-
Notifications
You must be signed in to change notification settings - Fork 1k
FAQ Encryption & Security
Mailpile is not an email service, it is an email client that supports strong encryption.
Our team PGP key is downloadable from here: https://www.mailpile.is/files/[email protected]
Yeah, we'll get right to that - after we get the widely adopted protocols supported robustly ;)
I was looking for a private email server that can hide my email address from everyone that I haven't mailed to, does your service provide this?
Nope. That's actually impossible. If anybody tells you they can do this, they are probably lying. Sorry!
Is it possible to delete a message that you send to someone, but you don't want them to keep in their account after certain period? (If not it should be developed).
No, that isn't possible. You can't un-tell somebody something. You can ask them nicely to delete the message, but if they decide not to, you can't make them. Sorry. Nobody is going to be able to develop that feature in a way that is guaranteed to work, ever. This isn't a James Bond movie.
Can you create a pseudonym email address that only the recipient can see to identify us and send a message to, but that does not reveal our actual email address?
That's not really a part of the intended use of Mailpile. Somebody might provide this kind of service though - it sounds useful!
Simple: We will not have a user database. We do not have any server infrastructure that contains user information. Users install the Mailpile client on their own computers. We do not track people that want to use Mailpile.
It's pretty safe. If your computer is compromised, the storage is probably compromised anyway and you will have bigger things to worry about than your email account.
Yes. Currently this is a configuration option which is turned off by default, but before our first stable release we will switch to having configuration data encrypted by default.
This sounds reasonable. There are a lot of two-factor authentication methods we may consider implementing.
Yes. All configuration data, including the search index, will be encrypted by default when we get to the full release.
Email attachments are stored wherever your email is stored. If that's secure, the attachments are secure. We will provide methods to secure your email, although we recommend that you use full disk encryption!
Will search work with encrypted files or do they reside on some encrypted file system and seem un-encrypted to it?
Mailpile decrypts incoming emails, indexes them, and re-encrypts them. The search index is stored encrypted and the terms are stored as hashes. Good enough?
Email metadata is hard to secure because the standards don't really allow for keeping it all secret. We can't do much about that. Also, if the recipient of your email doesn't provide or publish a public encryption key, you can't send them encrypted email. Sorry, that's the way public key cryptography works.
If your system is compromised, you have a very big problem that Mailpile can't really help you solve. We will try to do what we can, but endpoint security is very important.
We plan to provide support for that.
Yes!
Will Mailpile support address aliases for incoming mail? (e.g. [email protected] = [email protected])
That's really up to the mail server to decide. Mailpile is a mail client, not a mail server. Sorry!
Yes, it is. It's also unavoidable. We can't prevent people from forwarding information - even if we were to do all sorts of magic to make it impossible in Mailpile, somebody could still write down your email on a postcard and send it to a friend. This is called the analog gap. The only solution is to not send secrets in email to people you don't trust.
How will this service compare with something like Hushmail which claims to offer message en/decryption in a browser as well as IMAP (if one pays).
Hushmail stores your email data on their servers. Mailpile does not have servers and we do not store users' email. One can use Mailpile for free to send & receive encrypted email through any IMAP server.
Is MailPile a viable non-centralized solution to issues like those faced by other privacy-focused email companies such as Lavabit or Silent Circle?
Yes, this is one of our core beliefs and underlying design principles.
What happens when you are communicating with people who are still hosted by Google or a self-hosted insecure server? Do they need to implement something, too?
People can continue using gmail or their academic institutions email "server", as Mailpile is just the "client" that allows for sending of encrypted messages.
In order to send encrypted email all recipients need to have public and private PGP keys and be encrypting their messages in a manner that follows standard conventions. Many other email clients allow people to send PGP encrypted emails using those conventions. Hopefully, Mailpile is the easiest to use. ;)
You don't mention anything about secure public key distribution. Is this a problem you plan to tackle?
We plan to attach users public keys with outgoing emails. Additionally, as some instances of Mailpile will be accessible over the web, that makes for interesting new opportunities for sharing of keys.
If I write an email from my Mailpile to a friend's Gmail account, how does the encryption prevent his inbox from scanning the contents of my email?
As long as both people use encryption, even if one or both people have @gmail.com addresses, Gmail cannot read encrypted email data even if the data ends up being stored on Gmail's servers.
No. We do not have servers and we do not store users' private keys. You install our software on your computer, which keeps your key nice, safe, and under your control.
Will Mailpile function similar to Lavabit and use different passwords for IMAP connections that are not related with private key/password used to to decrypt mails?
No. Mailpile is entirely different from Lavabit.
We are uncertain about this at the moment.
We don't have servers, so, no. We do not store your emails. Messages are stored on your computer and encrypted with OpenPGP. This does not include headers and metadata. Mailpile will, however, encrypt metadata on your computer using AES-256-CBC, at the moment, with a plan to move to AES-256-GCM in the future, for tagging purposes. The keys for the AES encryption are stored in the configuration file, which is PGP-encrypted.
Mailpile decrypts incoming emails, indexes them, and re-encrypts them. The search index is stored and encrypted as are the terms, which are stored as hashes. Good enough?
The email body will be encrypted. We are trying to find ways to make most of the metadata encrypted as well, but some of it can't be because of how email works.
Is Mailpile going to send PGP-encrypted email, where the mail body is encrypted, but all the headers and the metadata are not?
Yes. We are experimenting with ways to encrypt headers as well using standard PGP + SMTP protocols.
Or are you planning to somehow also encrypt the metadata (as with Bitmessage)? Would that even be possible with email?
We're going to try and encrypt all the metadata using PGP + SMTP, but email still requires that some of the metadata be un-encrypted so that mail servers will know where to deliver it. We plan on integrating Bitmessage before 1.0
We can't actually guarantee that without breaking a vital part of email's functionality: people want to be able to read their old email. If we implemented PFS, then nobody could ever view their archives. We consider this an anti-feature, so we won't even try. Instead, we're just going to try to protect your email as well as we can while it is in transit (using PGP and opportunistic SSL), and as well as we can when it is at rest (using PGP, mostly).
Of course, although we do urge all email providers to provide TLS natively. Although opportunistic encryption is better than no encryption, it's way better to support always-on encryption.
We aren't providing a sending service. Our email client can't obfuscate IP addresses, but if you route your mail through Tor or a Mixmaster, it might improve things for you.
When you add or edit a contact, select the "Find Encryption Keys" button. Mailpile will then search a public key server for a matching key and add the key to the contact. In the beta version, Mailpile selects the first matching key at server hkp://subset.pool.sks-keyservers.net.
If the recipient's key is not already on the server(s) searched by Mailpile, you (or anyone else) can submit a public key directly to the server at http://subset.pool.sks-keyservers.net/.
No. We are working on PGP/MIME first, getting the metaphors and the UI right before we add alternative encryption schemes. S/MIME is also generally based on PKI, which the general consumer may not have easy access to. We expect it'll be supported in the future.
I send a lot of email. When it arrives on their servers, is it decrypted or does decryption take place on the computer of the person who is supposed to receive it?
You do not have any control over how the recipients of your mail are going to decrypt the encrypted emails they receive from you, since the setup of emails can vary a lot.