Ask Slashdot: Secure, Yet Accessible E-mail Archive Storage?

New submitter mlts writes: As of now, I just leave E-mail in a 'received-2015' subfolder on my provider's server, adding a new folder yearly. With the rise of E-mail account intrusions (where even though I'm likely not a primary target, but it is a concern), what is a secure, but yet accessible way to archive E-mail? I'm far less worried about the FBI/NSA/Illuminati, as I am about having stuff divulged to all and sundry if a mass breach happens. A few alternative I've considered: 1) Running my own physical IMAP server. The server would run on a hypervisor (likely ESXi), have Dovecot limited to the VPN I use, and use other sane techniques to limit access. 2) Archive the E-mail files through a cloud provider, with a client encryption utility (EncFS, BoxCryptor, etc.) In this case, E-mail would be stored in a different file a week. 3) Move it to local storage on a virtual machine, and if access is needed, use LogMeIn or another remote access item to fire up Thunderbird to access it. What would be a recommended way to secure E-mail that sits around, for the long haul, but still have it accessible? Even if you're not specifically worried about it, keeping older email around on a provider's server opens you up to warrantless access by U.S. law enforcement officials.

pop3 to local machine, then backup

[i.r.id10t]

Pull it down to your local machine either via pop3 or just moving messages from your imap inbox to a local folder.

Then whenever you like, archive that off somewhere. You could even convert maildir format to mbox and then run something like mhonarc on it to make web pages of 'em all wtih indexes and such, and just archive off the HTML onto a CD/DVD/whatever.

All that said, why are you keeping it all? I've kept all of my work related email for 18 years now (same employer) on my local machine. I've gone thru a few things more than a year old just for giggles, and one time I needed a license number that was locked up in a filing cabinet but didn't have my keys that day... But mostly an email that is 2 months old or older just isn't needed (by me, for my work, your needs probably vary).

Re:pop3 to local machine, then backup

I download important email and store it on a USB hard drive, then delete it from the server to prevent nefarious activity.

Re: pop3 to local machine, then backup

You're assuming it is actually deleted from the server.

Newb.

Re:pop3 to local machine, then backup

[ShanghaiBill]

All that said, why are you keeping it all?

A better question is "Why delete it?" Keeping it involves near zero effort and near zero cost. If deciding what to delete takes more than a few seconds, it is not cost effective. I have every email I have sent or received for the last 30 years (except for spam) and it fits in 10 cents worth of storage. Even if you count backups and redundant copies, it is under $1. My archive has come in handy many times, including helping a third party dismiss a $150,000 lawsuit from a patent troll by documenting prior art. That was worth $1.

Re:pop3 to local machine, then backup

Keeping it involves near zero effort and near zero cost.

Huh? Keeping it seems to be sufficiently problematic to warrant an "Ask Slashdot". That doesn't sound like "near zero effort" at all.

Re:pop3 to local machine, then backup

[tlhIngan]

A better question is "Why delete it?" Keeping it involves near zero effort and near zero cost. If deciding what to delete takes more than a few seconds, it is not cost effective. I have every email I have sent or received for the last 30 years (except for spam) and it fits in 10 cents worth of storage. Even if you count backups and redundant copies, it is under $1. My archive has come in handy many times, including helping a third party dismiss a $150,000 lawsuit from a patent troll by documenting prior art. That was worth $1.

No, the OP is asking why is it necessary to have all the emails from years past always accessible. At least his solutions all seem to imply online instant access to the archived emails.

It wasn't about deleting old emails - it was keeping them online 24/7. Which I find is a point - I have years of emails archived and backed up, but not instantly accessible - because after about 3 months, the frequency of access drops off considerably - from maybe once a month to less than once a year.

And if the OP is asking how to prevent a breach, the best way is to keep it offline - you can't get at data that's not stored accessibly.

So yeah, keep your email, but I've found I can put each year's worth on a DVD or something (multiply backed up) or external HDD, and put it on the shelf, because I'll rarely need to access it, so the extra effort doesn't matter. If I kept it all online, yes I could get to it in seconds rather than minutes, but I risk a security breach exposing everything.

