At this point I don't care about contacts or calendar encryption (which I know are fully E2E encrypted for Protonmail but not necessarily for others). But just for emails, there is this list of recommended providers from Privacyguides.org: https://www.privacyguides.org/providers/email/
- Protonmail: "ProtonMail has zero access encryption at rest for your emails, address book contacts, and calendars. This means the messages and other data stored in your account are only readable by you."
- Mailbox.org: "Mailbox.org allows for encryption of incoming mail using their encrypted mailbox. New messages that you receive will then be immediately encrypted with your public key."
- Posteo: "Posteo has zero access encryption for email storage. This means the messages stored in your account are only readable by you."
- Tutanota: "Tutanota has zero access encryption at rest for your emails, address book contacts, and calendars. This means the messages and other data stored in your account are only readable by you."
- Startmail: "StartMail has zero access encryption at rest, using their "user vault" system. When a user logs in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key."
So first of all I am a bit confused about the difference between end-to-end encryption and zero access encryption. Seems like only Protonmail and Tutanota have E2EE (hence can't be used with normal email clients) but it seems Mailbox.org, Posteo and Startmail also have no way of accessing your emails, so the end result and privacy/security is the same, or not? What's the point of using Protonmail, which costs way more and forces you to use their app (at least on mobile), when Posteo or Mailbox.org apparently also can't read your emails or hand them over to the authorities?
I kind of want to go for Protonmail but I don't understand how their prices are justified beyond "oh it's in Switzerland in their own data centre" which tbh shouldn't matter as long as there is zero access encryption.
Can someone share what successful email encryption method you used to send your personal information encrypted to PHSAAD@HHS.GOV?
Thanks
Sorry if that's a dumb question. But all my mail is stored by my host through their own mail client. So even though I'm using Thunderbird to encrypt emails at my end, doesn't that mean if someone gained access to my domain name host, surely they'd be able to read the emails ? Or have I got this totally backwards?
Hello,
I started using Mailbox.org in the pursuit of privacy. The "normal" things work just fine and great. But IΒ΄m still confused about the encryption part.
As far as I undertstood, I need to enable it, this will generate two keys: a public and a private. The public is to be distributed for the recipients and the private is only for me to decrypt.
I also read that when the recipient doesnΒ΄t have a public key, a temprary email will be generated for him.
So, and if IΒ΄m not mistaken, once you enable it, will you not be able to send "normal" emails anymore?
Because, I would like to have my inbox encrypted, but when sending an email to my landlord or any other not critical communication, I would like to keep it simple for the recipient.
Thank you very much!
I got access to my account. At the end
Need help getting access to my email. The password i have is not workingβ¦ i didnβt set up a recovery email.
Fortunately i wrote down the encryption key that was given when I made my email.
How can i reset my email/ password with the encryption key?
I emailed them with the βreport a bugβ tab. Not if that is sufficient.
Please help me. ππ
Problems:
1.I spelling the recovery email incorrectly. 2. I wrote down the password but it wasnβt really clear.
Solution.
I tried every possibility for the password, after 3 tries i had to start proving Im not a robot. Fortunately i got it after 50+ tries.
Another way if you do not remember the recovery email is by selecting cant remember user ID and placing all the possible email that you think you used. An email will be sent to that email with the user ID.
Keep in mind :
You should always save your password, write it down in a clearly if you do not want to save it electronically on your computer.
Double check the recovery email.
Use your cell number.
I hope this can help.
Again thank you for all your input guys!!
For example, like Protonmail or Tutanota.
Does email encryption E2EE and zero access really matter?
