After Hillary Clinton was accused of using a “homebrew mail server” (as the Associated Press dubbed it), a lot of people became interested in reclaiming the privacy of their email. With all the leaks and hacks—as well as incredible amounts of personal information saved and shared via email—it makes sense. The whole Clinton email debacle spread quickly, especially after she tweeted that she was happy to let the public read her emails. It doesn’t matter who you are, what’s in the emails, or how transparent you’re trying to be: Nobody wants to have their emails read. The Clinton team runs their own email server, which gives them total control over which emails are “leaked” or shared, but is that the best approach?
According to tech experts, the Clinton server has subpar security. It leaked some embarrassing details, some of which the press says showcase when her political judgment was clouded. When it comes down to it, hosting your own email can be a great way to increase security, but only if you know what you’re doing. In 2013, the Snowden whistleblowing controversy opened up tech discussions on hosting your own email, and it became clear: You need to be very skilled as a systems administrator in order to even consider managing your own email.
The reality is that encryption and other privacy tactics aren’t innate in email systems. Even after these leaks it hasn’t become a priority for anyone making these programs or devices since, for the most part and for most people, email is secure enough.
Reading between the Lines
There are many emails that make their round without encryption. According to a recent Google report, 78 percent of outbound mail from Gmail is encrypted, but only 58 percent of inbound messages are. That’s a step up from the earlier days, since in the first year that Google tracked incoming mail from Comcast, only one percent of it was encrypted. Encryption is a must if you want private emails, but it needs to be with trusted keys. Pretty Good Privacy (PGP) is a good choice, but it’s difficult to set up and use. Plus, PGP only plays well with PGP—and that’s a big problem.
Right now, Google is working diligently on End to End, which will be a Chrome extension that makes PGP easier to handle. However, it’s still in testing stages. There are other options like iPGMail and Mailvelope, but they’re just not catching on and come with their own issues. Where we are right now, there aren’t any simple ways to keep your email secure from even hobby hackers. Mix government hackers into the cocktail, and you don’t stand a chance.
These concerns are what led many people to host their own email, but that’s not the answer. Let’s say you want to host your email on a shared virtual private server (VPS). That’s great, but you’re only as safeguarded as your hosting company is. You’ll also be the one in charge of staying on top of the latest hacks. If you’re in flight while a server goes down, a break-in occurs, or your home Wi-Fi isn’t secure enough, then what?
Running a server at home comes with actual security risks. There are reliability issues, like when the power goes out. Plus, remember that sysadmin jobs can be very complex. Even installing programs can be tricky and you should be well-versed in SSL certificates before you even try. In the age of mobile readiness, many people are reading their emails first on a smartphone, which adds another layer of complexity into the mix.
It’s your best bet not to host your own email server. What you should do is keep work and personal emails separate. Choose a web host that prioritizes security just as much as you do. There’s never any guarantee that you won’t be spied on, but there are choices you can make to optimize your safety and privacy.