Slashdot Mirror

← Back to Stories (view on slashdot.org)

Desperately Seeking Secure and Reliable Email?

Posted by Cliff on from the when-your-ISP-just-isn't-good-enough dept.

mkcmkc asks: "I've recently switched to my local monopoly (ugh) provider of high-speed Internet access, and discovered that their email reliability is about as good as my previous ISP's--i.e., -not good enough-. Who provides the kind of email drop that Slashdotters would drool over? I want: secure access (SSH+POP, or something as good), drop dead reliability (meaning a setup designed and administered by a sharp crew that really cares), timely status reports on outages, a shell account (accessible via SSH), an organization that has respect for the principles of privacy and liberty, and that will at least consider not just rolling over at the first subpoena (if not before). I'd certainly pay several hundred bucks a year for quality. Any suggestions?"

17 of 328 comments (clear)

  1. DIY by Greg+W. · · Score: 4

    Do it yourself. Get a static IP, a reliable Unix installation and a UPS. Host your own mail. You'll have your own mail, domain name, ssh access, shell account, you name it.

    1. Re:DIY by casret · · Score: 5

      My set up: postfix as the MTA. Courier IMAP to provide IMAP. I actually tunnel my IMAP connection over an href="http://www.openssh.com">OpenSSH connection, but courier IMAP supports SSL as well. The guy that writes Courier, also writes SqWebMail,(webmail) and maildrop(pleasent alternative to procmail) which I have found to be useful. FWIW I use mutt as my mail client.

    2. Re:DIY by Anonymous Coward · · Score: 5

      Doing it yourself sounds like a good idea - at first. It helps some of the human concerns: the privacy policy, your amount of access to the machine, etc. But running a single machine isn't a good idea at all in this situation, for the following reasons:

      • It won't get you the reliability you want. You just can't get absolute reliability from one machine, no matter how well it's administered. Read my other post for my idea of good reliability.
      • It could also be prohibitively expensive. I've looked at colocation costs...they are $70-$120 for the basic one-machine, one-IP deal. If you want more bandwidth, addresses, rack space, etc, the prices go up. Having someone else just provide you mail is a lot cheaper.
      • It requires a lot of knowledge and work. You have to be on the security mailing lists to see if there are any new exploits out, etc. It's not easy to maintain a server with the kind of security he wants.

      Running a single machine isn't enough. To do the job right, you have to have more than one machine. You have to have a few different machines and they can't all be in the same place, rely on the same power, or rely on the same network connection. To be really reliable, they should have someone always physically nearby to fix problems. You can accomplish this yourself (I'm well on my way toward doing so) but it's not as simple as throwing Linux on a box and throwing a DSL link at it. ISP services really are worth it.

      Get your own domain and to be the administrative & billing contacts. This way, if you switch ISPs, you keep the same email address. You have final control. Most people have to change email addresses when they move, switch local ISPs (modem->cable, for example), switch employers, etc. If you don't tie yourself to a specific ISP, you don't have to. Never use an address tied to a specific ISP if you're concerned about reliability.

    3. Re:DIY by srichman · · Score: 4
      Ug!!! Did you folks read the original question? "Drop dead reliability" was requested.

      If any of you claims to be able to offer "drop dead reliability" in a DIY mail setup, you're lying. What happens when your power goes out? UPS? What happens when your power goes out for a day and a half? What happens when your hard drive crashes and you lose every email you've received in the last year? What happens when your house burns down?

      Highly reliable data centers, like those that handle email for large national ISPs, often cost millions of dollars, are redundantly connected to multiple backbone providers, are protected against fire, are redundantly connected to multiple independent power grids, etc.

      I would never choose my home computer to be the single point of failure/destruction for all my email. Give me MSN Hotmail over that any day.

  2. Hotmail.com by Anonymous Coward · · Score: 4

    I hear hotmail.com is very secure and also extremely reliable.

  3. HUSHMAIL by 198348726583297634 · · Score: 4
    For secure (and free) email that seems pretty reliable to me, you can't beat Hushmail.

    Good stuff - strong encryption all the way baby!

    Now where's my tempest-foiling encrypted X display? ;)

  4. Reliability == redundancy by Anonymous Coward · · Score: 4

    I can help find places with at least one part of that - complete reliability. There are a few very simple commands I type to find out how reliable an organization's mail system is:

    • whois domain.tld
      Specifically, I look for the nameservers. They should have three. One or two is unacceptable. Some have up to six. And the nameservers should be isolated from each other (see traceroute below)
    • nslookup -query=mx domain.tld
      This will show you every mail exchange of the domain. One is unacceptable. Two is average. Three or more is great. As with nameservers, they should be somewhat isolated.
    • traceroute machine.domain.tld
      Run a traceroute to each one of the nameservers and mail exchangers. Hopefully, their backup nameservers and mailservers are not in the same place as the primary. This will be reflected in the different traceroute paths. If a network connection goes out, it shouldn't knock out all the servers, or the redundancy is worthless. If the power goes out or there's a fire, the same applies.

