This gets asked a lot currently. The sentiment seems to be that email is doomed from a security viewpoint. You'll be leaking metadata no matter what. Even if your email provider was somehow secure, you have no way of knowing if the person (and their provider) you are communicating with is secure. If it's not (which is very likely) then all your efforts to secure your end are almost for nothing.

So yeah, my suggestion currently is to acknowledge the level of secrecy (or rather lack of) available with your email setup and use it accordingly.

Probably postcards are more secure.

Modern post companies use OCR and other digital processing to handle all mail, including postcards. At least is would be easier to mask who is sending the postcard, for example by omitting the sender details and throwing it into a mailbox far(ish) away from your home. Not a perfect system, as one could probably locate your home via triangulation if you were to use a number of different post boxes in the area of your home.

There are no providers who can provide full protection from a court order. The only solution is to encrypt on the client side using PGP or S/MIME and make everyone you communicate with do the same. But that means you can only login to your email from computers where your private certificate is installed. It also means no more webmail and no more search capabilities.

Yes: run your own mail server.

This raises the barrier enough so that the NSA/FBI can't just request access to your mail. Instead now they would have to either physically access the mail server, or use extremely offensive techniques (backdoor your computer, take control of your mail server via a software vulnerability, etc).

If only running your own mail server, spam detection etc was a trivial exercise. I did this for many years running sendmail on OpenBSD, but it is so much nicer having Gmail now.

"Those who would trade security for convenience deserve neither" (with apologies to Mr Franklin)

Having said that, I'm in exactly the same position.

(Though I'm very seriously considering going back to running a mail server myself - probably on a RaspberryPi inside a locked cabinet at home…)

Lavabit's closure highlights the fact that third-party email providers cannot be trusted to keep your email private.

Even running your own mailserver (on a computer in your home, for example) won't save you from dragnet NSA surveillance or targeted attacks, but at least you'll know if the government sends you a National Security Letter or obtains a FISA court order for your email.

> Even running your own mailserver (on a computer in your home, for example) won't save you from dragnet NSA surveillance or targeted attacks, but at least you'll know if the government sends you a National Security Letter or obtains a FISA court order for your email.

At which point you could disconnect your mail store from the server, stick it somewhere safe, and claim that you don't store mail, you just read it then delete it. They'd have to get a warrant to search your home, they'd probably decide it isn't worth it.

It depends on what you are trying to prevent.

If you run your own MTA/IMAP server and lock down the OS and BIOS sufficiently -- including encrypting the hard drive -- you can be fairly confident that your at rest emails, including metadata, will not be accessed without your knowledge. But there's not much at all you can do to prevent mail sent to or from your machine from being intercepted. Configuring your MTA to only converse over TLS will help, but ultimately you have no good reason to trust the other mail server.

You can encrypt all your message bodies using either PGP or S/MAIL, but that requires the people you are conversing with the have key pairs, and doesn't protect metadata.

Could you trust any that remain operating, after the Lavabit fiasco?

Many people seem to forget that there are still countries where US laws are not in effect.

Even more interesting is the fact that even Lavabit's founder seemed to have overlooked this fact, and instead of relocating his servers and all the user data to Iceland, Norway or New Zealand, he chose to shut it down for good.

Why?

Because if he got a NSL requesting a backdoor on his servers, then it doesn't matter where the servers are located. What matters where he personally and his company are located. And you can ask Snowden how fun it is to be persona non grata.

Perhaps we had family, friends and his entire life in America, and didn't want to uproot it all to move his service overseas?

One clue is a statement Levison made is that it's not just what they asked him to do, it's also what he knows that would change our perspective of email:

“If you knew what I know about e-mail, you might not use it either.”

It simply depends on who is in your threat model.