Michael GPG is pretty good and you can use it with kmail (in kde) or as a plugin (enigmail) with Thunderbird. I think there is a plugin for Squirrelmail and then there are plugins for postfix and qmail-scanner if you use one of those guys
Personally - I like to figure out my risk and then compare it to how much it will cost me to setup a countermeasure (like encryption) and maintain it. - what are you trying to achieve ? You have to identify the threats and vulnerabilities of your email and then work to mitigate the risk. For example if you are exchanging non-sensitive information with customers why bother encrypting at all? If you have notebooks - you should definitely be worried that one of them might be lost or stolen and then you might have trouble For that - look at TrueCrypt- and definitely stay away from Aliroo which is a piece of sh-t. Read my blog entry on this topic http://www.software.co.il/blog/2007/06/secure_communications_without_1.html Best regards Danny On 8/13/07, Michael Tewner <[EMAIL PROTECTED]> wrote: > > How about GPG, or PGP? > > On 8/13/07, Danny Lieberman <[EMAIL PROTECTED]> wrote: > > Kfir > > > > What exactly are you trying to achieve by encrypting email - are you > trying > > to encrypt business communications between employees and > vendors/customers > > to protect from eavesdroppers or do you want to encrypt the message > > repository and protect it from attackers? > > > > Before you start applying encryption as a panacea do a little threat > > analysis first. Ask yourself - what assets are you trying to protect, > what > > are the threats and what are your vulnerabilities. > > > > My experience with extrusion prevention with a fair number of customers > has > > shown the following: > > > > a. It's better to use outgoing email in clear text because 1) you can > > monitor what people are doing and 2) having a business partner > > decrypt/encrypt is generally a pain in the ass that is greater than the > > value of the business transaction. > > > > > > b. If you have high-value business communications between your company > and > > vendors - you are better off just encrypting the file (for example a > > sensitive contract or product design doc) and sending the encrypted > > attachment. This will enable you to monitor who is sending and who is > > receiving and with the right monitoring system - you will be able to > detect > > that an encrypted file was sent which is interesting information in it's > own > > right. > > > > Read my blog entry on this topic > > > http://www.software.co.il/blog/2007/06/secure_communications_without_1.html > > > > Best regards > > Danny > > > > > > > > On 8/10/07, Kfir Lavi <[EMAIL PROTECTED]> wrote: > > > Danny, > > > Google apps is exactly what I'm trying to avoid :-) > > > What did you mean by "You don't want to get involved in encrypted mail > on > > your lonesome."? > > > > > > > > > On 8/10/07, Danny Lieberman <[EMAIL PROTECTED]> wrote: > > > > Kfir > > > > > > > > The best bet for you is Google Applications - surf to > www.google.com/a > > > > > > > > You don't want to get involved in encrypted mail on your lonesome. > > > > > > > > danny > > > > > > > > > > > > On 8/9/07, Kfir Lavi <[EMAIL PROTECTED]> wrote: > > > > > > > > > Hi, > > > > > I would like to keep company emails secure and encrypted. > > > > > I'm looking for a webmail program that is similar to Gmail. It > don't > > have to own all the stuff, just to be productive. > > > > > I would also want encryption. I want all the emails be encrypted > > automatically. > > > > > What is the procedure for a user? should he take with him a usb > > private key? > > > > > I'm looking for your comments on the idea. > > > > > > > > > > Tnx, > > > > > Kfir > > > > > > > > > > > > > > > > > > > > > -- > > > > Danny Lieberman > > > > Reduce risk with practical threat analysis- visit us at > > www.ptatechnologies.com > > > > "All things being equal, the simplest solution tends to be the best > > one." Occam's razor > > > > > > > -------------------------------------------------------------------------------------------- > > > > www.software.co.il/blog - Israeli software, music and mountain > biking > > > > www.software.co.il/pta - Download a free copy of the > PTA-Practical > > threat analysis tool > > > > > > > -------------------------------------------------------------------------------------------- > > > > Tel Aviv + 972 3 610-9750 > > > > US + 1-301-841-7122 > > > > Cell + 972 54 447-1114 > > > > > > > > > > > > > > -- > > Danny Lieberman > > Reduce risk with practical threat analysis- visit us at > > www.ptatechnologies.com > > "All things being equal, the simplest solution tends to be the best > one." > > Occam's razor > > > -------------------------------------------------------------------------------------------- > > www.software.co.il/blog - Israeli software, music and mountain biking > > www.software.co.il/pta - Download a free copy of the PTA-Practical > > threat analysis tool > > > -------------------------------------------------------------------------------------------- > > Tel Aviv + 972 3 610-9750 > > US + 1-301-841-7122 > > Cell + 972 54 447-1114 > -- Danny Lieberman Reduce risk with practical threat analysis- visit us at www.ptatechnologies.com "All things being equal, the simplest solution tends to be the best one." Occam's razor -------------------------------------------------------------------------------------------- www.software.co.il/blog - Israeli software, music and mountain biking www.software.co.il/pta - Download a free copy of the PTA-Practical threat analysis tool -------------------------------------------------------------------------------------------- Tel Aviv + 972 3 610-9750 US + 1-301-841-7122 Cell + 972 54 447-1114