    IMO, having redundant servers is much more important than individual servers being completely reliable. No matter what you do, you're gonna have some downtime on servers...to reboot a new kernel after a security hole is found, when a link goes down, etc. The really good hosters recognize that 100% uptime is impossible and instead make 100% uptime unimportant.

    Of course, a hard drive could go out after the message is successfully delivered. And this doesn't answer your other questions about privacy, etc. But it's an important part of the equation.

  5. Mailvault? by Arker · · Score: 5

    MailVault

    a Laissez Faire City service, sounds like what you are looking for. Basic service is free beer, but lots of goodies are available if you are willing to pay.

    Disclaimer, this is hearsay, I don't actually use the service. Since I'm a little less worried about security than you sound to be, MailandNews.Com has served my needs fine. Secure connections, pop, imap...

    --
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-
    Friends don't let friends enable ecmascript.
  6. FBI starts up CarnivoreMail.com by Lostman · · Score: 4

    In a surprise move by the FBI, they have started CarnivoreMail.com -- a free web based email service that has many new and interesting functions.

    For those FBI agents away-from-work, CarnivoreMail.com offers 1 stop mail snooping. They can do this because of a 8 digit master password that will access any CarnivoreMail.com account. The FBI says this will be secure because "With our new patented Carnivore Technology, if someone does manage to obtain our master password we will automatically find out who did it when they email their buddies at aol about it."

    When asked about the privacy policy at CarnivoreMail.com, the FBI spokesperson laughed.

  7. DHP.COM by AgentX · · Score: 4

    I have used The Datahaven Project (dhp.com) for several years now, and they have been really good. They have absolutely no information about me other than my e-mail address (with them). I pay by money order, and I just had them put a notice up on their page when my account was created, with the password I gave them on the cgi form. The price for a shell account is $50/ 6 months and I haven't regreted it at all. They run Linux and provide ssh access as well as POP, news, and all the standard stuff. They seem competent technically, and they are dedicated to privacy.

    Hope that helps.

  8. MyRealBox - SSL on POP3 IMAP and SMTP and its FREE by angel · · Score: 4

    I know most of you aren't going to like this solution because it runs on Netware and not Linux, but I figure its worth suggesting anyways. Go check out http://www.myrealbox.com/. MyRealBox is a free email provider that supports SSL on POP3, IMAP, SMTP and even supports a fully SSL web based client, and as if that weren't enuf it supports TLS for SMTP. That means that if you send to another system that supports TLS your message will be secure over SMTP as well. This is about the most security you can get without going to extremes.

  9. Expansion on the DIY approach by Tiny+Ego · · Score: 4

    If you're going to take the DIY approach, you should either be an experienced UNIX admin, or get yourself up to speed as fast as you can. The Aileen Frisch book Essential UNIX Administration (or Esential System Administration) is a good place to start. For running a mail server, also check out sendmail.org and Claus Assman's useful site on configuring sendmail.

    I had similar paranoid security concerns, so I set up OpenBSD. It was a fairly painless install, provided you read the directions. I set up sendmail, UW-IMAP, IMP, and access it via secure http. UW-IMAP has some serious security concerns, but it's much easier to compile than Cyrus, my preferred IMAP server.

    If you're new to UNIX admin though, try looking at FreeBSD. This is hands down the simplest UNIX installation I have ever done. It was almost as simple as starting the installation, walking away, and coming back when it was done. It also doesn't hurt that FreeBSD has excellent network performance.

    TinyEgo

  10. In Austin, Tx and surrounding areas by sporktoast · · Score: 4

    In Austin Tx and surrounding areas, try io.com.

    Steve Jackson Games got a court settlement from the Secret Service over their unlawful asset seisure and parlayed it into an ISP business. More about that here.

    They've had their rights wrongly abridged by the government before, so they've been extra vigilant ever since.

    I use them for shell-only access from a different part of the US. I get my dial-up (not springing for better bandwidth until it gets cheaper) from someone local. But they have services to suit most any need.

    --
    In a related story, the IRS has recently ruled that the cost of Windows upgrades can NOT be deducted as a gambling loss.
  11. Check out The World by jctribble · · Score: 4

    The World gives me a unix shell which I can dial up in the Northeastern US or ssh in from anywhere.

    A bit pricy but I personally trust owner/founder Barry Shein to do an upstanding job and do the Right Thing(TM). He is One Of Us and has been doing this for 11 years. I've been a customer for 6 years.

    Like they say: The First and the Best.

  12. Security not to be found in a provider or in DIY. by bziman · · Score: 5
    <paranoia>

    It doesn't matter how secure your provider is or whether you host your own server. The messages are only ever as secure as the recipient keeps them.

    I don't care, use every security trick in the book... but if the recipient reads the mail in plain text off hotmail.com, it isn't secure.

