Most secure mail client?

Discussion in 'privacy technology' started by Q Section, Oct 9, 2003.

Thread Status:
Not open for further replies.
  1. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Hello Everyone
    What is the best mail client? Our first consideration is one that is very secure and our second consideration is one that can stop most trash/junk/spam.

    Thank you for your opinions.

    *update - SecureBat looks good but is costly. How about Pegasus?
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Qsection,

    Have a look at The Bat! v2, and the specs. The forum over there provides a nice impression as well.

    regards.

    paul
     
  3. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    If you are not looking for a free one I think

    Becky! Internet Mail ist one of the most secure email clients there is.

    www.rimarts.co.jp

    Forum: http://www.mickeytheman.com/forums/index.php

    and a yahoo list makes it well supported.

    Another one would be free foxmail

    Ruben
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Ruben,

    I wondered as of when you would kick in with Becky's ;).

    I'm with you Becky's is belongs to the top notch email clients.

    A matter of personal choice; I for one do prefer The Bat! - and in case one can affort it: SecureBat!

    QSection,

    The only way to find out which one suits you best, is giving them a try. Trial version(s) are available ;)

    regards.

    paul
     
  5. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    :)

    Ruben

    BTW: Foxmail url is

    http://fox.foxmail.com.cn/english.htm
     
  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Paul,

    Where can the plug-in for the Anti-Virus Nod32 be found for The Bat v2 ?
     
  7. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    No plugin needed - IMOn will get you everything

    Ruben
     
  8. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    Hey !

    I know It's already configured ;) lol I was just making an inquiry ;)
     
  9. Lithp

    Lithp Registered Member

    Joined:
    Jul 31, 2002
    Posts:
    10
    calypso. its free too.
     
  10. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I have my doubts about foxmail.
     
  11. Monique

    Monique Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    6
    Calypso and foxmail don't even come close to The Bat! Have a look at all specs on their website mentioned above - now that's impressive!.

    I'm a very satisfied The Bat! v2 user (as I was using all v1 versions) :cool:

    M
     
  12. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    To be honest I don't think any of the freeware email clients are that *secure*. Except maybe Pegasus, except that's a little buggy.

    The last time I tried Foxmail the way it handled HTML mail was downright dangerous. Also I seem to recall someone writing about some suspicious phoning home behavour, but perhaps that was nothing.
     
  13. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    A) I use Calypso. It's free at...
    http://www.rosecitysoftware.com/calypso/

    B) I have Calypso configured NOT to process anything but plain text. It leaves the html stuff on the server, where I discard most of it, using Mailwasher, & use Firebird browser to look at the few items worth looking at. I no longer subscribe to any newsletter [or such] that doesn't offer a plain text version. Most of them do.

    C) I have Calypso's very first filter configured as follows...
    ~~~~~~~~~~~~
    Pattern to search for- * [* is a wild card; therefore this filter applies to ALL messages]

    In- Subject [thus, this filter applies to every message, no matter what its subject is]

    What action to take: Save attachment in E:\ Virus Check [this causes Calypso to rip-off EVERY attachment & send it to my Iomega zip file. I do a full scan of that folder before ever I open anything therein.]

    Continue Filtering? Yes [indicated by check mark. Thus, this filter doesn't stop any messages. It merely rips off any attachments.]
    ~~~~~~~~~~~
    D) The above filter sends EVERY attachment to a zip file folder. Thus, even if I change my AV or AT programs, the attachment stuff is safely stowed away.

    E) Courier is an even more secure, non-free upgrade to Calypso. Get it at...
    http://www.rosecitysoftware.com/Courier/index.html

    regards......bell
     
  14. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    If it be true that 95% of problems comes through onto our systems through the mail, it seems to me that we should do every thing we can to give this area our best approach . I think a separate programme such as Beinign( neutralizes harmful aspects of your e-mail such as viruses, scripts and web bugs, so e-mail you receive is safe) and mailwasher ( the ultimate solution to getting rid of spam and unwanted e-mail) is the way to go . http://www.firetrust.com/home/
    It then matters not so much the email client one uses
    Nor are we relying on the lastest update to our anti virus / trojan programmes to protect us .
     
  15. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I hate web-bugs in html mail, using Firebird to view html won't block that, unless you take precautions.
     
  16. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I disagree. I believe in simplicity. Imagine trying to chain a antispam proxy to your antivirus and to your "benign" before finally receiving mail, that's overly complicated, and the more complications there are, the great the chance of a F***up.

    I know this forum is very big on "layered defence" (whatever it means) but sometimes I think you guys like complexity for it's own sake

    Get a good email client that has it's own html viewer that only displays standard html without interpreting js or other crap as well as refuses remote requests, forces you to save any attachment first and then allowing you to run it only outside the email client (no such nonsense as oops, i clicked on an attachment and it ran!) , and you are perfectly safe. Then you don't really need a superstitious fear of attachments that so many seem to display. (add common sense too of course to the mix)

    Benign is a nice idea, but if it misses anything and you use something like Outlook then oops, you are wide open.
     
  17. tosbsas

    tosbsas Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    789
    Location:
    Lima, Peru
    Wierd thing though - How can you recommend a mailer that is discontinued and there will be no support for it any more??

    Understand you ist a good proggy - tried a 2 years ago, but ...