So first, perhaps examine what emails you do access in the archive frequently and then make a copy of them elsewhere, then everything else you put locally and offline, safe from hackers (but not burglars!).

Re:pop3 to local machine, then backup

[dcollins117]

All that said, why are you keeping it all?

I keep every email sent and received (excluding spam) on a local Dovecot server. It's a wonderful resource. Every event important to me ends up in an email to somebody. I use the archived emails in lieu of a journal or diary as an effortless way to record my personal history.

Re: pop3 to local machine, then backup

Derrrr... y'all mean gmail aint safe?

Re:pop3 to local machine, then backup

[FrozenGeek]

Personal email, I don't much care to keep. Business email, OTOH, is very useful. I use it as a paper trail. If I need to recall something, it's probably in my email. When a damager, um, sorry, manager, asks why I didn't do X (or why I did do X or, well, you get the idea) when in fact I did it, I usually just forward him the email I'd sent him N months ago detailing that his request is complete. Don't do that a lot, but every time I get to do it, it makes my week. Since corporate email servers are supposed to be secure, particularly from internal tampering, they are a good storage facility. That said, if the email is something that worries me, I archive it locally.

I used to be the paranoid weirdo until Snowdon. Now I'm smarter than most.

Re:pop3 to local machine, then backup

[jabuzz]

Because the moment you decide to put a low power home server (say a sub 20W mini-ITX device) on your internet connection always on access to all your email becomes trivial that why not?

The combination of dovecot, fetchmail, roundcube and z-push running on top of CentOS is a tough combination to beat. Of course you might want to run a calendaring server as well.

Once you are down this path how about a Plex or Emby server; actually handling DVD's or BlueRays is for suckers :-)

If you don't fancy building it all yourself a number of the cheap NAS boxes can be extended to do all this for you instead.

If you have a "superfast" broadband connection (I have a 40/20Mbps FTTC connection and could go to 80/20 tomorrow all with a static IP) then all your options really open up. I tell you know your own private cloud is way cheaper than something run by someone else.

Finally If the government decides it wants access to my cloud storage at least I will know about it. No serving a warrant and gagging order to my provider.

Re:pop3 to local machine, then backup

Why not MS Exchange + OWA? This would do everything mentioned above except for fetchmail. Exchange on modern hardware is actually surprisingly fast, and can be fairly easily backed up.

Of course, it can do POP and IMAP. Just enable the services and edge functionality.

Print it?

On paper

Re:Print it?

Yes. I know a couple of Lawyers who do exactly this with important eMails. They date and sign each Printout in ink, and then store the copies in Safe Deposit Boxes, along with things like Corporate Papers, Wills, and Contracts.
Electrons are Fickle, and the right ones just may not be around when most needed.

Local!

[Sir+Holo]

Back it up locally and encrypt the backup on an external drive.

then, either lock that in a safe-deposit box, have a friend hold it, or hide it in some random but physically secure location. A fire-proof safe in your basement would work.

It is the only way, if any still exists at all

And yes, I like to have access to 1990's emails sometimes. Or need to. The world does not need to see them. BTW, law enforcement, under USA PATRIOT or CISA or some court ruling, do not need a warrant to read any email older than one year.

Re:Local!

Keep in mind that most Emails are sent unencrypted. Even when it is encrypted, it does not stop the remote side from storing it without encryption (or with a decryption key that is readily available on the same system). Although you can go crazy with security on your local side, if your remote side has no security all that info may still be compromised.

Think carefully about your trust model and how you use Email. If the contents of your Inbox is really that sensitive, then perhaps you should not be using public services at all. Saying that differently, perhaps you should set up your own Email service on a server in a private VPN that runs over the Internet.

Re:Local!

[unrtst]

While I have not tried the following, I think it may be a pretty swell idea...

* Use S/MIME encryption for your encryption
* Setup a filter (could use fetchmail+procmail, or your email client's native filter stuff, or an external process in python/perl/whatever)
* On new mail receipt, get copy of email, encrypt the body via S/MIME ("openssl cms"; man cms; don't use the misleadingly named "openssl smime"), and save back to the server in a different folder.
* On all your email clients, just check that new folder only.

