What's unique about Own-Mailbox isn't that it's a personal email server, but that's is a HARDWARE based server. You've been able to run your own mail server since forever, but yeah, it has required quite a bit of knowledge to do so. The appeal of this is the "plug and play" nature of it.
But... I can't trust them. And considering how much of a niche market "privacy for email" is, I'm not sure if the rest of their target market will trust them either.
The problem is that creating secure software is insanely difficult. There are uncountable ways of getting it wrong and only a few very hard ways of getting it right. The chances of two guys who recently graduated from college magically getting this right on their first try? Well, stranger things have happened, but there's no way I'd count on it.
I'd feel a lot better about this if they were just creating the hardware and letting something like Mailpile handle the software.
The only issue is that....it's not actually end-to-end encryption. They encrypt your data from the server, it doesn't happen directly on the client side. They just claim that they don't know what's happening when the data is encrypted, but if NSA took over their servers, they could easily bypass the encryption of the users.
More discussion here:
https://news.ycombinator.com/item?id=7757420
If you can't wait until Silent Circle's Dark Mail protocol is out, use MailPile, which just uses PGP in a bit friendlier way.
Maybe you should talk to the guys over at mailpile
They are trying to build an open source gmail replacement as well and they already have the search down. Perhaps you could work together with them?
Don't use a service, use software, https://www.mailpile.is/. With Mailpile, it's not necessary to trust anyone because your encryption keys are stored on your own computer. No need to trust a third party.
If you use Windows as your desktop then it isn't a bad plan for sure, but as a Linux user (and admin) I far prefer a nice webmail client, for me gmail perfected that a while ago, just a shame I have to use Google services for it! I have been meaning to give Mailpile a spin, maybe something for the weekend...
Changing your email client by itself wont make any difference to security/privacy, you can use something like simplelogin/anonaddy and enable pgp so that only you can read your emails, despite it going through gmails severs.
Mailpile, or thunderbird can be used with pgp
Mailpile is what I use for this purpose, and it works well behind web proxy.
It can download all your emails (and delete them) from the servers, then it encrypts them for you as well.
Try the demo
They do normal pgp encryption which doesn't encrypt headers. I think there is a way to encrypt the subject subject line with pgp but I don't think that it's mainstream to do so. I don't know if things like dkim would work without the from header being public but maybe.
https://github.com/mailpile/Mailpile/issues/156 talks a bit about encrypted headers. It's hard to find much about it.
https://www.mailpile.is/blog/2014-11-21_To_PGP_MIME_Or_Not.html is also good.
Mailpile does not include its own mail server. Dovecot is a mail server.
If you're looking for corporations that use this open source software and provide a service to you, you might consider FastMail. I'm sure there are other providers, though.
Edit: Here's a comparison of webmail providers.
I use Thunderbird with two two heavily-used accounts, two not-so-heavy accounts, and a handful of RSS feeds. I haven't had the CPU issues you mention but my profile folder is only about 4.6GB.
One of your comments mentions that you were seeing a lot of send/receive traffic in the background. Try performing a complete sync by hitting Menu > File > Offline > Download/sync now. Pick the folders to sync then let it do its thing. I'm wondering if after a full sync your performance might be better. If you don't want to sync all of your account data, you can change your account settings to sync only the last x days of mail. That may help with the slowness too.
Something else to try is to open up the Activity Manager from the menu while Thunderbird is choking. It may tell you what Thunderbird is doing in the background and give you an idea what exactly is slowing it down.
I used Evolution for a brief period of time. As a barebones client it isn't bad. I keep wanting to try Mailpile too.
Mailpile is the mail client I'm looking forward to.
Their next beta release is coming up soon. See if it fits your needs. Coming from gmail. I think you may find it comfortable.
> What they build there seems definitely more secure than gmail.
Yes. But that's hardly a praise, since regular e-mail services security is so weak, other than their basic use of TLS.
> It seems about as secure as using GPG yourself through Enigmail or something similar.
No. You have to trust their PGP code, provided from their own NSA-hackable servers.
My opinion: just wait for DarkMail clients, or use MailPile. They aren't calling it "NSA-proof", but it should actually be more secure than this.
