+Iyaz, Love the show

[G+_Bill Zegarski]

+Iyaz, Love the show.  What with the NSA and tinfoil hats being justified these days, how about showing us how to run our own email server.  If we REALLY want to trust our provider, how about a roll-your-own email option.

Bill

[G+_Ryan Skeldon]

I recommend hmailserver for a free Windows solution to hosting your own email.

[G+_Frank Kim]

This might be a dumb question but, even with your own email server, wouldn't the NSA still be able to snoop because their snooping is on the ISP level? Wouldn't email encryption using PGP be a better and less time consuming alternative?

 

But, then again, hosting your own email server would be considered a closed system to get around the whole "abandoned" email classification when hosted by a third party. Plus, it would be fun to learn how to setup an email server.

[G+_Ryan Skeldon]

You are correct Frank Kim in regards to it being somewhat pointless in light of the NSA snooping. There is, though, a sense of accomplishment and security knowing the data (email) is in your control. 

 

I haven't kept up with news about the NSA and SSL certificate authorities, but if one is willing to forgo a CA and sign their own cert, they could create a system where they only trust themselves. That would eliminate possible MITM attacks and avoid snooping. Someone please correct me if this is wrong.

[G+_J Esposito]

I agree with Frank Kim that encrypting your e-mails before they leave is the best security you are going to get with e-mail because e-mail is not encrypted at the transport (smtp) level. Steve Gibson's last few episodes on Security Now will give a lot of understanding about PRISM and the security implications.