phocks

For years we’ve been running an on-site mail server using hMailServer on our Windows 2003 box. Recently we’ve wanted to start investigating an external solution, mainly due to lost emails when the internet is down around the office. After looking at a few other options, I found that Gmail through the Google Apps suite seemed to actually be the best solution.

It’s pretty easy to set up through a domain you have control over. You just need to change the MX records to point to the gmail servers, and create accounts for each user in the admin control panel. The best part for me is the POP3 feature, which allows the whole office to continue using the mail client that they’re used to (Outlook 2007 unfortunately in this case).

We’re planning on rolling this out within the next few weeks. All is set up except the MX redirection and pointing each Outlook to the new POP and SMPT servers. Awaiting the go-ahead, and then looking forward to not having to maintain this on-site server and spam filter, and having an archive of all emails online, accessable from anywhere.

Sweet!

Support for S/MIME seems to be everywhere now, to enable secure email transactions. Still, it appears no one is using it; too hard to set up; don’t understand all that certificate authority mumbo jumbo; and no one else uses it (a catch-22). Actually it’s pretty easy, and far more widely supported and more versatile than PGP, which I was experimenting with a little while ago with moderate success.

First thing you’ll need is a free email certificate. I was previously using thawte to generate certificates, but found Comodo‘s system to be heaps easier and vastly superior. So head on over and generate a secure email certificate. They will send an email to you instructing you how to collect it, and assuming you’re using Firefox (and you should be), the certificate, combined with a unique private key, will be stored within your browser.

Export the certificate/key file to your desktop or somewhere through the Advanced Options -> Encryption tab by clicking View Certificates, selecting your certificate and hitting Backup.

Then you need to import the certificate into your email client; most modern ones support S/MIME. In Thunderbird Account Settings find Security in your account then View Certificates -> Import. Then select that certificate for Digital Signing and Encryption.

Now when a new message is composed, there will be an option to encrypt the message, or digitally sign it, or both. Signing a message ensures that the email really came from the person it says it came from and was not tampered with during transmission. To encrypt a message so that nobody can read it except its intended receiver you need to have the recipient’s public email certificate. The easiest way to obtain this is to get them to send you a signed email.

I’ve set Thunderbird to automatically sign every outgoing message, so that people can reply with a secure email. Otherwise here’s my public email certificate in case you wanted to send me a secret message.

I’m phocks at gmail.

Take care.

“It’s not especially private, but I still don’t want you reading it.” — My brain, Me

Yesterday I dug up the GNU Privacy Guard email encryption software again, inspired by a recent wave of news about the possibility of employers being commissioned by the Australian government to monitor our emails, the old take the people’s liberties by saying you’re protecting them from ‘terrorist threats’ trick. O what insult to intelligence. My only assumption on their reason for going to the public for help in cyber-snooping is that they are too incompetent to be ‘up for the job’ themselves — if you know what I mean.

I’m unsure of what we the people have demanded in regards to secrecy of correspondence in this country. It seems, from these articles, that email spying by government agencies is just fine and dandy, but for employers it would seem to be illegal, which personally I find to be a little back to front. Perhaps it is strange to think that the government should stay out of privacy for the main part, to hold the that government be restricted in passing any law denying free access to any information, to put privacy not in the hands of any bumbling third party, but in the power of he who values it most, the individual.

I think you’ll find that although I’m not an especially private person, I do respect privacy, and am vehemently against forceful invasion of privacy, particularly by government organisations, or dangerous cults. Working the machines in an office though, I can divulge that it is extremely easy to track electronic correspondence and especially email, though I think the person I’d keep an eye on is the IT guy and not the company administrators, who most likely wouldn’t have a clue. So to those concerned about their own privacy, don’t rely on ineffectual totalitarian control — which doesn’t work from what I can tell anyway — and take your privacy into your own hands.

That’s my little rant over anyway. This post is really just about the creation of a contact details page that I made. Included on that page is my PGP Public Key so that anyone can encrypt an email to me and it would take anyone else about a hundred million years to crack. Also, if anyone does have a public key, could they send it to me, or leave it in the comments here, so I can add it to my keyring.