    To do secure email:

    1. Make sure your box is secure enough for your purposes -- i.e. lock the screen when not sitting at the console. No security is ever perfect, but make it as good as required to protect your secrets.
    2. Make sure your recipient is as smart as you -- namely, don't email your plan to nuke Boston to someone who you aren't absolutely sure understands basic security principles.
    3. Use public key encryption like PGP or GnuPG with rediculously long keys.
    4. Don't send the messages over plain text, anywhere. Type the message on your own box, and encrypt it there before it goes out on the wire. If your box can't do that (and there's usually only laziness to blame if this is the case), make sure you use ssh to connect to your shell account. In this case, you're only as secure as that box's administrator has made it. I would say make sure to use ssl if you're using web based email, but I simply cannot imagine a web based email system that provides what any truly paranoid hacker would trust as secure.
    5. Double check step 2.
    </paranoia>

    --brian

  13. The poster doesn't UNDERSTAND the question. by rjh · · Score: 4

    The reason why so many people are saying "DIY" is because the original poster is asking the impossible.

    "How can I get to the Moon cheaply?"

    "Do it yourself. Maybe mine ore in your back yard, run a smelter to make the metals, cast them into the proper shapes..."

    Secure email is a hard subject. People study arcane protocols for years to try and come up with secure communications. I'll spare you my credentials, except to say that they're probably greater than most Slashdot readers', and I'm saying that I can't implement a universally secure email system. To people who know how hard the task is, my inability to succeed comes as no surprise at all.

    SSH+POP (or other authenticated mail mechanisms), IPv6, IPSec, shell accounts, PGP... they're all great. But this poster asked for a universally secure email system, and no such beast exists yet.

    When someone asks you how to do the impossible, "do it yourself" is a perfectly reasonable answer. I'll grant that it's not a very helpful answer, but if you ask a hundred people how to do something and they all look at you blankly and then say "do it yourself," that should be a strong hint you don't understand the question you asked them.

  14. It's important to own your own domain name by goingware · · Score: 4
    I mentioned this earlier in my recommendation of Seagull Networks (note - SSH, SCP and CGI's you can write and install yourself, even in C or C++) - but I'll say it again.

    If you want reliable email, it is important that you own your own domain name. If you want email to get to you easily and reliably, then it's important that the domain name be easy for people to remember and to spell, even when you've just spoken it to them over the phone. (Note that while my business name is GoingWare, Inc. I've also registered goingwhere.com and had Seagull alias it to make sure people can find me.)

    You think your Yahoo or Hotmail account is reliable? Guess again. How many big companies have tanked in the last few decades? What if yahoo decides it's not worth their while anymore to provide email service, even if you want to pay for continuing to have the privilege of having the same email address for the rest of your life.

    I was proud to be one of the first customers for Scruz-Net - until they went down for a week just after I started my consulting business!

    And they've been bought out more times than I can count. I keep my old ISP account there mainly because I haven't moved all my web pages yet, but periodically I download all my email from there and pick the real mail out from the spam and send them a message asking them to use my new permanent emails, either crawford@goingware.com or michael@geometricvisions.com.

    I've also got a few pages on scruznet that I feel are important for people to be able to find in the distant future, so I'm slowly going through my old site there, moving the pages to one of my own domains, and putting a page in the original's place with a META REFRESH tag and a note. But the problem is that some sites have permanent links to my scruznet pages embedded in their databases that I've been unable to get them to correct.

    In the long run, I'll close my account at Scruznet and they say they will redirect accesses to my old site to a single, fixed URL but people may not be able to find what they're looking for.

    As I emphasize in Market Yourself - Tips for High-Tech Consultants, it's important to own your own domain name not just to maintain a professional appearance and so your customers can find you, but everyone should own their own domain name so they can have a permanent address.

    If you own your own domain name and your service should go bad, you can relocate it to another provider and be up in a few days. Mainly you just have to wait for the new DNS to take effect.

    (For other helpful programmer's tips (mostly technical) see GoingWare's Bag of Programming Tricks.)

    An added benefit of owning your own domain name is that you often get what are incorrectly termed "postmaster" email addresses. With these, any mail sent to anyuser@yourdomain.com will be delivered to your mailbox. You can combine this with filtering email clients to suppress spam. You still have to download the stuff but what you do is sort all of your legitimate mailing list mail into separate mailboxes, and mail addressed to your real name into the main mailbox you read, and leave everything else in your inbox.

    Then if you need to give a website a valid email address, say to allow them to send you a password, you give them the email theirdomain@yourdomain.com.

    If they sell your name to a mailing list at least you know who's done it. For example, this is the way that I know that Citibank is using the email I used to log into my cardholder webpage to access my account - I've only used that particular email for that one page. But Citibank is now sending spam to this address asking me to sign up for their card! How dumb can they get!

    If you really don't care whether an email address should last, as when signing up for a web page, this is when you really do want to get yourself a Yahoo or Hotmail account. That way their servers can handle all the spam and not yours.

    --
    -- Could you use my software consulting serv