dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
150314
share rss forum feed


Frydays

join:2005-10-21
South Padre Island, TX

top 5 safest and most secure email providers ?

what are the top 5 most secure email providers around free or pay name the top 5 please



KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

Define "secure."



Frydays

join:2005-10-21
South Padre Island, TX

so secure not even the fbi can read my stuff


nonymous
Premium
join:2003-09-08
Glendale, AZ

2 edits

1 recommendation

reply to Frydays

Here is my bet. All the big names will have issues. Most will love some obscure smaller players most have never heard of. Reason they feel safer is these smaller providers have great terms of services and great policies. Thing is to me some are so small there is no over site and just because they sound great on paper really means?
I use some of those evil free big providers and have no issues. Just uncheck a few boxes and personally have never had anything bad happen after many years. YMMV Thing is they are so big and so many users anything goes wrong and you will hear about it. So to me in a way that is better as there is over site.
One I use my own domain I got from godaddy. It is G_____ apps free. Even my University and other businesses use their paid version.

Now if you really need secure run your own email server.
For the FBI encrypt all your email. Forget any place secure for the FBI as they will just use a warrant. So encrypt on your own computer before sent and let the reciever decrypt it and Vica versa. Run your own server and encrypt it. Set trip wires so if FBI shows up computer is melted. No backups.
Or never put anything in writing you do not want read.



KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

1 edit
reply to Frydays

said by Frydays:

so secure not even the fbi can read my stuff
That is not the e-mail provider's job. That is your job. You need to encrypt your e-mails using PGP if you want to "stop the FBI from reading" your messages. Your contacts will all have to use PGP too, of course. I use an open-source version of PGP called GnuPG and encrypt my e-mails occasionally (depending on the contact).

As far as the e-mail provider, it doesn't much matter. Gmail is as good as any as far as I am concerned. Their spam filters are top notch.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


Logan 5
Enjoying the Cataclysm
Premium,MVM
join:2001-05-25
Austin, TX
kudos:7

1 edit

1 recommendation

reply to Frydays

To add to what's already been said:

Unless you have total control over the email process at both ends, there's no way to be 100% certain that any of the 3 letter agencies (DHS, NSA, CIA, DOJ etc...) wouldn't be able to compromise your communications and read the contents.

You do realize that they could just simply tap your connection at some point other then your computer & intercept your unencrypted mail and data with relative ease don't you?

You'd never know it was happening until it was Waaaayy to late to do anything about it.

STRONG encryption end to end coupled with running your own mail server and not depending on an ISP do do the work of securing your email/network for you are the only things that will make your email reasonably secure from prying eyes....

Remember, if they think you have or know something and they want it bad enough they will turn your life upside down in the process of getting it no matter how much you try to secure things if you are involved in something that interests them....



caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4

1 edit

1 recommendation

reply to KodiacZiller

+1

I've heard hushmail is pretty good, but these days, most ANY provider is susceptible to a warrant or a nat'l security type letter. Just look at the recent takedowns...

Maybe OP needs to go live in Finland?
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages



caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4
reply to Logan 5

Yup. You don't own the pipes, they do.



KodiacZiller
Premium
join:2008-09-04
73368
kudos:2

said by caffeinator:

Yup. You don't own the pipes, they do.
Anyone can own the pipes. Most communication on the net is not encrypted. Anyone can sniff the packets if they are in the right position.

The answer is to use strong encryption to stop the snooping, and the best way to do that, where e-mail is concerned, is to use PGP/GPG. Create an RSA key pair of at least 2048 bits and you're ready to go.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999

Velnias

join:2004-07-06
reply to Frydays

There is no such as secure email providers. Why do you think, companies like Google, spend a lot of money to maintain "free" email servers? But if you want one, you need search for email providers in more democratic countries, like (no, not USA, Iran, China, Russia and most EU countries) Iceland and Sweden.



Ronnie_USA
Premium
join:2003-10-09
Morehead, KY
kudos:5

1 recommendation

reply to Frydays

Your SOL, there is no such thing.



Frydays

join:2005-10-21
South Padre Island, TX
reply to caffeinator

ok some of you read what i said an went somewhere else with it ok heres what i need from a email provider

1.good almost perfect spam filter
2. ability to block emails from ever 1 on the net or something close to it
3. cheap if i have to pay

good security so i can get the receips from stuff i buy online an bank stuff u know secure enough that no 1 can get in an steal my credit card numbers or personal info



Tempus45
Premium
join:2006-07-08
USA

2 recommendations

reply to Frydays

Even PGP has its limitations. If served with a warrant, the Feds would have the capability to intercept key strokes and computer snapshots. I am a firm believer that security software nowadays have a back door that allow law enforcement to circumvent any security measures and precautions.
--
It is true that liberty is precious, but is it so precious it must be rationed?


chrisretusn
Retired
Premium
join:2007-08-13
Philippines
kudos:1
Reviews:
·PLDT
·Comcast
reply to Frydays

said by Frydays:

good security so i can get the receips from stuff i buy online an bank stuff u know secure enough that no 1 can get in an steal my credit card numbers or personal info
Never send credit card information via email. Receipts that are sent out after an on-line purchase do not contain complete CC number only partial. If there are sending you receipts with full information then stop doing business with them.
--
Chris
Living in Paradise!!


