[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Secure email with limited usable metadata

Sounds like for Germany and like countries/laws such servers should be limited to no more than 10k users each to prevent that invasion.

 From: Moritz Bartl <moritz@xxxxxxxxxxxxxx>
To: tor-talk@xxxxxxxxxxxxxxxxxxxx 
Sent: Monday, July 1, 2013 10:41 AM
Subject: Re: [tor-talk] Secure email with limited usable metadata


Thank you for raising this topic once again. Toying with the idea of
"better" email for quite some time, I think there's direct and practical
things you can offer,

> i was thinking about pointing the mx record of the tld to a mail 
> server that is shared with other individuals. the server
> is configured to drop incoming non-tls smtp connection from other
> mail server. On a per account basis, every message that is not
> encrypted to the public pgp key of the address is dropped, too.
> users use pop3/smtp over a hidden server to download/send messages.

See https://github.com/moba/pgpmilter for a small prototype script that
rejects non-PGP mail. Exim seems to have the configuration option for
that somewhat built-in.

I'd go further and forward mail from the mx to hidden services
configurable by the user.

> if inbox size is limited to a few mbs

I'd maybe want to limit the amount of email a user can *send* in a given
time span.

> any cheap vps

I would not want to use VPS for a service like this.

> a trusted umbrella organization is needed 

Working on something like it.

> is the tor project or torservers.net interested in running
> such a service?

Torservers.net is currently a project under a German non-profit. In
Germany, ever email provider with more than 10k users has to provide
lawful interception.


I'd like to see a full design for it first, and then the components, and
the configuration for each component, so this is easy to set up and
replicate by anyone. For example, how do I configure Postfix to relay
certain incoming mail to a configured hidden service, how do I make it
so it only rejects non-PGP mail for some accounts, etc.

Moritz Bartl
tor-talk mailing list
tor-talk mailing list