Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Best secure e-mail

  1. Mar 15, 2006 #1
    I know that there are some encrypted e-mails services that are free. Which ones are good ones? Have you used any? Hotmail, yahoo,etc are not encrypted........neither is g-mail
  2. jcsd
  3. Mar 15, 2006 #2
    Good question. You would be MUCH better off using a stand-alone program to encrypt your email for use over standard email services.
    But, that's not your question, so I will post this Q on another forum I belong which deals with such issues and report back(takes a day or so for good answers)
  4. Mar 15, 2006 #3
    Why would you rely on someone else's service to encrypt your data? Encrypt it yourself.
  5. Mar 15, 2006 #4


    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Even if your webmail service encrypts their HTTP traffic, the emails themselves are still being sent over SMTP from one mail server to another, completely unencrypted.

    Like franz, I suggest you just use an email client which includes support for PGP encryption.

    - Warren
  6. Mar 15, 2006 #5
    That is not correct. An originating encrypted email, be it from the user himself or through a service, remains encrypted throughout all of the "jumps"
    What you might be referring to is that the transport protocol itself is not, and SHOULD NOT be encrypted, else you will lose transport ability. BUT, the contained encrypted data in each packet frame maintains encrypted regardless of how many mail servers it goes through to reach its destination.
  7. Mar 15, 2006 #6
    In addition, many services which provide e-mail encryption DO NOT just do it at their mail server. You are provided with an encyption applet to secure the transmission to their server.
  8. Mar 16, 2006 #7


    User Avatar
    Staff Emeritus
    Science Advisor
    Gold Member

    Excuse me?

    If a webmail service uses secure HTTP (https) to communicate with its users, but then transfers their (plaintext) mail to other mail servers with SMTP, then the messages are still being moved in plaintext across the network -- just not from the user's machine.

    If the service actually encrypts messages for you before transferring them via SMTP to other mail servers, then it would seem the only people who could read them are those who use the same service (or know the algorithm the service employs, and have the key and so on).

    - Warren
  9. Mar 16, 2006 #8
    Actually this is what Chroot was saying, the payload of SMTP is not encrypted unless you encrypted it yourself via PGP or whatever.

    This is correct ^

    This isnt ^

    You cannt encrypt a "protocol" and using these two words in the same sentance makes no sence. You encrypt the payload, or Data contained within a packet not a protocol. A protocol is a standard of formal message formates and rules that two devices use to communicate, they aggree on how to communicate so they can. The IP protocol suite is a OPEN standard..

    IPSec is a routed protocol, in 2 versions tunneling or TRANSPORT mode, the payload is encrytped in both, and in Tunneling mode, both the IP header and payload is encrypted. Actually I am posting on this forum regularly with my packets in an encrypted transport protocol. As you can see I dont loose any routing ability. And when I do, nobody will see my actual IP address, not even the admins. :cool:
    Last edited: Mar 16, 2006
  10. Mar 16, 2006 #9
    Anyway to answer your question, the best encryption you can get your hands on would be to use a "key pair", public and private key pair to encrypt your emails like what RSA or PGP uses... give your public key to anyone you want to communicate with you, and have them encrypt the message with this public key, only your private key can decrypt the message
Share this great discussion with others via Reddit, Google+, Twitter, or Facebook