[tor-talk] Basics of secure email platform

tor at lists.grepular.com tor at lists.grepular.com
Sat Nov 2 12:50:18 UTC 2013

> I like to start a conversation about secure email provider... If I
> start new email provider now, how to guarantee security and privacy
> for user?

Before becoming a secure e-mail provider, first you should understand
how users can best protect themselves.

Users should not relay outbound messages to someone elses SMTP server.
That's needless leaking.  They should run their own mail server.

>From the standpoint of a *user* running their own mail server--

Ideally, when a mail server sends a message, it takes the most secure
path first, and downgrades the security as needed until the message is
sent.  This means it should make attempts in this order:

  1) Create a list of tor exit nodes that do not block port 25
  2) Command the tor daemon to exit those nodes exclusively.
  3) Send the message SSL over Tor, direct to the recipients mail server.
  4) If that fails, SSL without Tor direct to the recipients mail server.
  5) If that fails, send in the clear direct to the recipients mail server.
  6) If that fails, send in the clear to the recipients mail server
     via non-blacklisted relay.

Postfix is too limiting to be able to handle the above job.  This is
the *real* problem for tor users.  If you want to work on a project to
improve users e-mail security, work on the tooling problems.

If you're really determined to simply be just another e-mail provider,
examine hushmail.com, countermail.com, and safe-mail.net first.  Those
providers are on the right track, because they give a means for
novice users to have end-to-end encryption.  Darkmail is also
something to keep an eye on.

> Do not host in U.S. is obvious but what more?

Also make sure the owner is not a U.S. citizen.

More information about the tor-talk mailing list