There may be some fudging necessary either when encrypting or when reading the email, since the emails aren't from you, so the default client behavior of using the FROM address to determine the encryption key will not work. However, you could either alter the from to your own while filtering, and backup the real from to X-From:, and update your client to display the X-From instead of the From... or trick your client into treating the folder as a sent mail folder (sent encrypted emails get encrypted by your own cert and saved to your sent mail folder already... and reading those already works).

While it may take a little bit of a kludge to get it working, once it works, it'd just work. All your emails would be separately stored on whatever IMAP server you like. You'd be able to read them via any client with S/MIME support (assuming you have your private key with you). FYI, there are browser plugins that make S/MIME work with some webmail providers too.

All the other suggested solutions I've seen boil down to:
* download to local computer
* encrypt it somehow and make encrypted backups
Those have many layers of things that are not easily accessible. I'd be more likely to go that route anyway (just fits the way I work already), but encrypting the messages within the IMAP server may be a nice solution for many other users.

Re:Local!

If reliability is important, its better to use non-volatile media

Re:Local!

[mlts]

It is a good idea, but for transport encryption, S/MIME should be used between clients, or even better, PGP/GnuPG because it isn't relying on a root CA key for security.

For DAR (data at rest), I have done complex setups in the past which have bitten me in the rear more often than not... these days, I wind up using gnupg for files, EncFS for directories, VeraCrypt for file based drive images, and the OS's native block encryption (BitLocker, FileVault, LUKS) for physical drives.

Long term, I should consider setting up a VM [1] that actively uses fetchmail to grab data, then SSH in and use mutt to read it, but right now, I'm mainly looking at yanking moldy stuff from mail providers, and stashing it in a place where it is accessible via SSH, VPN, or a 2FA mechanism [2].

[1]: I like virtualizing all servers that don't require bare metal, if at all possible. For a home user, it makes life easy when you can tote an external USB flash drive [3] from one box to another with the virtual machine on it.

[2]: 2FA isn't a cure for all ills, but it does take a number of attacks off the table, especially coupled with Fail2Ban or another blocking utility.

[3]: Or an external USB SSD. Even on such a low speed port like USB 3, the fact that there isn't any seek time on the SSD is noticable with multiple VMs running on it.

Re:Local!

[allo]

That doesn't matter as much as you may think.

Of course, the people are having a copy of my mails. But when somebody searches my mails at my provider, they have everything concerning me. When they need to search the recipient/sender mailboxes, they have to search hundreds of mailboxes. And they need to know, whom to search. Without a copy of the mail in my mailbox or addressbook (online) its hard to know.

Using an Archive on a cloud provider...

[Lab+Rat+Jason]

... is just INCREASING your attack surface, not reducing it! I'd go with the local backup if I were you.

Re:Using an Archive on a cloud provider...

[MagickalMyst]

Mod +1

Re:Using an Archive on a cloud provider...

If you encrypt the archive prior to upload, then how is this true? If reliable storage is important, a hosted cloud solution that is professionally managed and backed up regularly may be the best option. If you have a local backup, then you are at risk of failed hard drives, fire, etc. If you create multiple copies, you are at risk of losing one or having it stolen.

An encrypted archive stored in a cloud service is worthless to someone who downloads it while looking for data to "hack and dump"

Re:Using an Archive on a cloud provider...

[Lab+Rat+Jason]

I dunno... ask Kim Dotcom. Is it really a reliable archive if it disappears overnight? If the online host is the ONLY place you keep your archive, then it's really not anymore secure than keeping it at your house... and for the record, I've lost more data to belly-up hosts than I have to house fires and bad drives, so statistically speaking, my house is more secure. Granted this is just one data point, but who knows... maybe OP has had a lot of house fires or something.

