Hushmail is message transfer more secure?

Big Dan

EQ Forum Moderator
I'd been reading here about Hushmail and having used it before I was wondering if Hushmail's mail is any more secure than regular email when sent outside it's network? The account itself has good security features but once you send the message out on the internet it's open to tampering like any other email, unless it's PGP signed or something like that but even then most of your webmail providers don't support PGP and security certificates.

What am I missing?
 

EQ Admin

EQ Forum Admin
Staff member
If you send an email to an outside provider such as Gmail you are prompted to create a security question and answer :

Hushmail - Question and Answer.JPG
Instead of getting an email at Gmail you get a notification that there is a new email for you :

Hushmail Notification.JPG
Click the link to visit Hushmail and you are prompted for the answer to the secret question :

Hushmail Question and Answer Page.JPG

The mail is not sent using regular SMTP to the other email provider.
 

foggy

Valued Member
PrivacyHarbor.com does it roughly the same way. A link is sent and when clicked the recipient is taken to PH's site to read the message after going through their version of a 'captcha.' Ray, I sent you a link (via PM) to a test message I sent to myself from PH to my Yahoo address (neither of which I use at all these days) just so you can see their way of doing it.

I'll BCC it to Big Dan. :)
 

Big Dan

EQ Forum Moderator
The question and answer challenge kind of negates the point of email. Especially if I'm emailing someone who doesn't know me well. I'd have to call, instant message, or email them thru a 3rd party with the answer. Why wouldn't I just tell them what I said in the email if I call them? :confused:

It's good to know that Hush Mail isn't creating a false sense of security by sending 'secure' mail through plain old STMP channels but the question and answer challenge isn't a great solution, IMHO.
 

EQ Admin

EQ Forum Admin
Staff member
I think Hushmail can have its purposes. The 2MB quota isn't much and makes it so you likely can't use the account day to day. A bump from 2MB to 10-20MB might get more free users interested in the system. Don't choke their access in the hopes they'll be forced to upgrade, provide a great service and let the word of mouth generate more members. If you need to get some emails back and forth or need a temp solution for transferring a small amount of data instead of using Instant Messenger the Hushmail system could be a good way to accomplish that. Again, more quota would make that more useful too. Perhaps that could be a secondary offering? Secure file transfer. Allow each user to have a single up to 100MB file to share? To share a second file they first need to delete the first file. Brainstorming...
 

EQ Admin

EQ Forum Admin
Staff member
Gmail allows up to a 25MB file size attachment. Offering the 100MB above is a way to come up with a perk that is not allowed by other free webmail accounts. For people who don't know to resize their pictures it's a way to get them more space for sending and receiving email attachments. Focusing on one thing that you are good at, email, makes sense but if Hushmail wanted to attract more members I think "Secure Email and File Transfers" would be a logical expansion. Click here and answer the question to get the file that I want to send you. Allow more storage but restrict the storage times. Let users have some more space and become dependent on the service before making them upgrade to get the extra storage space.
 

EQ Admin

EQ Forum Admin
Staff member
I had to transfer a password tonight and used Hushmail.

I noticed this after the send :

Warning

You must sign in to your account at least once every three weeks for it to remain active.

I'll have to remember to check once in a while and make sure my account stays active.
 

CarlS

Valued Member
I'd been reading here about Hushmail and having used it before I was wondering if Hushmail's mail is any more secure than regular email when sent outside it's network? The account itself has good security features but once you send the message out on the internet it's open to tampering like any other email, unless it's PGP signed or something like that but even then most of your webmail providers don't support PGP and security certificates.

What am I missing?
Even though your question is old there is one thing yet to be said.

Hushmail always tries to send all mails via TLS/SSL, i e establish an encrypted channel between its mailserver and the receiving server. If the receiving server accepts, then that message will be transfered encrypted. However when saved on the receiving server the mail itself will be saved unencrypted (unless the server is Countermail which encrypts incoming mails). Hence if the mail is sent by using TLS/SSL then it cannot be read or modified in transit.

Today I would say a lot of mailservers accept TLS-transfers and use it themselves when sending.

If you want to check, you can try by sending a mail from a Hushmail-account to that email host you want to check. When you received the email, check its headers and look for TLS-markers.
 

fiasco123

New Email
Even though your question is old there is one thing yet to be said.

Hushmail always tries to send all mails via TLS/SSL, i e establish an encrypted channel between its mailserver and the receiving server. If the receiving server accepts, then that message will be transfered encrypted. However when saved on the receiving server the mail itself will be saved unencrypted (unless the server is Countermail which encrypts incoming mails). Hence if the mail is sent by using TLS/SSL then it cannot be read or modified in transit.

Today I would say a lot of mailservers accept TLS-transfers and use it themselves when sending.

:siterock:
 

candlepop

New Email
Is sending an email from a hushmail account to a gmail account any more secure than sending an email from a gmail account to a gmail account?

Thanks
 

CarlS

Valued Member
Is sending an email from a hushmail account to a gmail account any more secure than sending an email from a gmail account to a gmail account?

Thanks
No. Unless you use the following two methods when using Hushmail:

A: Sending your mail encrypted by using Hushmails question and answer function (Hushmail Express)

or

B: Having the Gmail user create a key on Hushmails server through Hushmail Express and the Gmail user then decrypts the Hushmail users emails by using his own chosen passphrase instead of the Answer to the Question in Hushmail Express.

Technically A and B are the same.
 
Top