Hushmail is message transfer more secure?

Discussion in 'Hushmail' started by Big Dan, Nov 7, 2010.

  1. Big Dan

    Big Dan EQ Forum Moderator Staff Member

    Joined:
    Aug 14, 2008
    Messages:
    647
    Likes Received:
    16
    I'd been reading here about Hushmail and having used it before I was wondering if Hushmail's mail is any more secure than regular email when sent outside it's network? The account itself has good security features but once you send the message out on the internet it's open to tampering like any other email, unless it's PGP signed or something like that but even then most of your webmail providers don't support PGP and security certificates.

    What am I missing?
     


  2. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    If you send an email to an outside provider such as Gmail you are prompted to create a security question and answer :

    Hushmail - Question and Answer.JPG
    Instead of getting an email at Gmail you get a notification that there is a new email for you :

    Hushmail Notification.JPG
    Click the link to visit Hushmail and you are prompted for the answer to the secret question :

    Hushmail Question and Answer Page.JPG

    The mail is not sent using regular SMTP to the other email provider.
     

  3. foggy

    foggy Valued Member

    Joined:
    Oct 23, 2010
    Messages:
    320
    Likes Received:
    23
    PrivacyHarbor.com does it roughly the same way. A link is sent and when clicked the recipient is taken to PH's site to read the message after going through their version of a 'captcha.' Ray, I sent you a link (via PM) to a test message I sent to myself from PH to my Yahoo address (neither of which I use at all these days) just so you can see their way of doing it.

    I'll BCC it to Big Dan. :)
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
  5. Big Dan

    Big Dan EQ Forum Moderator Staff Member

    Joined:
    Aug 14, 2008
    Messages:
    647
    Likes Received:
    16
    The question and answer challenge kind of negates the point of email. Especially if I'm emailing someone who doesn't know me well. I'd have to call, instant message, or email them thru a 3rd party with the answer. Why wouldn't I just tell them what I said in the email if I call them? :confused:

    It's good to know that Hush Mail isn't creating a false sense of security by sending 'secure' mail through plain old STMP channels but the question and answer challenge isn't a great solution, IMHO.
     
  6. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    I think Hushmail can have its purposes. The 2MB quota isn't much and makes it so you likely can't use the account day to day. A bump from 2MB to 10-20MB might get more free users interested in the system. Don't choke their access in the hopes they'll be forced to upgrade, provide a great service and let the word of mouth generate more members. If you need to get some emails back and forth or need a temp solution for transferring a small amount of data instead of using Instant Messenger the Hushmail system could be a good way to accomplish that. Again, more quota would make that more useful too. Perhaps that could be a secondary offering? Secure file transfer. Allow each user to have a single up to 100MB file to share? To share a second file they first need to delete the first file. Brainstorming...
     
  7. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    Gmail allows up to a 25MB file size attachment. Offering the 100MB above is a way to come up with a perk that is not allowed by other free webmail accounts. For people who don't know to resize their pictures it's a way to get them more space for sending and receiving email attachments. Focusing on one thing that you are good at, email, makes sense but if Hushmail wanted to attract more members I think "Secure Email and File Transfers" would be a logical expansion. Click here and answer the question to get the file that I want to send you. Allow more storage but restrict the storage times. Let users have some more space and become dependent on the service before making them upgrade to get the extra storage space.
     
  8. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,994
    Likes Received:
    120
    I had to transfer a password tonight and used Hushmail.

    I noticed this after the send :

    I'll have to remember to check once in a while and make sure my account stays active.
     
  9. CarlS

    CarlS Valued Member

    Joined:
    Oct 28, 2010
    Messages:
    16
    Likes Received:
    0
    Even though your question is old there is one thing yet to be said.

    Hushmail always tries to send all mails via TLS/SSL, i e establish an encrypted channel between its mailserver and the receiving server. If the receiving server accepts, then that message will be transfered encrypted. However when saved on the receiving server the mail itself will be saved unencrypted (unless the server is Countermail which encrypts incoming mails). Hence if the mail is sent by using TLS/SSL then it cannot be read or modified in transit.

    Today I would say a lot of mailservers accept TLS-transfers and use it themselves when sending.

    If you want to check, you can try by sending a mail from a Hushmail-account to that email host you want to check. When you received the email, check its headers and look for TLS-markers.
     
  10. fiasco123

    fiasco123 New Email

    Joined:
    Sep 13, 2011
    Messages:
    1
    Likes Received:
    0
    Hushmail always tries to send all mails via TLS/SSL, i e establish an encrypted channel between its mailserver and the receiving server. If the receiving server accepts, then that message will be transfered encrypted. However when saved on the receiving server the mail itself will be saved unencrypted (unless the server is Countermail which encrypts incoming mails). Hence if the mail is sent by using TLS/SSL then it cannot be read or modified in transit.

    Today I would say a lot of mailservers accept TLS-transfers and use it themselves when sending.

    :siterock:
     
  11. candlepop

    candlepop New Email

    Joined:
    Oct 20, 2011
    Messages:
    1
    Likes Received:
    0
    Is sending an email from a hushmail account to a gmail account any more secure than sending an email from a gmail account to a gmail account?

    Thanks
     
  12. CarlS

    CarlS Valued Member

    Joined:
    Oct 28, 2010
    Messages:
    16
    Likes Received:
    0
    No. Unless you use the following two methods when using Hushmail:

    A: Sending your mail encrypted by using Hushmails question and answer function (Hushmail Express)

    or

    B: Having the Gmail user create a key on Hushmails server through Hushmail Express and the Gmail user then decrypts the Hushmail users emails by using his own chosen passphrase instead of the Answer to the Question in Hushmail Express.

    Technically A and B are the same.
     

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...