One other point I'd like to make, is that if your cloud secured email backup needs to be easily accessible, then that implies that you are going to be carrying the key with you... either in the form of a memorizable and possibly guessable password, or a physical item that contains your key... again increasing your attack surface. If you don't carry the key with you, then how is that different than keeping your email on a disk at home? Hopefully your key is fireproof.

The only place where your email is guaranteed to exist is on NSA servers... ya know, it seems like they've got an untapped business model there.

If it's ever touched a major provider's server

[clonehappy]

Expect it to be indexed and viewable at will by the United States or just about any other modern Western government. It doesn't matter if it's "archived" there or not, it's archived there. Once it hits a server and gets replicated for backups and redundancy, it exists forever. Deletion does nothing. A log is kept (even if it's just in the backups) of every email, chat, IM, SMS, etc. you've ever sent or received. You can bet on it.

Run your own IMAP server

[PvtVoid]

Get an email account with any domain provider, and set it up to forward to your private server. Read mail by connecting to an account on the private IMAP server. No need to run your own SMTP server; outgoing mail can be handled by your domain provider.

Problem solved.

Re:Run your own IMAP server

[CWCheese]

That's what Hilary did

Re:Run your own IMAP server

Really? She still sent/received email via an official SMTP server?

Even less of a scandal than I thought....

Re:Run your own IMAP server

[Simulant]

Mod +1. This is what I do, more or less.

Re:Run your own IMAP server

And I'm sure your domain provider is happy to pass a copy over to the NSA.

Re:Run your own IMAP server

[PvtVoid]

And I'm sure your domain provider is happy to pass a copy over to the NSA.

It's pretty hard to send a fucking email without using the network, but luckily that's not the threat model being discussed. If you want to keep email secure from network surveillance, you encrypt it. If you want to reduce vulnerability to a storage breach, you store it locally.

Re:Wow That Sounds Hard

[MagickalMyst]

"I'd just use Outlook for the mail client."

One feature of M$ Lookout is it's built in VTP (virus transport protocol). And it is very effective, from what i've been told.

Hillary is that you?

[stevegee58]

Or your new IT guy?

Re: Wow That Sounds Hard

Important part of the wintel upgrade cycle.

Re: Wow That Sounds Hard

Looks like we have some Microsoft fan boi moderators. It's sad that this used to be a tech site.

EncFS buggery

Becuase EncFS encodes certain extra metadata in the filename, the maximum filename limit for EncFS mounts is significantly shorter than the usual 255 character limit (just wanted to throw that out there for you).

Re:EncFS buggery

[allo]

modern filesystems have no 255 char limit.

My "solution"

My ISP (Comcast) won't allow me to run a fully functional mail server due to so many ports being blocked so I host my domain/mx record at Google for your Domain (got a free account way back when). I then have Thunderbird running 24/7 alongside my home mail server, automatically sucking down new mail from my gmail account and putting them in the inbox of my own server. I still have to periodically go and delete all mail on gmail because I've not figured out how to automatically & permanently delete them (or sent mail) from an IMAP client. I also use Google's servers as a smart host for outbound mail, so when an email client it setup to send/receive mail to my server, it all works, just on alternate ports. TLS all around.

So.... there's a limited amount of my email sitting in gmail trash at any given moment, while I have access to all of my email on my own server via imap on all of my devices.

It was the best I could come up with on my very low budget. I do it less from a fear of google/government snooping (though that bothers me) than from a fear of hackers getting into my gmail account. My own server is a much smaller and more obscure target...

Re:My "solution"

Why not use fetchmail instead of Thunderbird? It'll take care of deleting the retrieved email from the remote system.

Re:Wow That Sounds Hard

I have used Outlook for long term archives. Even when I check the archive with scanpst.exe, I have had some larger archives get horrifically corrupted.

Ixnay on that. Thunderbird's mbox format may be archaic, but even corrupted, you are still able to get your E-mails out of it with basic UNIX text utilities. Back when Mozilla was an all in one utility (the ancestor of SeaMonkey), it was a lot better for archiving just because corruption wasn't as big an issue as it is with .PST files. A corrupt PST file can mean no way of recovering.

Let it go. Let it go.

There is just no reason to store email.

