On 4/3/22, Demi Marie Obenour <[email protected]> wrote: >> possible from prying eyes (for example if my VPS host or a hacker made >> a snapshot of my server for maleficent purposes). > > If you can’t trust your hosting provider, get a different one.
Yes I agree. I've tried to pick a hosting provider that I "trust the most", but I'm working from a "trust no one fully" viewpoint. >> 1) OpenSMTPD queue encryption >> This is a good step, but presumably the key is stored in memory, so >> could be retrieved from a snapshot of the server. Maybe I could >> automate the key to change from time to time? > > Maybe? Be sure you don’t lose all of your existing messages in the queue. Really good point. I guess I could get it to only do it if the queue is empty. >> 3) GPG message encryption > > That’s your best option for inbound stuff. That said, email isn’t > your best option for security. Use something with proper end-to-end > encryption and forward secrecy, such as Signal, Wire, Keybase, or > Matrix. Again very good point. I try to never use email for anything that needs to be secure. I just want it to be as secure as possible for when it's the only option. Hadn't heard of Keybase. Looks interesting. Thank you. :)
