Encrypted E-mailing with Perfect Forward Secrecy (PFS and SSL/TLS)
Here’s what we offer:
- Encrypted SMTP, POP, IMAP mail access with SSL/TLS.
- Encrypted webmail client access with SSL/TLS.
- We use ‘real’ high-quality certificates.
- Long-term security thanks to Perfect Forward Secrecy.
- Support for setting up GPG and S/MIME.
The SSL/TLS protocol for securely exchanging data between two networks has been around for nearly 20 years. The most well-known variant is undoubtedly https://, the secure version of http://. However, there are also ‘s’ versions for the SMTP, POP3, and IMAP mail protocols. For more than 15 years, discerning providers have been ensuring that their sending and receiving of e-mails via the public Internet always takes place via SSL/TLS-secured connections. However, many of the more well-known providers have shown little ambition over the past years to secure the e-mail traffic between them and other providers. Far too many ISPs only offered non-encrypted data communications for this, presumably to cut down on computing power (i.e., costs). Only with the advent of the NSA scandal did several larger German providers – such as GMX, web.de, and T-Online – lurch into action, widely promoting “secure mail traffic” since the summer of 2013. All this means, of course, is that they finally also adopted SSL/TLS 15 years down the track. In many cases, it’s still only a very perfunctory improvement…
At Heinlein: Consistent Encryption for More Than 15 Years
JPBerlin, our ISP for political security use, has been consistently offering encryption of all incoming and outgoing mail connections since the mid-1990s. This includes cutting-edge ‘Perfect Forward Secrecy’ (PFS), a special process that makes it impossible to decrypt previously-captured data traffic later on. Naturally, we’re also making use of PFS for mailbox.org.
Our Webmail Client is Similarly Well Protected
SSL/TLS protection is always granted via https:// whenever you access our webmail client. Naturally, we also make sure to use only the very best encryption algorithms – something you’d never notice on a user level. In early August 2013, the media focused on ‘Perfect Forward Secrecy’ (PFS) within SSL, which is designed to prevent data streams that are being captured today from being decrypted later on, such as years in the future. Many providers and operators of https websites do not support PFS. Our SSL sites as well as our webmail client, on the other hand, have been making use of PFS for several years already.
There’s Still More To Do
Encryption via SSL/TLS secures data communication via the Internet, protecting it against unauthorized access. In the source and destination networks, on the other hand, the e-mails are not encrypted at all; otherwise, the users wouldn’t be able to read their own e-mails. What this means is that the administrators of a provider (i.e., us) theoretically have access to their users’ e-mail contents, much like a mailman being able to read postcards or unsealed letters. Because of this, we recommend to take a more thorough approach and implement ‘true’ e-mail encryption based on GPG or S/MIME. With these, you can ensure that absolutely no one, apart from the actual sender and recipient, can read an e-mail’s contents.