If the concern for security is embarrassment or liability, quit being an embarrassment or liability and quit documenting how long you have been such.

If you need to store correspondence for a compelling reason, then by all means set up a filing system and use it.

Re: Let it go. Let it go.

Email is the file system, you insensitive clod!

I mean, email is the central filter. Why would I want to set up multiple external ways of handling the data when I know it's already in my email client? I might know who sent me the email and/or when, and being able to skim many is better when I have less to go on.

And then thereâ(TM)s the flexibility of just forwarding the information as needed.

So no, don't feel like a make-work project with more hoops.

money

[zlives]

you could set up journaling locally. decent solutions exist to dedupe compress and encrypt.

The Only Safe Place

[TheAngryCat]

Is locked away in your home or in a secure place at your place of work. Everyone so far is telling you the obvious, nothing is safe or secure in the cloud.

piler

piler on a dedicated server.

Archive Software

[MichaelMac]

There's a software solution for this. The most secure way is on your own computer. Using IMAP to download those directly from your provider so you can then delete them. Webmail Archive Manager does just this. Downloads all emails in any folder(s) that you select. It has the entire email (text, rendered/code html, attachments, all the recipients, all the CCd and the full header for forensics). You can search, reorganize, whatever you like. I'm not sure what the policy is on links but it's here: http://maxedge.com/ If that link doesn't show up, just google Webmail Archive Manager....it's by MaxEdge. Oh...it's cheap too. -MichaelMac

Re:Archive Software

[KelseyFox]

If you have software that will handle this, I think that's the way to go. It's not secure or safe until you get it on your own systems. Direct download from your provider is "cleaner"...IMHO. Kelsey

Re:Archive Software

[Wolfrider]

--I looked into that, downside is that it seems to be Windows-only. Would prefer a Linux-based solution because MS/Windows "as we know it" may not be around 5 years from now**. Piler software looks interesting.

/ **although don't get me started on Linux+ systemd, that's a whole other gripe

Re:Archive Software

[MichaelMac]

Ahhh. It is Windows only. I know what you mean...I've been playing with Linux for years, but now I'm actually looking to see if I can seriously switch over.

fetchmail is still the definitive solution

I run fetchmail, dovecot IMAP, and a local sendmail on my Ubuntu Linux server, which is an always-on, low-power, fanless server located in my home. I can continue to use my ISP provided email account and their SMTP (outgoing) server with this configuration, but any incoming mail is taken off their server (POP3) within minutes of its arrival and delivered locally.

Re:fetchmail is still the definitive solution

Indeed. I do pretty much the same except fetchmail uses IMAP over SSL. I also have procmail recipes to sort stuff into folders as it comes in. Once the mail is on my home server, that is the definitive copy which all clients (desktop computer, smartphone, etc) access via IMAP. That, in turn, is backed up both locally and offsite (encrypted then sent to Amazon Cloud Drive).

Ask Hillary

Monica's ex-boyfriend's wife can tell you how to do this.....

Re:Ask Hillary

Hey you! You stay classy. Never let anyone tell you that your mind is in the gutter and that you prefer to gloat over people's failings than admire their successes.

a strange solution

[nimbius]

Im sure ill get downvoted for offering a non-solution but, bear with me...I think you need to take a more practical and meaningful approach to email in general...

speaking as an email administrator, Yearly archives of email are the virtual equivalent of an elderly hoarder with shoeboxes full of random correspondence. Once something is deleted, consider deleting it for good. Create a policy that, after 1 year or 30 days or $n amount of time, mail is automatically deleted regardless of whether its been read. if youve been mailed something for your personal record and its not in PDF format, click print-to-pdf, store it in an encrypted drive, and delete that message immediately. If you need information from the email for later use beyond the period of deletion then theres most surely a date youll have to act upon it. store it as a reminder in a calendar, and delete the email. the less email you have, the safer you are because youre being accountable for the data and information you're entrusted with by your peers...not just shoeboxing it.

Re: a strange solution

"Hey Joe, what was the phone number for that consultant 3 years ago?"