Mailpile is a mailclient that doesn't mind grokking large offline mailboxes, it has a web interface which you may prefer over the thunderbird route where you have an application to run. https://www.mailpile.is/download/
https://www.mailpile.is/download/linux.html#deb
You can download all of the files in here manually, and they show instructions for installing it manually.
Basic steps: 1. Download all .deb files and place into one folder 2. Go into folder and run the commands found on their installation page linked above
Then verify things work as you expect.
Ich nutze Thunderbird mit Enigmail. Wie funktioniert die PGP unterstützung bei denen? Ich werde ganz bestimmt nicht einen private key auf die Server von GMX übermitteln.
Ausserdem bin ich derzeit dabei Briefhaufen auf einer von mir selbst betriebenen Netzwerkrecheneinheit einzurichten. Dann kann ich von jedem Endgerät aus per https auf meinen eigenen E-Brief Kunden^1, der dann auch meinen PGP Privateschlüssel hat. Das vereinigt dann auch gleich die Briefkonten die ich bei verschiedenen Anbietern habe.
[1] E-Mail client
EDIT: Gerade gesehen, dass die einfach Mailvelope verwerden. Das kannst mit quasi jedem webmail machen, z.B. auch gmail. Das hat dann natürlich den vorteil, dass du denen nicht den private key geben musst.
Mailpile has the goal of providing a FOSS alternative to GMail by providing folders/tags, a good search, built in PGP encryption and a decent interface. It is still in beta though and as far as I can figure out you are supposed to run it on your own desktop/laptop. It's also just a webmail client, you still have to setup or use a third-party email service.
I keep meaning to try and switch over to it but never seem to find the time. Currently I am still using GMail and Mailvelope for PGP encryption.
This is my only Chromebook complaint. I can't find a good service that will collect all my email addresses into one app. The only one I've found is AOL's Alto but sometimes the sync is a little strange and it isn't that fast. I am hopeful that Mailpile will grow into this.
Edit: Also Dropmail is coming out at some point soon. It might be what we are looking for.
I have been waiting for Mailpile email client to come out, https://www.mailpile.is/ for email encryption, but it would require both ends use mailpile.
I have also played around with bitmessage along time ago that was cool, not sure if it is still around.
but in ether case you need to exchange keys to whomever you what to receive the key, so your stuck with meeting up in person or mailing a usb flash drive. Or you could stick the key in Lastpass then they could view the key on the other side copy it to their computer and remove it from lastpass. assuming you trust lastpass.
I also remember reading a article that talked about hiding keys in a jpg image. As far as anyone knows it is just a photo of your cat, when in fact it is hiding a key as well.
https://www.mailpile.is/ https://tutanota.com/ http://www.cryptoheaven.com/
All zero knowledge, open source, encrypted email providers. That way you don't have to trust if they are doing what they say.
For ease of use, ProtonMail. Keep in mind the keys are managed by the company, though, so if the US gov somehow gets to the Switzerland gov, who then gets to ProtonMail, then you're screwed. Also if it gets hacked.
There's also Mailpile that uses PGP, local client, but looks like a web app in usage.
Lavaboom - no idea how secure it is (Germany).
You can also use the Mailvelope extension from the Chrome store - again PGP.
> hotmail and yahoo are as secure as you can get in all honesty
That's not quite true. Gmail is definitely more secure than both Yahoo and Hotmail (Yahoo especially has gotten hacked like every 2 months lately). And if you e-mail Gmail to Gmail, the messages are encrypted in transit from server to server, too, because Google is using SMTP-TLS.
That being said, even Gmail sets a pretty low bar, because it's not end to end strong encryption, that something like PGP can offer you. The 2 e-mail apps/services that are supposedly "easy to use" are LEAP (which EFF recommends, too), and MailPipe (which isn't finished). Both use PGP and are locally encrypted.
The one I'm waiting for though is the DarkMail protocol. It should be done soon, and I think MailPipe also said it will integrate it. They will use something that's much simpler to use than PGP (although the first 2 I mentioned are saying they will make PGP very easy to use, too), and there could be a lot of clients using it - if it's really good (which we still have to see), and hopefully doesn't come with licenses or something.
