Pegasus Mail & Mercury

If you encrypt your mail, it will still be handled by mail servers - they don't (normally) examine the content, since all the routing information is in the envelope.

Do you have an alternative provider who can give you what you want?

 

Well, that is the whole issue at this point: if I can use MercC to cypher my mail and then still be able to have it relayed along through my ISP than that is one solution but if not, then I have no use for either my ISP's SMTP or Mercury32.  I'll just have to find some suitable 3rd party SMTP servers and just have my email client send mail to them directly. (If I am still missing some benefit of Merc in my situation, somebody please enlighten me...)

 

I don't think we are talking about the same thing here.

TLS/SSL is a point-to-point (or computer to computer) secure link, so that any traffic passing through it, whether it is email, web pages, files or whatever, is (relatively) secure. Mail encryption is where you encode the message prior to it being sent over the link, and then it is decoded by the recipient.

Is your ISP the 'only show in town', or are there other providers?  Otherwise you may have to look for another relay service that can operate on a non-standard port and provide TLS/SSL.

If you encrypt your mail, it will still be handled by mail servers - they don't (normally) examine the content, since all the routing information is in the envelope.

They may not examine but many record all mail going through the server.  ;-)

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.

I'll just have to find some suitable 3rd party SMTP servers and just have my email client send mail to them directly. (If I am still missing some benefit of Merc in my situation, somebody please enlighten me...)

In your situation where you have a randomly assigned IP address and the ISP is doing port 25 blocking there is not a lot that Mercury/32 can do that your email client cannot do.  It's receiving via POP3 and Sending via a relay host just like your mail client.  You can get a free GMail account (or other SMTP host that does SSL/TLS) and send mail to the server securely but unless to encrypt the mail via something like PGP it's not going to help all that much.

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.

Thomas R. Stephenson:

You can get a free GMail account (or other SMTP host that does SSL/TLS) and send mail to the server securely but unless to encrypt the mail via something like PGP it's not going to help all that much.
 

On that I am clear, my only question is: if I want to find a free and distant* SMTP server someplace which may not offer SSL/TLS, will my using Merc in the SSL/TLS mode allow me to send my mail securely?

 * it is clear to me from previous discussion that mail can be intercepted and read no matter what but it may take some doing, so if someone is really bent on looking over my shoulder I can at least try to make them work for it.  Requesting records from a known person's ISP or GMail server is an obvious first stop for some overzealous agency.

 

tron:

if I want to find a free and distant* SMTP server someplace which may not offer SSL/TLS, will my using Merc in the SSL/TLS mode allow me to send my mail securely?

No.  To use SSL or TLS both ends of the connection have to negotiate and use it.  And it's only secure as far as the next server, from that point on it may well be sent in plain text.

 It not clear to me what you are trying to secure your mail against.  Have you looked at encryption? What email client are you using?

Here are some references:

SSL/TLS: http://en.wikipedia.org/wiki/Secure_Sockets_Layer 

 Mail Encryption: PGP - http://en.wikipedia.org/wiki/OpenPGP

S-Mime - http://en.wikipedia.org/wiki/S/MIME

 * it is clear to me from previous discussion that mail can be intercepted and read no matter what but it may take some doing, so if someone is really bent on looking over my shoulder I can at least try to make them work for it.  Requesting records from a known person's ISP or GMail server is an obvious first stop for some overzealous agency.

Free and distant probably will not help at all since to go the distance you have to go at least through the connection provided by your ISP.  If you are going to an offshore server you are also passing through a satellite or cable nowadays and governments pretty much control that as well.   Again you can use Pretty Good Privacy to make it more difficult but in the case of govt. entities it just make it a bit harder. 

FWIW, E-Mail via SMTP, even encrypted, is not the way to go if you are really really worried about people reading your mail.  Assume that anything you put in e-mail can be read and you'll be much better off. 

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.

1. "Have you looked at encryption?"
I will, but the words "Pretty Good Privacy" do not inspire confidence in me.  Is there something more bullet proof you could recommend or are we not  'allowed' to use it to keep the lifes of  'watchers' easier?

2. "What email client are you using?"
Thunderbird.  Why do you feel Pegasus is superior?

3. "you have to go at least through the connection provided by your ISP"
i. Do ISP's constantly record all trafic on all ports or are they doing random recordings on the more common ones? (constant
recording of everything means constantly accumulating huge amounts of data all of which needs to be stored some place);
ii. For how long is it 'customary' to keep such records?
iii  Is it possible to access the internet through an offshore ISP?

4. "Assume that anything you put in e-mail can be read"
Are there more secure internet data exchange protocols than the ones associated with email?

tron:

1. "Have you looked at encryption?"
I will, but the words "Pretty Good Privacy" do not inspire confidence in me.  Is there something more bullet proof you could recommend or are we not  'allowed' to use it to keep the lifes of  'watchers' easier?

If you swap the first and last letters of each word, that should do the trick

2. "What email client are you using?"
Thunderbird.  Why do you feel Pegasus is superior?