"I don't know, haven't needed it for 3 years and the email admin deleted it".

I would rather deal with the problems of having all emails instead of none. Less chance of "oh fuck" moments.

I think we won the warrantless email search battle

I can't find the info on it from the EFF, but after near 30 years we finally won the war over that. They can't search emails without a warrant that are held after a certain period of time. I was very (happily) surprised when I read about this victory because my company is working on a product to enable users to easily self-host there email to stop the government from having warrantless access to old email via a technical means.

That said I don't think we're going to not release a product. We need better tools to protect our privacy and security and we shouldn't let our defences down just because it is now illegal for the government to do so. We already know they generally interpret there way around laws and rulings. And get away with it. They'll likely find some other loophole or make some other interpretation of the ruling.

Own IMAP server

[demon+driver]

As some others recommended, I use my own IMAP server – both for holding my complete mail archive (I once used the aid4mail tool to transfer my mail client based archive from Thunderbird to the IMAP server) and for continuously receiving (fetching) current e-mail from every active mail account I have. It is the one point of access for my email, whether I'm at home or on the road, from whatever device, and I have access to every single mail I have ever received or written (and not discarded...) from wherever I might be. Personally, I haven't implemented strong safety measures yet, actually I'm running hmailserver on a Windows machine which isn't really what I would call a wise solution, but so far it works perfectly well, as long as the server's internet connection is alive...

Personal cloud storage

First, be aware of the rules and practices around your email. I work in an industry where litigation may occur several years after the fact, so missing email can be very costly for me. I annually backup my closed projects to a PGP encrypted file, and upload that to a managed server.

This isn't "NSA" secure but it is "Anonymous secure"

But what about being able to access it?

The solutions so far address just archiving it. I want much the same as the author; just keep the past few months on my provider's server, but have a locally indexed archive that I can search and retrieve on. Short of setting up a local email server and importing all the content from the archives, is there a database system or such that can take a folder full of emails and index it?

Re:But what about being able to access it?

Stuff them into Splunk? The initial import likely will blow up the freebie 500MB/day index, but you got three days every 30 day period before Splunk kills your ability to search indices, so I'd consider saving them as files, feeding them into Splunk, then using fetchmail from there on out.

Just keep Splunk and its index filesystem on a secure machine.

Thunderbird Local Folder

[corychristison]

I personally store archives emails in a local folder in Thunderbird on my primary workstation.

I then have it backup regularly to a secondary ("backup") drive installed in the system.

From there I have the backup drive encrypt and sync to a backup server (in a vm on a dedicated box) I have in a datacenter for disaster recovery.

Thunderbird automatically creates an Archives folder, with sub-folders of each year, when you use the "Archive" button.

Works for me. YMMV.

My own solution

[CanadianMacFan]

I have my own domain which I host at zoho.com for free since I only need one account. I only use that for incoming mail and spam filtering. Anything I want to keep I transfer over to the IMAP server that's running on my Synology NAS.

UNIX mail spool files will be accessible forever

[chaoskitty]

Just keep standard UNIX mail spool files locally, if you're worried about it.

Also, a mail server is not physical if it runs under a hypervisor, unless you physically have the box that runs both in your possession. You'll all see - hypervisors will be shown to be manipulated by cloud providers and/or TLA agencies to extract data from virtual machines without the virtual machines' admins knowing anything about it.

CLINTONEMAIL.COM

That's obvious. Hillary knows it all. ROFLMA.

Re:Local! Agree ... but

I normally use Thunderbird, using TLS transport and set to delete after download. But I don't panic over S/MIME (though I use it for some messages) because ...

* While sitting at $BIGSERVICE it's not encrypted, even if it is while in transit. S/MIME can help here.
* As another mentioned, if it ever visits a big service, it's available to $GOVT.
* Even after deletion, messages sit in the Trash until you log on and delete them. Backed up by then?
* It might be illegal to delete email, and anyway if you delete it quickly you become a suspect - something to hide?
* If you encrypt your email, NSA keeps it forever. Is your S/MIME good enough to resist attack forever? Do you need it to be that good? For everything?
* Even if you store it locally, the physical machines and copies can be removed with (sometimes without) a warrant and kept forever.