I think python is a bit too slow to be used for actual networking code. So you're probably looking more at applications that might run on top of a mesh network. For example, Mailpile or MediaGoblin are both written in python.
Also, FreedomBuddy looks like it could be a useful tool for sharing services on a mesh network.
Have a look at Mailstore Home. Sounds like it might be just what you need.
It is a Windows application though, so if you need something more platform agnostic, maybe Mailpile is the right solution.
Have you explored self-hosted options? I found this discussion of labels, which mentioned mailcow and mailpile.is, for example.
Ive been looking into something similiar - get my mail from gmail, outlook, work imap, and put it on my own network .
check out mailpile , it downloads, encrypts and gives you a web view to use. they say install on your device, im going to put on a server at home and use the web interface.
​
also Mailpiler (no relation) downloads and works as a mail archive, also with a web interface.
​
as far as im concerned for incoming mail, this on a pi with external drive would replace helm. for outgoing mail im open to suggestions :) mailgun etc?
I replaced inbox with https://www.mailpile.is/
It's not necessarily what you want, but it's worked well for me. It's allowing me to sync many email accounts in one place and view it from any device, including mobile.
I use https://www.mailpile.is and works perfectly, it meets your listed need. I am using it to access to thousands of emails. It also stores all those emails in an encrypted container. It is a frontend as well, so not sure what you mean by "mask" It can fetch the emails and delete them from the server if it is supported.
The only thing is that you need to change the security app settings in your gmail to let Mailpile to access to it, Gmail appearantly have not renewed the developer's keys yet.
>Mailpile is an effort to reclaim private communication on the Internet. A project to rescue our personal lives from the proprietary cloud and prevent our conversations from being strip-mined for corporate profit and government surveillance. Mailpile is taking e-mail back.
It is mobile ui is not bad however this is a one stop solution. It offers encryption at rest, so using another client to access it does not make sense given only the Mailpile itself can decrypt the keys in the session.
https://en.wikipedia.org/wiki/PayPal#Criticism
For example, check out what they did to Mailpile, a Free Software project that used crowdfunding.
Paypal are the worst. They hold your money, but claim that they are neither a money transfer service or a bank, and don't have to be regulated as such, so don't pay attention to the consumer protection laws that exist for money transfer services and banks - and consequently sometimes just take peoples money and then hold onto it and tell them to fuck off.
But that's "disruptive" internet startups for you. Claiming they're not banks, or taxi companies, or travel booking operators, so they don't have to follow the laws that protect customers, suppliers, and employees (sorry, "independent gig economy contractors") and hope they can evade accountability long enough for the low prices these shenanigans allow them to pull to put their competitors out of business.
Fuck Paypal.
You can download and delete all the emails from Gmail and use Mailpile to access from anywhere, while using it to send and receieve emails. Plus the content is encrypted on your drive.
I don't know about the labels exactly, but I've used Mailpile in the past and was pleased. It looks like it might just be what you want. Convos are supported completely. You run a server on your PC and can use a frontend or the webbrowser to connect to it. https://www.mailpile.is/
You can use Mailpile on the server that pulls the email as it reaches the server, removes from the pool and encrypts it on the server, however you will need to use Mailpile to access your email (like Protonmail way), which cna be done remotely or from a mobile browser.
It can also utilize pgp and such automatically if you want when storing and sending if the other side has a key on assigned.
That's not strictly true. ProtonMail users a standard called OpenPGP (RFC 4880) and can work with anything that understands that standard. For example it includes Thunderbird+Enigmail or Mailpile.
Bitmsg doesn't seem to support OpenPGP (although I admit their homepage is a little bit scarce on the details what exactly do they do).
Obviously, mutt. Once you spend the days necessary to configure and learn it, it's unlikely to ever change.
I'm using Mailpile lately (they have a deb repo) but it's browser-based and beta quality. On the upside, you can run it on your server and use like webmail.