    Ruben
     
  18. solarpowered candle

    solarpowered candle Registered Member

    Joined:
    Jan 9, 2003
    Posts:
    1,181
    Location:
    new zealand
    Benign is instant. There is nothing complicated with it. Just the thought that it may be complicated maybe. Its ultimate simplicity . I trust it over any other software I may be running to look after my mail, even if I be running outlook as one of my mail clients. However If one prefers to play around with settings and take there chances thats cool also. There is little diffirence in trusting an email client to preform the correct operations that you have set it to do , and a programme like benign , that you have set it to do . Its a matter of which one you have faith in most to perform those duties. So I dont see benign as being any less vulnerable than a email client , In fact as its set up soley to take care of all email and nothing else its more likely to be better at what it does than software that takes care of many things ,
     
  19. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    Good info, JayK. Startling! You mention "precautions" -- could you specify exactly what they are, please?

    grace & peace to all......bellgamin
     
  20. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    If you mean Calypso, yes -- it is no longer being updated. However, there IS tech support available from a very active mailing list at...
    http://groups.yahoo.com/group/CalypsoMail

    ...one of Calypso's lead programers regularly holds forth there.

    Calypso has been updated/upgraded, under a new name [Courier] - I gave the URL in my earlier post. Rose City SW bought all the rights to Calypso EXCEPT the right to use the name. They also hired Calypso's lead programer. The Courier upgrad is superb. It was designed with security capabilities recommended by a very paranoid user's group on the Calypso ML. Example - its own html viewer, click-on/click-off html, lots of other stuff. If I ever scrounge $30 I will buy it. However, Calypso itself is quite secure, just not as secure as Courier or The Bat.

    grace & peace to all......bell
     
  21. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    I agree with JayK.

    Also agree with Bellgamin about Calypso, even on its abandonware version.

    BTW, 'abandonware' I find to be a tricky term, because that a software is no longer updated does not automatically mean it's no longer able to fulfill its stated missions. I think it's a matter that has to be decided on a case-by-case basis.

    And again, not to be the dead horse here, but Thunderbird (Mozilla project 's stand alone mail client) seems to have everything needed, including simplicity. It's also completely free and regularly updated.

    T'Bird another philosophy compared to -say- The Bat 2 (which has an impressive list of embedded tools). Of course, I completely recognize that BOTH philosophies have their own merits.

    IMHO, T'Bird much too little known compared to its value and merits...

    Rgds, Crockett :cool:
     

    Attached Files:

  22. crockett

    crockett Registered Member

    Joined:
    Jul 15, 2002
    Posts:
    333
    Another screenshot from Thunderbird...
     

    Attached Files:

  23. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Okay let's be clear here, html mail is dangerous because
    it can be laced with activex, java that are programs in their own right. A lesser danger is web-bugs.

    Using a none IE browser will reduce the chance of the first problem ,because non IE browsers do not run activex at all and are generally more secure.

    Web-bugs on the other hand are simple remote links to webservers., the most basic type is a image.

    This means that instead of sending the picture as an attachment with the mail (so you can see the image even if online) , the html mail will
    try to request the image from a remote web server belonging to a spammer. This alerts the spammer that your email account is a live one and worth spamming more :)

    There is nothing malicious about that it's just plain vanilla html, so no browser will block it.



    You do know what web-bugs ar nowe right? If you do, it's obvious what to do. (e.g stop loading remote images,css etc)., the problem is this will make normal surfing problematic.

    Perhaps easier would be to read html in your email client, but restrict your email client to accessing only the normal email remote ports 25,110 etc using your firewall.

    Using non-IE based browsers to read html will protect you from activex nasties though, unless you are crazy enough to install one of those activex plugins for mozilla I saw the other day.
     
  24. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    I think you miss the point, I'm talking about the interaction between a third party product and your email client creating complications.

    I actually prepared a long detailed analysis of how Benign works with the email client and explain to you my experience using various tools that work the same way on how easy such methods can appear to work properly by passing mail through your mail server to Benign and then to your email client for thousnads of mail then suddenly fail for one. But I accidently closed it before posting :(

    I''m too lazy to type it all again so I'll be brief. Basically the problem is because the email clients all implement pop commands slightly differently, so there can be dozens of exceptions that can lead to mail being lost along the way, or fail to be acted upon by the intermedate software.


    The programmer of the email addin product has the difficulty of preparing all the interactions that can occur with dozens of email clients, many of which is hard to predict because the email plugin/addin product does not know (except in general) the inner workings of your email client. Even if he did have access to your Email client's code, would he have the time to study and understand all of them?

    Compare this to a good email client with built-in functions of spam filtering and html handling, which do you think is more likely to have unexpected bugs?

    I hope you understand my point.
     
  25. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    There's another point to be made. It may not be very important to most of us, but not only the mail client is a potential risk. The mail that's being sent and the person it's being sent to are probably just as important in risk assessment.
    So there you go: a decent mail client needs to know how to handle encryption and trust relations. That implies that a mail client also needs to know how to apply digital signatures.
    There are only a few mail clients that know how to handle x509.3 certificates or pgp-keys (let's just forget for the moment that pgp does not automatically results in added trust, but it is very secure encryptionwise).

    At least The Bat! (even the regular version) and Foxmail (v5) are on the shortlist for both. I don't know any other mail client that achieves this, but there may be alternatives.

    Funny that OE should know how to deal with x509.3 :)
     
Loading...
Thread Status:
Not open for further replies.