Donβt get me wrong, theyβre great features but I feel like most secure email companies are trying to sell me a fab and scare me into buying their service. In a real world setting, the E2EE they promise only works in intradomain emails and we donβt really do that often do we? Most Emails I send at least, are to other people that donβt use protonmail or tutanota for instance. I understand those services have also implemented some kind of portal so that people from outside that domain could login with a password you provide and reply to your email fully encrypted, but again, are you really going to do that with most of your emails, seems tedious for the most part? And finally there is PGP, which is again too complicated for non geeky people so no one really does that. I understand some of those email clients have streamlined the process to import public keys and the decryption, but still, pretty rare to find someone that uses pgp in my experience.
Emails are inherently insecure so why would we try to invent all those technologies to make them compatible with something they were not designed for? Instead, I would use a service like Signal or Matrix for more sensitive information. And keep my emails βnot sensitiveβ while making sure to choose a provider that respects PRIVACY.
What are your thoughts?
Hi All,
Running on prem Exchange 2016 which will be upgraded soon but remain on prem. For everyone asking, our business requirements dictate an on prem server. O365 is not an option.
EDIT: I am looking for products that, when a button is pushed on the outlook ribbon, it leverages a secure message portal for sending it. The recipient receives a message that they have to log in to view the message.
I have a secure portal right now, but users have to sign into it and use it. I'd like them to always be able to use outlook and just hit a button instead of using two systems.
Any product suggestions? I know Citrix does this, but I really am not a fan of Citrix in general.
Thanks!
I've been at this twice now, and can get encryption to work. S/mime, PKI just refuses to work and fails every test. Any advice? Microsoft docs are all apparently out dated...
Hi everyone!
I'm about to switch from GMail into Mailbox.org, and they (much as other recommended providers) support "Zero Access Encryption". It handle the case where the other side send unencrypted mail. What Mailbox do, is once the mail reach Mailbox's servers, they encrypt it with your PGP public Key, and save it Encrypted. Without that feature, the E-mail is just saved unencrypted.
I tried it for about a week, and this create sort of a strange user experience.
a. If you want to use the Web-client, they need your Private Key to unencrypted the mails. They Store your Private Key and password protect it. This make working a bit of a wonky, because once in a while you need a 2nd password to unlock the private Key, even if your already logged in.
b. Being new to that, encrypting all my mails, and making sure I will never loss this Private Key is scary. I have a decent backup setup, but it's so easy to get locked out (your in a trip, you lost your phone - you don't have you private Key now). So right, I can make sure I carry USB key with me with the key etc etc, but....
I wonder if that feature is even needed for the typical person. The goal of leaving GMail, is so no bot will check my mails, collect data on me etc. My mail has things like Water/Electricity bill, My Paypal receipts etc. There's nothing "Illegal", or something I REALLY don't want people not to know about (maybe Doctor appointments). GMail was collection all the information. So I guess it boils down into - Do you Trust you secure Mail Provider to not do it like they claim?
Because even if you don't - There so many places the provider CAN read your mail if the provider wants: Just before it encrypt them with your public Key, It can copy your Private Key before it passwork protect it (javascript) etc etc. I know the only real security is self-hosting, but I don't see myself doing that anytime soon.
So to me Zero Access sounds a bit like sugar coating? or am I'm wrong here? Maybe the only good benefit of it, is that if someone access your data (like hacking into Mailbox servers), he can't access your mail because they saved encrypted. I consider just "Trusting" them, and get it over with, or Encryption is really something I should consider?
Thanks!
Hopefully someone has attempted this recently and can fill me in- I'm trying to setup email encryption so that I can have a mail flow rule setup that when any internal email is sent externally with a certain word (like [encrypt]), the email is encrypted using OME. I've done this setup many times before with no problem in setting up RMS Templates, etc to attach to the rule.
It seems that Microsoft depreciated Azure Information Protection and RMS- so this approach no longer works? Every piece of Microsoft documentation I find seems to not be updated and keeps leading to dead ends on this. From what i'm finding- this all changed back around Spring 2021 when Azure Information Protection was depreciated.
Hopefully i'm just confused and missing something- thanks in advance!!