Jameson
Premium
join:2004-05-28
united state
kudos:1
reply to Frydays

My Exchange server sitting in my house.



JohnInSJ
Premium
join:2003-09-22
Aptos, CA

2 recommendations

reply to Frydays

said by Frydays:

so secure not even the fbi can read my stuff
I'd worry more about the NSA.

Run your own email server, locally hosted (like, in your house) and then the FBI will need to knock down your door, er, show you the warrant before they confiscate your server and read your mail.

Of course, your email is sent all over the place, and unless you encrypt it (as others point out) then it doesn't matter where it's stored as anyone can read the packets if they have access to the pipes. Access to the pipes is easy.

Oh, and be sure to tell everyone who sends you email to encrypt their email too.
--
My place : »www.schettino.us


Mchart
First There.

join:2004-01-21
Kaneohe, HI

1 edit

1 recommendation

NSA (Or any DoD agency for that matter) is bound by the law to not touch *anything* that has to do with any 'five eyes' citizens. The caveat to that is unless it has been legally deemed that said person is a threat to said national entities.

So while the NSA may or may not have the capabilities to crack your stuff - They can't. On top of that, i'm fairly certain they have bigger fish to fry.
--
THIS IS SPENCER. MISSION ACCOMPLISHED - I HAVE JOE. RETURNING TO BASE.



caffeinator
Coming soon to a cup near you..
Premium
join:2005-01-16
WA, USA
kudos:4

3 edits
reply to Frydays

said by Frydays:

ok some of you read what i said an went somewhere else with it ok heres what i need from a email provider

1.good almost perfect spam filter
2. ability to block emails from ever 1 on the net or something close to it
3. cheap if i have to pay

good security so i can get the receips from stuff i buy online an bank stuff u know secure enough that no 1 can get in an steal my credit card numbers or personal info
I have my own domain with a very good host located in a top-tier datacenter. I create my own accounts, and use my own choice of mail scripts on my own server. All SSL, no .JS allowed.

I also have custom SpamAssassin rules, use DomainKeys, SPF Records, and the host uses Enterprise-Level Filtering Hardware.

It's good enough for normal email. If I need be I can send encrypted as well using my own 256 bit AES (1024 bit RSA/SHA) SSL cert. I don't need much more.

I could use GnuPGP....but considering I don't know anyone who'd know how to receive that sort of mail...it's kinda useless.

I haven't even used an email client on a computer since about 2007. No worries here.
--

My 9/11 Tribute..online since 9/14/01
Need an Avatar? Check out Wafen's Avatar Pages

nonymous
Premium
join:2003-09-08
Glendale, AZ

2 edits
reply to Frydays

I still like the free google apps with my own domain.

Like someone else said receipts should not include your whole credit card number. Bank info the same. You just need to point your records at wherever you bought your domain to google apps for the email. Relatively simple. Nowhere near setting up your own server and did I say it s free. You can get your email online or use POP or IMAP .
With common sense it is secure enough for me. Like said I never send a credit card number in whole through the email.
Some may chime in about privacy etc. Yet Google has way more money than me and stealing my email would be less than nothing for them.
I have my own domain and Google tends to have very good spam blocking and other mail routing features.
So with say a cheap Godaddy domain and the free Google Apps you would to me have a very nice setup.
Then if you get more knowledgeable you can set up your own hosted server later.



DataRiker
Premium
join:2002-05-19
00000

1 edit
reply to KodiacZiller

said by KodiacZiller:

said by caffeinator:

Yup. You don't own the pipes, they do.
Anyone can own the pipes. Most communication on the net is not encrypted. Anyone can sniff the packets if they are in the right position.

The answer is to use strong encryption to stop the snooping, and the best way to do that, where e-mail is concerned, is to use PGP/GPG. Create an RSA key pair of at least 2048 bits and you're ready to go.
This seems the best bet. 2048 seems a bit over kill though. Not sure about this but isn't over a certain bit illegal for "communication"?


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
reply to Mchart

said by Mchart:

So while the NSA may or may not have the capabilities to crack your stuff - They can't. On top of that, i'm fairly certain they have bigger fish to fry.
I know - I have several friends there. It was a joke, of sorts. As in, why are you worrying about the FBI reading your email? They either don't care, or there isn't a damn thing you can do to prevent them from reading your email.

