Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Secure, Yet Accessible E-mail Archive Storage?

Posted by timothy on from the now-where'd-I-put-that? dept.

New submitter mlts writes: As of now, I just leave E-mail in a 'received-2015' subfolder on my provider's server, adding a new folder yearly. With the rise of E-mail account intrusions (where even though I'm likely not a primary target, but it is a concern), what is a secure, but yet accessible way to archive E-mail? I'm far less worried about the FBI/NSA/Illuminati, as I am about having stuff divulged to all and sundry if a mass breach happens. A few alternative I've considered: 1) Running my own physical IMAP server. The server would run on a hypervisor (likely ESXi), have Dovecot limited to the VPN I use, and use other sane techniques to limit access. 2) Archive the E-mail files through a cloud provider, with a client encryption utility (EncFS, BoxCryptor, etc.) In this case, E-mail would be stored in a different file a week. 3) Move it to local storage on a virtual machine, and if access is needed, use LogMeIn or another remote access item to fire up Thunderbird to access it. What would be a recommended way to secure E-mail that sits around, for the long haul, but still have it accessible? Even if you're not specifically worried about it, keeping older email around on a provider's server opens you up to warrantless access by U.S. law enforcement officials.

3 of 74 comments (clear)

  1. Local! by Sir+Holo · · Score: 4, Informative

    Back it up locally and encrypt the backup on an external drive.

    then, either lock that in a safe-deposit box, have a friend hold it, or hide it in some random but physically secure location. A fire-proof safe in your basement would work.

    It is the only way, if any still exists at all

    And yes, I like to have access to 1990's emails sometimes. Or need to. The world does not need to see them. BTW, law enforcement, under USA PATRIOT or CISA or some court ruling, do not need a warrant to read any email older than one year.

  2. Using an Archive on a cloud provider... by Lab+Rat+Jason · · Score: 3, Informative

    ... is just INCREASING your attack surface, not reducing it! I'd go with the local backup if I were you.

    --
    Which has more power: the hammer, or the anvil?
  3. My "solution" by Anonymous Coward · · Score: 4, Informative

    My ISP (Comcast) won't allow me to run a fully functional mail server due to so many ports being blocked so I host my domain/mx record at Google for your Domain (got a free account way back when). I then have Thunderbird running 24/7 alongside my home mail server, automatically sucking down new mail from my gmail account and putting them in the inbox of my own server. I still have to periodically go and delete all mail on gmail because I've not figured out how to automatically & permanently delete them (or sent mail) from an IMAP client. I also use Google's servers as a smart host for outbound mail, so when an email client it setup to send/receive mail to my server, it all works, just on alternate ports. TLS all around.

    So.... there's a limited amount of my email sitting in gmail trash at any given moment, while I have access to all of my email on my own server via imap on all of my devices.

    It was the best I could come up with on my very low budget. I do it less from a fear of google/government snooping (though that bothers me) than from a fear of hackers getting into my gmail account. My own server is a much smaller and more obscure target...