Email Privacy

Encryption
Web-Based Encryption
Email Headers

Encryption

Anyone with an interest in privacy issues knows that email is one of the least secure ways to communicate. Your mail can be intercepted enroute, the entire mail spool (a popular target of intruders and industrial spies) can be copied, privileged accounts can be used to rifle through mail, and web based accounts leave cached records of private mail in browser files. The most obvious way to protect one's email communications is to encrypt them with a powerful algorithm.
 

What algorithm is best?

Web-Based Encryption

Some people don't like using crypto on their mail because its a hassle setting up accounts, generating keys, and reconfiguring their mail reader to interface with the encryption program. In response to such users, several companies have begun to offer web-based encrypted mail. Counterpane Security http://www.counterpane.com has reviewed http://www.counterpane.com/crypto-gram-9908.html several of the major web-based mail encryption services. Their findings are summarized below.

Encrypting web based email services:

HushMail: HushMail is a free, web based email service that offers strong encryption (1024 bit Blowfish) on message encryption, and ElGamal for key exchange and signatures. On the downside: HushMail demands registration before use (though anon accounts are permitted) and won't allow connection through a proxy. HushMail servers are located in Canada (making them open to lawer-based attacks).

YNN Mail: YNN Mail is another free web based mail system, offering 40 bit SSL encryption on all messages. This service is certainly not tight security.

Zero Knowlege Systems: ZKS' proprietary Freedom network encrypts and chains their own remailers in order to help gaurentee privacy.

ZipLip: ZipLip is another free, annonymous, encrypted mail system. Unlike Hushmail however, ZipLip requires no registration, and destroys mail 24 hours after its read. ZipLip uses SSL for the transaction only, so encrypt before you send. If you opt to use a passphrase, do NOT supply a hint.

ZixMail: ZixMail is hamstrung by the fact that you need to downlaod software to use it.
 


Headers

 X-Apparently-To:stukach@yahoo.com via mdd202.mail.yahoo.com
            X-Track2: 2
               X-Track: 1: 40
             Received:  from f122.law7.hotmail.com (HELO hotmail.com) (216.33.237.122) by
                              mta101.mail.yahoo.com with SMTP; 17 Nov 1999 16:40:54 -0000
             Received: (qmail 3000 invoked by uid 0); 17 Nov 1999 16:40:48 -0000
        Message-ID: <19991117164048.2999.qmail@hotmail.com>
            Received: from 24.48.89.101 by www.hotmail.com with HTTP; Wed, 17 Nov 1999 08:40:48 PST
 X-Originating-IP: [24.48.89.101]
                   From: "Black Axe" <black_axe@hotmail.com>
                       To: stukach@yahoo.com
               Subject: nothing
                   Date: Wed, 17 Nov 1999 08:40:48 PST
    Mime-Version: 1.0
     Content-Type: text/plain; format=flowed
  Content-Length: 127

The highlighted portions of this header contain valuable clues about where this mail came from. The address at the bottom of the header, <black_axe@hotmail.com>, is the original sender. [24.48.89.101] is the IP that the message originated from (not the original mail server, the actual machine). f122.law7.hotmail.com is the first mail server to receive this message; 216.33.237.122 is supposedly that servers IP address.