Basic email security - why is GPG so rare - etc.
Is regular email, without GPG (or S/MIME which know nothing about), really enough for email security? Here I'm obviously talking about just server-to-server security, where no middle man can see the email. Obviously, without GPG the email providers will still be able to read the email. It seems I have to live with this risk. It's good enough for now.
So my question is, can I somehow determine from /var/log/mail.log (Postfix) whether my email was sent to particular email address, or whether an email from a particular address was received, in a secure fashion? If so, how do I determine this?
Answers to the above questions and any other related thoughts that come to mind on email security, GPG, etc. would be highly appreciated.
4 Replies
It seems to me like email is just an overall insecure communications method. If so it bothers me how commonly used it is.
Again, I ask for your thoughts about these issues. Correct me if I'm wrong. Are my worries unfounded?
For the majority of email, who cares if "other people" read it. Since the beginning of email, it was always advised to treat email like a postcard, not a sealed letter.
Real secure communications requires quite a bit of pre-communication prep (hence the lack of widespread adoption). I find it easier to use a word processor, encrypt that file, then just send the file as a regular email attachment (works as well for moving stuff via dropbox, etc). But I only worry about passwords, financial info, and my plot to take over the government (just kidding nsa).
I think every encrypted email scheme that attempted to make it point-n-click easy, has failed to date.
Thunderbird used to have a plug-in to sign/encrypt email, I don't know if that is current or abandoned.
You best bet….shave one of your slaves head, tattoo the message on their scalp, let the hair grow back, then send your slave to the recipient.
note in the Received: header
The Postfix docs