Tag Archives: infosec

Email servers? Let’s do it.

Background: Anyone who gets anywhere near INFOSEC information tends to get a little paranoid….or a lot of paranoid. This is just a side effect of knowing what you can do to own people’s information and learn about them. Email can be a weakness in this.

I encourage everyone to think about worst case scenarios related to this. What happens if your primary email account is compromised? What happens if you use it for everything? Well, then someone now can reset any account you have without Two-Factor authentication and even some with it.

Fast forward, and now we have an issue: Do you set up a throw away email for every account you have? Do you use something like ProtonMail that boasts double encryption? What if you set up your own system? Hm…..

In walks iRedMail. Opensource, beautifully simple and it just works. I don’t send many emails (maybe a couple a month at tops) and mostly use it for either news/updates, or for account information. This is good, because setting up your own email solution can get blacklisted quickly and not be able to send emails out. This is fine for me, so using a new set up works like a charm and runs off an encrypted system internally. Add to this that the website isn’t accessible via web, and we have a more solid and secure system. It’s nice getting my feet wet in these projects should other opportunities arise for freelance work as well.

Sometimes peace of mind is worth the extra effort.