Mailpile will leave you dependent on someone else's email system: https://www.mailpile.is/faq/#wha-5
Setting up your own email server is not for the lazy. Or untrained. Maintaining it is not for the lazy or untrained. If you're really set on this I would set up a home Linux box and install iredmail. https://www.youtube.com/watch?v=uJ_AVoWbppc
There are other free email providers, like Hotmail, Yahoo, what your ISP provides as part of your ISP access. There are paid services as well. There are email providers outside the US you can use: FastMail is one, then there is Tutanota. There are others. There's an email service on the dark web. I forget what it's called.
As another alternative, try running mailpile in an iframe on your django site? Of course you'd would need to be able to work with Mailpile's AGPLv3 license, and there's still plenty other issues.
Forgot to exclude Java as well. Was more looking for something barely used like Python, Lua, Ocaml...
Someone on this thread mentionned mailpile which seems to be written in Python. I'll have to keep an eye on it.
good point. When I wrote that I was thinking of code you download to your computer and then run. But in the context here where it's in the cloud, there definitely is a problem.
Still, I think there is more opportunity for people (as a group) to learn of malfeasance than if the code is proprietary.
Projects like Mailpile hopefully will give us more control cause we can still make use of these services while relying on code on our computer to encrypt.
I wrote the "spec" (which isn't a spec yet), so I guess that I should be one answering that question.
First of all, whenever we say metadata, we mean all outgoing and incoming email headers. Emails sent out by lavab/web (ie. mail.lavaboom.com) only contain information about parts (content type and hash), address fields (to, from, cc, bcc) and the subject. If you analyze manifests of emails that are received from third-parties (such as Gmail -> Lavaboom), you'll see that every header ends up being stored in the manifest, rather than in plaintext.
There are many issues in PGP/MIME, which were accurately described in Bjarni Runar's blog post. From our POV, the hassle of having to decrypt the whole email in order to fetch metadata and attachment information is way too much - we want our client app to be as fast as possible. Adding a 15MB attachment can almost kill a web client, especially if it doesn't support hardware-accelerated crypto operations. We analyzed all possible alternatives and what we came up with seems to be the best of two worlds, except the attachment's format, which will be discussed with Bjarni soon.
In theory any client should be able to at least read the body of the email. Unfortunately noone who developed any opensource PGP toolkit came up with the idea to inject into the parser in order to decrypt, instead of decrypting whatever the client treats as a body. That's why Thunderbird with Enigmail treats the first, encrypted part of the body, as unsupported and shows the fallback message. Over the next month we'll try to finalize a spec for PGP manifests and hopefully add support for them in external software.
Regarding your email - a response to your email might have been not delivered due to an issue with our support system (which is a third-party product). That's fixed now. Sorry about that!
I just found out https://www.mailpile.is/ It seems good. Going to test it out. Its for emails. Regarding your wish to designing your own all in one product - will take awhile...over 5 years I recken. By then, you will want more so its ever growing. What business are you in? I also use a lot of dropbox.com and googledrive.com They are good for sharing. My latest aha is this mindmap tool. Check it out - its still having more and more features http://mindmup.com/ You can store it into your google drive, so all free.
I use gmail, but I am thinking about switching to mailpile once it is announced as stable.
It looks like Mailpile will have all the features a gmail user would expect, plus builtin, transparent support for pgp.
Took a quick glance at the privacy policy and it seems alright, although they're based in a five-eyes state :/
I'm with Posteo and like them as well, the services seem really similar actually.
Quick tip in case you're interested: Mailpile will start its beta phase this weekend, maybe that's something for you :)
Well, the easiest thing to do is use Google Apps for Business. If you want to do it totally by yourself, though, you could try mailpile. Or you could use Ars Technica's fairly recent tutorial.
I have looked into this for quite some time now and have found very few answers. GNU PG is a good option but is hard to integrate. You can use it with the enigmail thunderbird plugin and use public keyservers for distributing the public keys. Although the person you are sending it to has to use the same setup and is quite frustrating. I would recommend setting up a VPS(cheap but not as secure as a dedicated server) with something like mailpile or something slightly more robust. If you find anything let me know and if you have any questions about setup on your own server, Ive worked for two web hosting companies and would have no problem helping you out.