Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is why I setup my own email server...

Here is a great guide for anyone interested: https://www.exratione.com/2012/05/a-mailserver-on-ubuntu-120...

I set mine up on CentOS 5 using this guide. I would recommend you also look at DKIM signing and SPF records to improve deliverability! :)



email is not encrypted... they'll just have your hosting provider or ISP copy your email when it's received/sent


My e-mail system is set to prefer TLS wherever possible. Spot-checks of headers incoming from other sources show that, at the minimum, a TLS session is successfully negotiated approximately 85% of the time so messages from those sources are presumed to be encrypted while in transit. All clients must connect using TLS (either IMAP-S or HTTPS). Yes, unencrypted copies likely exist on the sending side (the data storage disks for my e-mail servers are encrypted) and the client storage for some of my users is in the clear but it's not possible for my ISP to read the bits in flight.


so the nsa gets a list of IP addresses of mail servers that sent you mail, and sends a subpoena to each of those providers instead.


If they want to get you they're gonna get you. The point is that takes a lot more work than the analyst sitting at his desk typing in friggin Google searches on your Gmail.


And the odds you'll know it has happened is much higher.


And if the other side happens to be self-hosted as well or an provider based outside the US?


The NSA is primarily concerned with communication outside of the US. You would have less protection with a foreign provider.


Given that I am not an US-citizen I would argue that I am better of an provider outside.. namely myself. Have fun puzzling together a complete picture from dozens of providers.


Since when did the American government care about things being outside the US?


Since it's more work to coerce the mail provider into providing them the data, by finding something dirty about them or something like that.

If they just send their subpoena without any of that, it will just end up in /dev/null and that's the end of the story.


Right, but my email service is not likely to suddenly disappear overnight (like post) and also isn't owned and controlled by a large corporations in the same pocket as the US government (which isn't even my government... but seemingly still has access to my emails...).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: