[Discuss] Running a mail server, or not

[richb at pioneer.ci.net (Rich Braun)]

Rich Pieri wrote:
> The only hops that are guaranteed to be encrypted (STARTTLS) are the
> connections from my MUA to my mail server, and from your MUA to your
> mail server. The intervening hops might be encrypted, or they might not
> be encrypted.

I don't see how we're in disagreement here. Naturally, if you send to a listserv like blu.org, there will be multiple hops (most likely but not guaranteed to be encrypted). But if you send directly from your email to mine, your system will connect to easydns (in Canada), which will attempt STARTTLS but not guarantee it; once it's queued at easydns, then it's encrypted as it gets to my private installation. I don't see a whole lot of successful ways of tracking the overall flow of my messages without getting malware (or a script imposed by law-enforcement subpoena) installed on a server/router at easydns (plus my separate outbound provider) or on my private server. The easiest vector of attack for a "state actor" would be to compromise DNS itself, and route my messages through rogue email servers (in theory I could set up a monitor to detect unexpected DNS changes, but I'm not /that/ paranoid--I just want my email and personal data more-private than what you get on yahoo/gmail).

In 2002, I engaged an attorney from EFF to fight a legal case in federal court on this issue, on the yahoo platform. I won the battle but the war's long lost: privacy rights were upheld briefly back then but it's no longer possible to protect content on the large American cloud providers' platforms from legal subpoenas. And nowadays there are new acceptable-use constraints that the big providers are starting to impose, which put users at risk of losing their own data in the event of an infraction.

-rich