Human contact is a valuable thing in this age on inhumanism.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.7 (MingW32)

mQGiBEaTEzQRBACi8sAHqPNz2E3Em0gcKjn+5bbvbyoCft1MenScdXV0tNsii+84
MnrPC6nVfafQcq+5uok8sj546+oClHXkZGB6qOL71wvxfVpuyegfkptj5/vxoUwL
+U0FExlRHcYYkCSN61Ju8+2BF3QR8hT24J+5GPTEZAugHVpRjV1wigsK8wCg7tph
l4DqOsyg5/b4w1s7oiff+aEEAKAwPa0+0FukYo83i+Ixe+bIeR/im2eDN8/7c7Ur
jeDw4E+nk+Rpny/MqEUJ3ahpohvWsoYAZpZuIFlY823QLUMKN0OpEfTxuwantDS7
D7B+ny9EzZIszPBzXKRCcG/456LIJROT0Ww9yp4PJDuokmNqcJwjmNa4HMU74cCF
nyGTA/466ZmHveFg/IXFK+AGMDBXfc5G5fFHIk22HcWEYlu7ZRsdG9Mom23fL4P9
/PRsN0ERM1+pSN8y2ckmGWCCD/LJDyy25knOgC7kkXufqSqEScB5e9PM3btO5qkq
9PohjRf5dIclSTh6F69vOJAae2N+1JnIkqhh63FOBN+ZoLrVjLQZcGhvY2tzIDxw
aG9ja3NAZ21haWwuY29tPohmBBMRAgAmAhsjBgsJCAcDAgQVAggDBBYCAwECHgEC
F4AFAkgDgrUFCQ0qN6wACgkQ4+k/c8RCFvHk+QCgyEYUKAZKCjEIzJX9Jym9cTwo
bgwAnRnRd2kiHf0ru9pIb453bz2mJ82puQINBEaTEzQQCACesakpz2QAUgbZUtXw
ghORc8kd8jwBz3qyie+K5PTIkh1Fisa0wBzM45ceak4H+j3UVjyNYqAa5jlamRnY
9PP3jSFVwyz9Q2o5i3m6yDC8GoIVAwVyuFCF3vvm6QjRuUxmLJ/V0UB3K11lxTGO
QzXcsdsQBlw3OB7kqYfxwtHHaC5HUqb4EBPfYSllQRgz2PAj8IgqwIl4Te+PJHlF
JlaZFbd6rNYc1nUKO1OLVdIcQ/kDiS3lMDFuPh5DjG213KOj1J2Mm4wN69Nj2H8L
S/eLxLuaCMIzhYnQkYTlZJC8HMxxzGAmNOjrM3NalAagJqSui669zfHBuJ9Nk7xZ
4KXvAAMFB/4noEzVYeLXEWz4uxtIt2+bLAK5pdoB9JEtxpekXmNzqVGe5OU8v3Ie
fHPELLxHWxvXd8A2qDS6n5SiySjcO/oxihutw6JKkFHHs1mP+uzGrCdCw7PSWm4q
Ipxd7Gsv336nMutb+zZM1dFh1iyWql8zkEX6donkqiao9PqSqvPTtYDcDWCjm08H
H/nY2UE9YE1MfwrRD65XFKNkNplBrZDsrOzIlcTROWXWl/5TXxfF/7Oz6TmE8wQK
dUskKv4ajHL91gRDLWzzlLjuEI7X/xQdRiR8sm9qsDyC3RSDjEN6K3UOXwxKFCc7
Js/rkmOpmnRvuOaMCH/fi8IDkuXvkjOXiE8EGBECAA8FAkaTEzQCGwwFCQlmAYAA
CgkQ4+k/c8RCFvHq6gCg5wyxtele6HhHfu98E0nxUZAxfPUAnRprFQfG6uwOBqRb
Qf618/wX5Xwd
=umby
-----END PGP PUBLIC KEY BLOCK-----

That’s my public key anyway. I use a Firefox add-on called FireGPG to add encryption to emails.