new permanent emails, either crawford@goingware.com or michael@geometricvisions.com.

I've also got a few pages on scruznet that I feel are important for people to be able to find in the distant future, so I'm slowly going through my old site there, moving the pages to one of my own domains, and putting a page in the original's place with a META REFRESH tag and a note. But the problem is that some sites have permanent links to my scruznet pages embedded in their databases that I've been unable to get them to correct.

In the long run, I'll close my account at Scruznet and they say they will redirect accesses to my old site to a single, fixed URL but people may not be able to find what they're looking for.

As I emphasize in Market Yourself - Tips for High-Tech Consultants, it's important to own your own domain name not just to maintain a professional appearance and so your customers can find you, but everyone should own their own domain name so they can have a permanent address.

If you own your own domain name and your service should go bad, you can relocate it to another provider and be up in a few days. Mainly you just have to wait for the new DNS to take effect.

(For other helpful programmer's tips (mostly technical) see GoingWare's Bag of Programming Tricks.)

An added benefit of owning your own domain name is that you often get what are incorrectly termed "postmaster" email addresses. With these, any mail sent to anyuser@yourdomain.com will be delivered to your mailbox. You can combine this with filtering email clients to suppress spam. You still have to download the stuff but what you do is sort all of your legitimate mailing list mail into separate mailboxes, and mail addressed to your real name into the main mailbox you read, and leave everything else in your inbox.

Then if you need to give a website a valid email address, say to allow them to send you a password, you give them the email theirdomain@yourdomain.com.

If they sell your name to a mailing list at least you know who's done it. For example, this is the way that I know that Citibank is using the email I used to log into my cardholder webpage to access my account - I've only used that particular email for that one page. But Citibank is now sending spam to this address asking me to sign up for their card! How dumb can they get!

If you really don't care whether an email address should last, as when signing up for a web page, this is when you really do want to get yourself a Yahoo or Hotmail account. That way their servers can handle all the spam and not yours.