So let's be reasonable. Encrypt when needed, and take reasonable precautions, but don't make yourself a target.

* Don't be conspicuous. In wartime it draws fire. In peacetime it draws sergeants. *

Re:UNIX mail spool files will be accessible foreve

[mlts]

I should have been a tad clearer in my post. The machine would physically sit at a location I (hopefully) control, so it would be in my physical possession. The reason for a hypervisor is so that the VM used for stashing archived mail would be able to be passed from bare metal to bare metal install as time goes on, without need to rebuild the system. It makes backups easy as well, where I just power the VM off, plug a USB drive into the host, mount a VeraCrypt volume, export the VM as a .OVA file, dismount the .hc file and drive, call it done. This isn't fancy, but snapshots taken often combined with monthly/quarterly exports to offsite media should cover things fairly reliably. If the data is vital, I toss it into one IMAP folder, encrypt that folder via PGP, GPG, VeraCrypt or some other brute-force resistant method, then toss it onto Amazon Glacier to rot as the backup of last resort.

TLAs are really not on my threat model, so I treat hypervisors the same as operating systems. However, I do like keeping communications with clients around for a period of time before dumping it, as a best practice, so I'm mainly concerned with an E-mail provider getting breached and wide swaths of users having their stuff made into torrents.

Save it locally with encryption

I use both IMAP and POP3 email accounts, but every email that I save locally is automatically encrypted and every email that I sent is saved (encrypted) in a local Outbox folder, not in the "cloud".
I input a password when I start the email program (Bersoft Private Mail) and keep a backup simply by copying the program folder, that stores the message's folder (like Thunderbird portable), because the software is portable.

Re:Save it locally with encryption

Bersoft Private Mail is nice... but I've used utilities in the past which did encryption, and were not really standard. Backup programs like Retrospect which were excellent at backing to optical media. However, if they had a glitch in their format... well, your data was gone. I also learned this lesson from pDiary, a nice, encrypted journal keeper... but then abandoned. Ironically, once reason I keep E-mail around is to ensure I have, somewhere, license keys for abandonware.

This is why I don't use PST files for email archives. I use mbox files that sit on an encrypted hard drive. For backups, I use WinRAR or GnuPG, utilities which almost certainly will be around in a decade or two. WinRAR has source code for decoding archives, and GnuPG definitely has source, and uses OpenPGP.

Re:Local! Agree ... but

> So let's be reasonable. Encrypt when needed, and take reasonable precautions,
> but don't make yourself a target.

Quite frankly...FUCK THAT!

How about those assholes doing the spying 'be reasonable'?!

Not to mention, that the 'need' for encryption, per default, has to be just about everything, since not YOU but THEM are making the decision, whether something is 'of interest' or not. So much for 'don't make yourself a target'...nice post from under the rock, dude!

Re:Local! Agree ... but

[unrtst]

So let's be reasonable. Encrypt when needed, and take reasonable precautions, but don't make yourself a target.

If you only encrypt** that which needs special precautions, then you're making it EXTREMELY easy to target the messages that are important.
If you're going to encrypt, encrypt everything. This advice is also good for things like vpn use, proxy use, tor use, etc.

** ... or do anything out of the ordinary, like deleting it, or moving it to a different folder, or only downloading those messages, etc.

None of your bullet points are a negative to S/MIME use. The only edge case one is that the NSA may hold all your email because it is encrypted, but:
1. Who cares? I mean, I do from an overall rights issue, and I think it's wrong, but they're not going to leak stuff to my employer or any other trivial things.
2. The more we make them store (ie. if everyone encrypts everything), the less useful and feasible their selective storage becomes.
3. If you're actually worried about that, then your advice to selectively encrypt only when needed is debunked even further.

Acting out of the ordinary can draw attention, as you noted. The answer is to make encryption on many levels the norm for all trivial stuff, from slashdot to txt's to calls to ordering pizza etc. Then, when you do need it for something, it'll look absolutely normal.