A better approach to security

[Pete Stephenson <pete AT heypete.com>]

On 8/22/2012 6:52 AM, Arno Welzel wrote:
> Don Parris, 22.08.2012 05:28:
> 
> [...]
>> I do use GMail, but many people worry about their privacy with Google.  I 
>> actually now forward my e-mail to another account, which I can check 
>> securely.  
>> It is also an account which I can maintain regardless of my ISP.  But 
>> stopping 
>> an e-mail accout is a bit complicated.
> 
> Therefore it's a good idea to have your own domain - this makes you
> independent from ISPs and many hosters also offer secure access to
> smtp/pop3/imap.

Precisely. Owning a domain makes your mail and address extremely
portable. I've had mine since 1999 and have had many different services
provide the back-end hosting for my mail: currently I'm with Google
Apps, but I'd previously been with a few others including a server under
my desk at home for a while.

A domain is completely worth the $5-$25/year cost (depending on TLD and
registrar), even for an individual.

> The next level would be your own server - virtual root servers are not
> that expensive today (starting at about 5 EUR per month) and powerful
> enough to handle e-mail. Combined with tools like Plesk, CPanel or
> ISPConfig it is even possible to handle without deep knowledge of Linux.

This is true, but a mailserver is not just a "set it and forget it" type
system: there's continually-evolving threats ranging from incoming spam,
hacking attempts, dealing with anti-spam lists mistakenly listing your
server because it's small and relatively unknown, how to set up storage
in a redundant way, etc.

It's certainly a learning experience (I recommend everyone try it at
least once!) and important for systems administrators to know how to do,
but in general I find it easier to simply make this Someone Else's
Problem and focus on more productive endeavors.

I look at email like a basic utility: while I could generate my own
electricity or run my own telephone network I find it more economical
and productive to pay the electric/phone company for their service. They
benefit from economies of scale and I benefit from a lower cost and the
providers having technology and staff to keep things running reliably.

Just my two cents, of course.

In regards to the original post: it is quite silly that the ISP doesn't
provide SSL/TLS-secured mail servers. They don't need to make SSL/TLS
mandatory, but at least providing it as an option (preferably the
default option) seems like it'd be a really good idea and not that
difficult to setup.

Cheers!
-Pete