2

I have a friend who is located in a part of the world that makes email encryption prudent for them. While I recommended OpenPGP, my friend thinks that it would have too high of a setup requirement for many of the people that would be sending them email. Also, they are unconcerned about the email being encrypted once it is out of the country.

So, what I was wondering is if there is a product or service available (I would prefer a reasonably priced service, but I can host it myself if need be) that would encrypt all their mail at the server using their OpenPGP public key, so everything is encrypted when they download the mail. Also, it would need to allow them to encrypt their outgoing mail, which would them be unencrypted at the email server, and continue on in plain text.

Thanks!

woodsbw
  • 569
  • 2
  • 7
  • 18
  • Since you say "they are unconcerned about the email being encrypted once it is out of the country" can you clarify whether this server is in the country concerned, or not? – MadHatter Jun 13 '11 at 15:09
  • No, the server is out of country. – woodsbw Jun 13 '11 at 16:31
  • Then I endorse larsks' suggestions regarding IMAPS and SMTP TLS; on-the-wire encryption will deal with all your concerns except storage of unencrypted emails on users' systems, and that's better dealt with via HDD encryption, in this scenario. End-to-end encryption has many uses, but this doesn't appear to be one of them. I favour IMAPS over POPS as the former defaults to leaving read email on the server (in the safe zone) vs. on the users' systems (in the unsafe zone). – MadHatter Jun 13 '11 at 22:27
  • Product recommendations, including if-exists queries, are off topic per the ServerFault [FAQ](http://serverfault.com/faq). – sysadmin1138 Oct 09 '12 at 21:31

1 Answers1

4

Why not just have them use SSL when communicating with the mail server (both for sending email via SMTP and retrieving email using POP or IMAP)? It seems like this would probably meet your requirements. Between the clients and the mail server all communication would be encrypted. The mail server would forward email on to its destination over unencrypted SMTP connections, but from your question it sounds like this would be okay.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • why not encrypting at source ? ie: http://azure.erisian.com.au/~aj/pgpdaemon/ http://rzr.online.fr/q/gpg – rzr Nov 05 '12 at 21:29