Ask HN: What is the most secure way to do email? - yata01
======
LinuxBender
In terms of transport security, ensure you control the server on your end and
enforce TLS and certificate validation of the servers you converse with.
Postfix+Dovecot are a popular solution for personal use or small orgs. For a
business, consider CommuniGate mail server. If you can't host the mail server,
then use a mail provider you feel you can trust from a legal and jurisdiction
perspective.

In terms of payload security, gpg encrypt your messages. Exchange gpg public
keys with the other parties in a secure manor. Avoid gpg key servers if you
are privacy conscious.

Disable HTML, CSS and Javascript in your mail reader. Enforce plain text. Use
an application firewall on the machine your mail client resides and ensure it
can only connect to your mail server and nowhere else.

If feasible, use plugins on your mail server and/or on your mail client that
convert all manor of hyperlinks and URL's into sanitized links that are not
clickable. Strip out all forms of HTML.

------
nickbee
Thunderbird + enigmail was a decent combo a few years ago.

~~~
yata01
Its been awhile since I’ve used Thunderbird. I haven’t used enigmail before,
it sounds neat.

I’ve been using a mixture of email providers, like Protonmail for example. I
was wondering if that’s about as good as it gets in terms of security.