I believe if they wish to read your email, they can offer you the choice of decrypting it for them, or going to jail for refusing to decrypt. But then again, I am not a lawyer, I'm only going on what I read via google "compelled to decrypt"
--
My place : »www.schettino.us

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5

1 recommendation

reply to Frydays

»www.safe-mail.net/sites/safe-mai···ail.html



TwighlightLA
Premium
join:2010-07-03
kudos:1

1 edit
reply to Frydays

I'm certainly not an "expert" in the security of email but you also have to consider that if you are an using email client like Outlook or Thunderbird through your ISP, not all ISP mail servers are created equal in many areas including security.


nonymous
Premium
join:2003-09-08
Glendale, AZ
reply to Mele20

Ok what is this for. They also have safe haven hosting on offshore accounts for business?
If this is your concern, then have your business domain hosted with Safe-haven, our offshore service. SafeHaven is the ideal solution for businesses and groups that demand the very highest level of privacy from scrutiny while still maintaining the freedom to access their accounts from any computer with an Internet connection. Having your data located offshore means that it is virtually impossible for third parties to gain physical access to the computers on which your files and messages are held.

SafeHaven gives you all the features and benefits of Safe-mail for Business with the additional security of an offshore server at the following great value prices:

Program Max # of addresses Total disk space Annual fee
Iron 5 200MB $225/year

Bronze 10 400MB $375/year

Silver 25 1GB $825/year

Ruby 50 2GB $1500/year

Gold 100 4GB $2850/year

Their email price for extra storage is also up there. To me they are going for a questionable clientele?


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to Tempus45

said by Tempus45:

Even PGP has its limitations. If served with a warrant, the Feds would have the capability to intercept key strokes and computer snapshots.
Don't let them have access to your machine. Set up some sort of detection mechanism or keep the PC locked away in a secure room

I am a firm believer that security software nowadays have a back door that allow law enforcement to circumvent any security measures and precautions.
Nah. All good encryption software has open source code so we know that PGP/GPG are not back doored. Neither is Truecrypt.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to Mchart

said by Mchart:

NSA (Or any DoD agency for that matter) is bound by the law to not touch *anything* that has to do with any 'five eyes' citizens. The caveat to that is unless it has been legally deemed that said person is a threat to said national entities.

So while the NSA may or may not have the capabilities to crack your stuff - They can't. On top of that, i'm fairly certain they have bigger fish to fry.
There is controversy within the crypto community about what NSA can do. There's not much doubt they are several years ahead of the "rest of us" where cryptanalysis is concerned, but most expert cryptologists do not believe they can crack algorithms like RSA or AES. However, they can launch massive dictionary attacks, but that's easy to defend against (but most people probably don't since people tend to be lazy).

But you make a good point; whatever NSA's capabilities, it's highly unlikely that they would get involved in the first place, even if one were running a major criminal enterprise. They simply don't deal with anything that's not a threat to national security. We already know the FBI cannot break the public ciphers like RSA/AES since several past cases have illustrated their helplessness with cracking PGP and other crypto standards.

To the OP: the bottom line here is that it doesn't matter what e-mail provider you use if your data is not being encrypted end-to-end. I have explained why this is and how to do it in my previous posts. Don't rely on providers like Hushmail since they aren't well vetted.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to DataRiker

said by DataRiker:

This seems the best bet. 2048 seems a bit over kill though. Not sure about this but isn't over a certain bit illegal for "communication"?
Perhaps in repressive nations, but not in America. The USA does have silly export laws regarding encryption, but those don't apply to *using* encryption here. This is how they got Phillip Zimmerman (creator of PGP) back in the early 90's -- they threatened him with prosecution for sending "munitions" overseas. The govt. was not happy that he was giving the rest of the world access to strong encryption.

And 2048 bits is basically considered the normal key size now. It's not recommended to go below that if creating new asymmetric keys. if you're using 1024 bit keys, it is time to upgrade as it probably wont be too long before 1024 bits is factored in public.

I think many people get confused by asymmetric vs. symmetric key sizes. Remember that symmetric keys will have smaller key sizes for the same amount of security. Therefore, 128 bit AES is about equal to 3072 bit RSA (according to NIST).
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


Tempus45
Premium
join:2006-07-08
USA

1 edit
reply to Frydays

Click for full size
This is an excerpt in Wikipedia about Hushmail Controversy.

Until September 2007, Hushmail received generally favorable reviews in the press. It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not as imminent in Canada as they are in the United States and if data were to be handed over encrypted messages would be available only in encrypted form. However, recent developments have led to doubts among security-conscious users about Hushmail's security and concern over a backdoor in an OpenPGP service. Hushmail has turned over cleartext copies of private e-mail messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States.

»en.wikipedia.org/wiki/Hushmail

--
It is true that liberty is precious, but is it so precious it must be rationed?


MineCoast
Premium
join:2004-10-06
127.0.0.1

1 edit
reply to Frydays

»www.appriver.com

»www.youtube.com/watch?v=g8oQiLIi5CY

Moody
Premium
join:2005-07-17
NW USA
reply to Frydays

said by Frydays:

what are the top 5 most secure email providers around free or pay name the top 5 please
There's no such thing as 100% secure when you have to rely on others infrastructure, but coste's as close as you're ever going to get to it. »www.cotse.net/ Look over what all they offer and pick your poison.

Tell him RedLeg sent you!
--
Gary
"When freedom is outlawed, only outlaws will be free!"