hello friends! new(ish)!
Email: Difference between revisions
>Bisasam m (Bisasam moved page Email on wheels to Email over a redirect without leaving a redirect: revert) |
>God (→Security: - Added some content about PGP) |
||
Line 44: | Line 44: | ||
=== Security === | === Security === | ||
The email system is inherently insecure in many ways that will never be fixed, as it was designed in a time when passwords were rare, and IPv4 had so damn many addresses, we could never possibly use them all. | |||
The best way to secure email is to use [[PGP]], either by using the enigmail addon for Thunderbird, or by copy+pasting to a terminal and using gpg. This allows you to encrypt and sign email, providing confidentiality and authentication, ensuring that only the recipient can read it and that it did indeed come from you. | |||
== External Links == | == External Links == | ||
* [http://flurdy.com/docs/postfix/ How to set up a mail server on a GNU / Linux system] - flurdy.com | * [http://flurdy.com/docs/postfix/ How to set up a mail server on a GNU / Linux system] - flurdy.com |
Revision as of 06:10, 17 March 2015
Email Providers
If you care about your personal freedom, you should check out these Privacy-Conscious Email Providers.
Email Clients
Recommended_software#Email_Clients
Self Hosted Email
See also: Setting_up_a_Server#Setting_Up_Email
The only way to have full control over your email is to host your own mail server.
DNS
MX Record
A Mail eXchanger Record (MX record) specifies a mail server responsible for accepting email messages on behalf of a recipient's domain, and a preference value is used to prioritize mail delivery if multiple mail servers are available. The set of MX records of a domain name specifies how email should be routed with the Simple Mail Transfer Protocol (SMTP).
SPF Record
A Sender Policy Framework (SPF) record identifies which servers are ALLOWED to send email on behalf of your domain. The idea is to help prevent domain spoofing by spammers. If a spammer tries to use your domain to forge email, the receiver can check your SPF record and, if it doesn't match, reject it outright. These days most mail servers check for SPF records, and if they don't find one, they will also reject your mail - so you need one.
DKIM Record
A DomainKeys Identified Mail, or DKIM entry provides a 1024-bit public key, unique to your domain, that confirms that an email is actually from a legitimate account on your server. It is a complementary check to SPF records. It is not as widely used as SPF yet, but is in use by Gmail and Yahoo, and should be set up anyhow.
Mail Transfer Agent (MTA)
Postfix
Mail Delivery Agent (MDA)
Dovecot
Spam Prevention
SpamAssassin
Security
The email system is inherently insecure in many ways that will never be fixed, as it was designed in a time when passwords were rare, and IPv4 had so damn many addresses, we could never possibly use them all.
The best way to secure email is to use PGP, either by using the enigmail addon for Thunderbird, or by copy+pasting to a terminal and using gpg. This allows you to encrypt and sign email, providing confidentiality and authentication, ensuring that only the recipient can read it and that it did indeed come from you.
External Links
- How to set up a mail server on a GNU / Linux system - flurdy.com