[Users] Best free e-mail service that works with Claws Mail by POP3

Ralf Hutter rhutter at posteo.de
Fri Dec 16 16:20:42 CET 2016


On Fri, 16 Dec 2016 02:57:59 -0800 lists at lazygranch.com wrote:

> Reading their "news", posteo looks very good. I guess I need to get
> my act together and figure out how to set up DNSSEC/DANE on my
> server. I have every anti-spoofing feature just short of DANE
> working. 
> 
> To elaborate a bit, the Posteo Web interface will indicate if the
> mail comes from a DANE enabled server. (DANE prevents DNS spoofing. )
> 
> In addition, Posteo can force TLS. ‎Most email serves are set up so
> that the incoming mail "may" be encrypted, but this is not forced.
> Now I am assuming Posteo bounces any message where TLS wasn't
> available. Note there is this man in the middle attack knows as TLS
> Stripping that interferes with TLS in a way to force the email server
> to choose plain text if the "may" option is set. 
> 
> On paper, Posteo looks very good.
> 
> The darling of the not-free email these days supposedly is Proton
> Mail. 
> 
> I so want to say for the record that I don't like email services that
> provide a web interface. The problem is these kind of security
> features don't exist on an email client. 
> 
> I joined the claws list initially to see if there was a way to make
> Claws check SPF and DKIM. That would be a great feature, also with
> displaying if TLS was used. This is not trivial since email headers
> have much variety.
> 
>   Original Message  
> From: Michael
> Sent: Friday, December 16, 2016 2:19 AM
> To: users at lists.claws-mail.org
> Subject: Re: [Users] Best free e-mail service that works with Claws
> Mail by POP3
> 
> I'm using GMX accounts since many years, and yes, they got some
> amount of SPAM, but they have good custom SPAM filtering feature in
> their web interface, and anyway claws is good with that too ... aside
> from that, GMX works just fine in every respect.
> 
> It's a German company, but because of their many connections to the
> USA (one big data center in Kansas, GMX owns mail.ocm from
> Philadelphia, PSI-USA of LAs Vegas, and the UK/USA sedo.com, and
> parent company United Internet has subsidiary in the USA too [see
> wikipedia United_Internet] ) i don't entrust them with private mail
> anymore. I switched to small startup posteo.de which is 1 buck /
> month but puts a lot of effort into privacy and security. I believe
> there is no "free" (as in beer) email provider who does not store,
> profile, and market your data. Especially not google.
> 

Right, you can configure Posteo (with one click) to not send an email
if the receiving server allows unencrypted email connection, which
would make man-in-the-middle-attacks possible. When they introduced
this feature a few months ago, they found out and made public soon that
some big german institutions don't (or didn't at that time) offer this
forced encryption, which is not a new technology. One example was the
domain of the Social Democratic Party.
I myself have encountered the problem with 2 different institutions
whose domains belong to the spanish government.
Posteo is also important in that it makes good press work in favour of
email security. Last week they even were the first email provider to
get a certificate by the german state for "Secure Email Transport".

Regarding all of those privacy violations going on with other email
providers - Yahoo has just again broken its own record:
https://www.yahoo.com/news/yahoo-says-hackers-stole-information-221214183.html
Here the case that became public a few months ago:
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT 
I recommend you don't use just any free email service. Look for the ones
with privacy sensitivity, like Posteo. Look for example here:
https://www.systemli.org/en/friends.html
https://riseup.net/en/security/resources/radical-servers 
Good luck!
Ralf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20161216/ef803697/attachment.sig>


More information about the Users mailing list