Can email be encrypted before it reaches the mail server? If not, is there something that would allow something like this that's being worked on?

Question

I was thinking about hosting my own email (own email server) instead of using Gmail. But then I realized I could never host my email on a server where I'm also hosting Wordpress. That is because I would always fear that someone might have compromised my server; the same could be said about everything else I have on that server, but email is of particular importance given that someone could reset the passwords for most of my online accounts using my email.

The solution would be to have the email encrypted on my server using my public key, so that it would only be readable using my own private key. But if this encryption occurs on the server it's almost just as useless because someone could compromise the server and get to the emails before they get encrypted.

So the second solution that came to my mind was that the email could be encrypted before it reaches the server. For example, having something similar to a DNS MX record containing my public key which would make the transmitting server encrypt the messages using my own public key. So bottom line, is there a way to have the emails encrypted before they reach the server? If not, is there something like this in the works (because I'd be interested to follow their progress)?

smime which requires the client to understand it. The little engine that almost could except for all the engineers messing with the drawing board. — Fiasco Labs, Jan 02 '13 at 00:59

score 4 · Accepted Answer · edited Mar 17 '17 at 13:14

Before you go down the road of hosting your own email, why do you want to get rid of gmail? Is it because of the contextual advertisements,... etc?

Is there another provider that can deliver the privacy and safety you need? (Microsoft Hosted Exchange, Google Hosted mail, or Hushmail)

When it comes to email, there are two general approaches to protecting the data: encryption-in-transport and encryption-at-rest. It sounds like you want encryption at rest, so that even if someone were to compromise your server, they wouldn't have access to your information.

S/MIME, PGP, and Microsoft RMS are commonly used to address this need, but it also seems like you also want to store your MTA in what you consider a non-trusted (or vulnerable) location.

I'm not aware of any standard or RFC that coordinates with external clients that data-at-rest encryption (S/MIME PGP, etc) is required by your MTA.

It may be possible to have your MTA (postfix, IIS SMTP, Exchange Hub Transport, etc) to run an encryption command on every inbound message, and discard the original; but this is a flawed system that can also be attacked by a local compromise.

You should keep in mind what kind of devices you want to read your email on. Do you want to read your mail on a iPhone, desktop, or have messages processed by a system agent? Know that custom solutions outside of S/MIME may make it difficult for you to read and respond to your email.

Is it safe to assume inbound email will reach your MTA, and outbound email will go through Google's servers?

Finally before you decide to switch to your own MTA, make sure all aspects of email security is taken care of. Namely

Is your registrar password sufficiently complex? (where you purchased the domain)
Is your DNS password sufficiently complex? (may be different from where you purchased the domain)
Is the inbound MTA able to protect you from directory harvest attacks?
Is the MTA up to date and patched? (MTA exploits are rarer these days but worth mentioning)
Does the MTA support opportunistic TLS?
Are there antispam/antivirus provisions on the server?
Does it do BATV and DKIM verification on inbound messages?

Look here for some more aspects to be considered when securing email https://security.stackexchange.com/a/982/396

Gmail is probably by far the best security-wise from among my options, but my own solution with encryption before reaching the mail server would have been even better. But I guess that since you say "I'm not aware of any standard or RFC that coordinates with external clients that data-at-rest encryption (S/MIME PGP, etc) is required by your MTA.", this is not possible. — , Jan 02 '13 at 13:47

score 2 · Answer 2 · answered Jan 02 '13 at 02:26

2

If you are looking for a proved secure email service you may want to look at Hushmail.

They also make it possible to download the hushmail engine http://www.hushmail.com/downloads/hee/HushEncryptionEngine_3-0-0-56.zip

answered Jan 02 '13 at 02:26

happy

225
1
6

score 0 · Answer 3 · answered Jan 04 '13 at 18:13

0

I recently had this issue and found a solution that enabled my to host my email at an external provider (O365), but retain control since I held the encryption keys. Check out vaultive.com

answered Jan 04 '13 at 18:13

Amy

1

More exactly how does this solve the problem? If the encryption is performed on the server, the attacker can get at the messages if he compromises the server to an extent that allows him to get at the messages before they are encrypted. – Jan 05 '13 at 18:28

Can email be encrypted before it reaches the mail server? If not, is there something that would allow something like this that's being worked on?

3 Answers3