Automatically encrypt all incoming e-mails
OpenPGP addon for Mozilla Thunderbird
Brought to you by:
pbrunschwig
Menu
▾
▴
Would be great if we could encrypt all emails that gets sent to us to help with GDPR compliance.
Do you mean on delivery or throughout transmission? The biggest risk re data protection is in transmission unless you allow access to your physical machine. The sender has to encrypt the e-mails they send - you can't do that for them. If you want to ensure security where you store your e-mails locally, then consider encrypting the whole disk on which you store them. If you keep your e-mails on a remote server, then use a service that offers secure encrypted storage that only you can decrypt.
For whole disk or partition encryption consider Veracrypt.
For e-mail services/servers that store the e-mails encrypted, consider Proton or RiseUP or similar e-mail services.
I actually disagree with that. Most people host emails on a web server of some sort, for example I use a maininabox instance on a Linode server. Regardless of how I set up encryption on that machine, anyone with access to it can just dump the contencts of memory and get access to all my encryption keys. That could be a disgruntled employee or someone with a warrent.
Grabbing data on the fly remains an issue for sure, but the bigger issue is that 99% of people do not use GPG at all and don't care to listen when someone like me or you suggests that they do, it is too hard to think about, so they send emails without it.
Once the email has been sent, all I can do is hope that there was TLS the whole way, there is a reasonable chance of that these days, however if I want to store the email in a secure way on my server, I simply cannot.
If I could right click on the email and click 'encrypt' and have the whole message encrypted on my machine with my GPG key, no one with physical access to my Linode instance would be able to get my emails. Furthermore, no additional expertise is required.
Veracrypt may be easy for someone who knows a lot about computers, but even the majority of fols savvy enough to use enigmail would probably utterly botch an attempt to securely encrypt a remote server, particularly as doing that is essentially impossible, because any keys are in memory.
Enigmail 2.0 will come with a new filter rule that allows to encrypt incoming mails to a specific key ID.
have already looked at the filter in the new version, but would this be like encrypting just for a local snoopers not seeing the messages confers?
When applying filter will the original message be deleted automatically?
Obviously, if a message is encrypted after it was received you cannot prevent that someone may have been able to read it during the transfer.
If you encrypt a message using the filter action, then the message is stored encrypted on an IMAP server. The original message is deleted on the server after encryption, but depending on how your provider interprets "delete", this may just mean that the message is made invisible to you -- that's beyond the control of a mail client.
So a cool suggestion would be an option on the content menu where you can encrypt only one message.
This was already suggested. There is just not enough time to implement everything that could be useful...
I think a much faster way would be to use specialized mail, this will speed up the time of sending an encrypted email by half. There are a lot of such mails, I use https://beeble.com/en mail and, in principle, I am satisfied with working with it
Last edit: Michael Wilson 2022-03-24