The superior mail client is the one that fits your needs best.

3. "you have to go at least through the connection provided by your ISP"
i. Do ISP's constantly record all trafic on all ports or are they doing random recordings on the more common ones? (constant
recording of everything means constantly accumulating huge amounts of data all of which needs to be stored some place);

They will start when the men following you ring them up

ii. For how long is it 'customary' to keep such records?
iii  Is it possible to access the internet through an offshore ISP?

I imagine if you suddenly started making lengthy toll calls to Afghanistan Telco Ltd you would attract more attention than someone who sends an email via their ISP

4. "Assume that anything you put in e-mail can be read"
Are there more secure internet data exchange protocols than the ones associated with email?

Yes, google is your friend. But then they are watching that too......

 

OK, I rest my case

tron:

2. "What email client are you using?"
Thunderbird.  Why do you feel Pegasus is superior?

Eh? You are the first person to mention Pegasus in this thread.

I only asked because most clients can do (either natively or via an extension) encryption of some sort.  It's probably a good idea for you to have a look at those options, and find out more about encryption in general, to see if that's what you really need.

I will, but the words "Pretty Good Privacy" do not inspire confidence in me.  Is there something more bullet proof you could recommend or are we not  'allowed' to use it to keep the lifes of  'watchers' easier?

PGP it very difficult to break, the government can and it does take a lot of computing power and time, but it's quite secure for most people.  I found that if I wanted to encrypt something though I used an offline encryption system that both the sender and receiver used a password or key device that is passed via a separate media.  Even an encrypted ZIP file is pretty secure as well.

i. Do ISP's constantly record all trafic on all ports or are they doing random recordings on the more common ones? (constant
recording of everything means constantly accumulating huge amounts of data all of which needs to be stored some place);

Nope, but they might be called on to monitor all traffic from a specific location.

ii. For how long is it 'customary' to keep such records?

Depends on the location

iii  Is it possible to access the internet through an offshore ISP?

Yes, no and maybe.  You are using either a telephone line, cable or satellite connection and all these are controlled and regulated by the government to some degree.  Even anonymous forwarding requires you to send the mail to them via SMTP.   You could probably setup a radio-telephone connection to connect to the internet but even there this is open to detection.

 Are there more secure internet data exchange protocols than the ones associated with email?

Secure FTP is a direct point-to-point file transfer protocol.  The link between the client and the server is encrypted.  This of course is a many-to-one type system.   There is also HTTPS for example that allows you to securely transfer data on the internet.  Key controlled Virtual Private Networking is used a lot to allow remote secure access to internal LANs for many large corporations.  There are other similar many-to-one systems used quite often by government and business for privacy and security.  Most of them are quite expensive. 

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.

Thank you to all who took the time to answer my questions both seriously and in good humor.

It would seem than Mercury would not be able to do for me what I was hoping, but perhaps with my focus on privacy I missed the big picture.  Before I uninstall Merc, I want to ask if it can still be useful to me with receiving mail - doing something that my Thunderbird cannot?   I currently have a few mail boxes, both POP3 and IMAP, on different servers where mail is either redirected to me or my email client fetches it from there.  Perhaps Merc can offer something advantageous on that arena?

 

Before I uninstall Merc, I want to ask if it can still be useful to me with receiving mail - doing something that my Thunderbird cannot?   I currently have a few mail boxes, both POP3 and IMAP, on different servers where mail is either redirected to me or my email client fetches it from there.  Perhaps Merc can offer something advantageous on that arena?

Again, yes, no and maybe.  Mercury/32 is a server and can do a lot of things a POP3/IMAP4 email client cannot.  I assume you are currently receiving all the mail via MercuryD and then putting it into separate accounts on the server.  Thunderbird is then accessing Mercury/32 via IMAP4 to get the mail from the local accounts. If you are not you could operate this way.  ;-)  I also assume that you do not have a fixed IP address.

1.  Mercury/32 can be run as a service using one of the service wrappers sending and receiving the mail even when you have logged off the system.

2.  It can to mailing lists.  Mail sent to special addresses will be sent out to all the members of the list. 

3.  It will allow you to use any IMAP4 mail client you wish to access the mail.   You many get tired of Thunderbird (may even want to try using Pegasus Mail) and if all mail is on the server it's as simple as a installing the new mail client.

4. If you ever get a fixed IP address or dynamic one tracked via something like http://DynDNS.org you can receive the mail via SMTP instead of POP3.

5. If you have the fixed IP address/DynDNS you can run a webmail system to access your mail via any web access point.   I use SquirrelMail and it works from anyplace in the world.

There are a number of other things that can be done with Mercury/32 that cannot be done with a POP3/IMAP4 mail client but this is enough to start with I guess.  First thing to do is to look into the DynDNS thing and get your own domain name.

 

 

---

Thomas R. Stephenson
San Jose, California
Member of Pegasus Mail Support Team

I do not answer private messages from the forum. If you want to contact me use email to techsupp@tstephenson.com.