Securing your Email space
Yesterday, Lavabit – a secure e-mail provider – announced that it’s closing down their operations. The official text and the Website looks like this:
Lavabit was one of the very few secure e-mail service providers bringing security for its paid customers by encrypting all locally stored e-mail messages with an asymmetric key and AES-256. This means that in order to decrypt the messages, an attacker would need to compromise the server first and then to know your password. There was no way even for Lavabit to decrypt emails without a user’s password. A detailed description of how the Lavabit technology worked is available here: pastebin.com/rQ1Gvfy0
Few hours later, Silent Circle, another secure e-mail provider, announced shutting down its Silent Mail service too.
In general in order to make an e-mail server secure there are several criteria to match:
- Secure encrypted connections between the user and the e-mail server (it must be encrypted with a strong algorithm and to have a validation process to avoid the risk of a man-in-the-middle attack)