Are emails forwarded from SimpleLogin to Outlook/Gmail/ProtonMail/Etc encrypted with TLS in transit? If so, does using PGP replace that encryption or compliment it?
Hello, does CTemplar provides an api to retrieve the public key of an email address ? It's for instance already implemented by Protonmail, and would allow automated encryption for someone sending an email to a CTemplar address (when using a supported client like Canary Mail, which scan known public key servers, including the Protonmail one, for that purpose).
Also, could CTemplar email clients (Web, Android...) do the same thing (try to retrieve public keys and if successful, automatically encrypt emails) ? Are both features planned ? If so, is there a GitHub issue opened so we can track the progress ? Thanks.
Hi folks,
I am new to this subreddit, so please go easy on me if the question seems dumb.
Our team got a new pair of email gateways to replace current ones, which are using STARTTLS as a way to encrypt the communication (not the end-to-end email). With how dangerous the Internet can get (to the email environment specifically),
- Is it worth if we go all the way to SMTPS (TCP/465) rather than using STARTTLS (TCP/25)? Are all Internet-facing SMTP servers guaranteed to support TLS encryption?
- Do we need to enforce S/MIME (at least on our mail gateway), and if yes how should we process with sending public keys to recipients/receiving SMTP servers for encryption and vice versa?
Context: we're only normal non-governmental business providing IT managed services to customers. Things like on-site implementation, warranty and DoA; SOC; etc. It's mainly a question from the SOC team since there would be emails between them and our company's customers.
So we just had an election and we have a few new board members. One of the new board members is telling us that we need to encrypt our emails. I was under the impression that emails were already encrypted by default. We use Office 365.
I will start looking into this, but is there anything I should know? Are there any "gotcha's" when it comes to email encryption? I don't want to make any changes that will make things any more difficult for the staff in this year of hell and instability.
I have a client who has outlook but the encryption button/ribbon for new email is missing ,tried looking online for support or any one who ran into the issue and the articles are outdated or not solving my issues
Does any one here possibly have a solution for me
Every exchange and service that deals with money and crypto should support that. Is BlockFi planning to support that? There should be a way to encrypt emails for login, send confirmations, etc.
Can someone clarify the email encryption license requirements for O365? Our staff is mostly on E1 licenses right now but if I am reading this correctly we could either upgrade them to E3 licenses or purchase Azure Information Protection Plan 1 licenses for everyone.
At this point I don't care about contacts or calendar encryption (which I know are fully E2E encrypted for Protonmail but not necessarily for others). But just for emails, there is this list of recommended providers from Privacyguides.org: https://www.privacyguides.org/providers/email/
- Protonmail: "ProtonMail has zero access encryption at rest for your emails, address book contacts, and calendars. This means the messages and other data stored in your account are only readable by you."
- Mailbox.org: "Mailbox.org allows for encryption of incoming mail using their encrypted mailbox. New messages that you receive will then be immediately encrypted with your public key."
- Posteo: "Posteo has zero access encryption for email storage. This means the messages stored in your account are only readable by you."
- Tutanota: "Tutanota has zero access encryption at rest for your emails, address book contacts, and calendars. This means the messages and other data stored in your account are only readable by you."
- Startmail: "StartMail has zero access encryption at rest, using their "user vault" system. When a user logs in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key."
So first of all I am a bit confused about the difference between end-to-end encryption and zero access encryption. Seems like only Protonmail and Tutanota have E2EE (hence can't be used with normal email clients) but it seems Mailbox.org, Posteo and Startmail also have no way of accessing your emails, so the end result and privacy/security is the same, or not? What's the point of using Protonmail, which costs way more and forces you to use their app (at least on mobile), when Posteo or Mailbox.org apparently also can't read your emails or hand them over to the authorities?
I kind of want to go for Protonmail but I don't understand how their prices are justified beyond "oh it's in Switzerland in their own data centre" which tbh shouldn't matter as long as there is zero access encryption.
