How To Keep Your Emails Private
Anti-piracy advocates tend to attract a lot of ire from a very tech-savvy audience. A group of users at the famous forum site 4Chan has been targeting various pro-copyright groups with denial of service attacks.
Typically, denial of service attacks are annoying but little more. They work by overloading a server or firewall with too many requests until legitimate requests get turned away. This can pull the site down for a few hours, but is easily solved by moving the site to a new server.
And that is pretty much what happened to most of the sites on 4Chan’s hit list, including the RIAA, MPAA and other organizations across the globe.
However, one company, a UK law firm named ACS:Law has suffered much more dire consequences. When its server came back online, it accidentally published thousands of confidential emails that were immediately downloaded and placed on file sharing sites. Disaster!
It’s a reminder just how easily our digital private lives can become public and why we, as webmasters and hosting customers need to understand just how sensitive much of our digital information is.
NEVER Think of Emails as 100% Private
The problem with email is that it is goes by the name of ‘private’. You should never say something in email you don’t want to end up on the evening news. However, most people trust that their correspondence via email will remain between themselves and whoever they send it to.
Even if we don’t say anything too explosive in email we still use it for a great deal of personal and business communication. We talk to our spouses, girlfriends, parents, siblings, clients, business partners and more. Though the contents of one or two emails might not be very revealing, an entire archive of mail, such as what was leaked for ACS:Law, can be very damning.
Even if you are careful about the data you send via email, anyone with motivation and access to an archive can probably learn a great deal of private information about you. In this regard, email is very similar to search data, much like the information AOL leaked “anonymously” a few years ago.
To avoid this kind of scandal, consider moving your email off your server and onto a service such as Google Apps.
Why Web Server Email is a Bad Idea
Though nearly every host offers free email with their account, many providers, including VPS and dedicated server providers, put the email server on the same physical machine as the Web server.
This private data is now sitting on a publicly-accessible machine. If a security flaw is found in the Web server, the database server, the operating system or anything else, your email is suddenly up for grabs. Further, as ACS:Law found out, a poorly-configured server can make it SO MUCH WORSE.
The foolproof solution? Ensure that your email is not on the same server as your site.
Many larger shared hosts do this already by using separate servers for emails. However, dedicated solutions such as Google Apps take it a step further, segregating the email storage from the Web and using intermediary servers to communicate with clients and Web interfaces. Not only does this secure your mail, it also speeds up your access.
Any separation of email server from Web is a good move, even if it is just to a different machine in the same datacenter. Fewer potential security holes helps keep your email private and protects your Web server in the event your email server somehow gets attacked.
In other words: don’t put your eggs in one basket!
The case of ACS:Law illustrates exactly how critical email is. The story gets even worse for the company as they may be fined for divulging all this private information, even though they did so unintentionally.
If you want your email to stay as private as possible, it makes sense to keep it off of a machine that is publicly accessible and put it somewhere that is a reasonable distance away from your potentially vulnerable server.
Although this won’t guarantee that your email is completely safe, it adds another level of protection. The more levels, the better: it really is that simple.