* on the Thu, Jun 04, 2015 at 01:21:44PM +0200, Michael Ströder wrote: >> I would suggest using Ciphermail / Djigzo for this. >> But I think you are solving your problem in a very incorrect way. Since the >> hosting company do have access to the VM, they could easy listen on the >> memory >> before the mail is encrypted, just after it has been decrypted by the TLS >> handler. > > Yes. Local encryption does *not* protect you against the mail hoster grabbing > data and . > > The only valid use-case for local encryption: > If the mail hoster has to reveal a copy of your mailbox to legal authorities > the content cannot be viewed without your private key. Nevertheless the mail > headers are readable.
Also, if an attacker gets access to your email account. It prevents them from being able to do what they usually do: Take over all of your other online accounts by triggering password reset emails. They'll still be able to trigger the reset emails, and receive them, but they wont be able to read. -- Mike Cardwell https://grepular.com https://emailprivacytester.com OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
