Anyone with an interest in privacy issues knows that email is one of
the least secure ways to communicate. Your mail can be intercepted enroute,
the entire mail spool (a popular target of intruders and industrial spies)
can be copied, privileged accounts can be used to rifle through mail, and
web based accounts leave cached records of private mail in browser files.
The most obvious way to protect one's email communications is to encrypt
them with a powerful algorithm.
What algorithm is best?
Some people don't like using crypto on their mail because its a hassle setting up accounts, generating keys, and reconfiguring their mail reader to interface with the encryption program. In response to such users, several companies have begun to offer web-based encrypted mail. Counterpane Security <http://www.counterpane.com> has reviewed < http://www.counterpane.com/crypto-gram-9908.html > several of the major web-based mail encryption services. Their findings are summarized below.
Encrypting web based email services:
HushMail: HushMail is a free, web based email service that offers strong encryption (1024 bit Blowfish) on message encryption, and ElGamal for key exchange and signatures. On the downside: HushMail demands registration before use (though anon accounts are permitted) and won't allow connection through a proxy. HushMail servers are located in Canada (making them open to lawer-based attacks).
YNN Mail: YNN Mail is another free web based mail system, offering 40 bit SSL encryption on all messages. This service is certainly not tight security.
Zero Knowlege Systems: ZKS' proprietary Freedom network encrypts and chains their own remailers in order to help gaurentee privacy.
ZipLip: ZipLip is another free, annonymous, encrypted mail system. Unlike Hushmail however, ZipLip requires no registration, and destroys mail 24 hours after its read. ZipLip uses SSL for the transaction only, so encrypt before you send. If you opt to use a passphrase, do NOT supply a hint.
ZixMail: ZixMail is hamstrung by
the fact that you need to downlaod software to use it.
X-Apparently-To:email@example.com via mdd202.mail.yahoo.com
X-Track: 1: 40
Received: from f122.law7.hotmail.com (HELO hotmail.com) (126.96.36.199) by
mta101.mail.yahoo.com with SMTP; 17 Nov 1999 16:40:54 -0000
Received: (qmail 3000 invoked by uid 0); 17 Nov 1999 16:40:48 -0000
Received: from 188.8.131.52 by www.hotmail.com with HTTP; Wed, 17 Nov 1999 08:40:48 PST
From: "Black Axe" <firstname.lastname@example.org>
Date: Wed, 17 Nov 1999 08:40:48 PST
Content-Type: text/plain; format=flowed
The highlighted portions of this header contain valuable clues about where this mail came from. The address at the bottom of the header, <email@example.com>, is the original sender. [184.108.40.206] is the IP that the message originated from (not the original mail server, the actual machine). f122.law7.hotmail.com is the first mail server to receive this message; 220.127.116.11 is supposedly that servers IP address.