Mailservers send messages in cleartext (readable) formats. This can be fortified by using encryption schemes like TLS, but that depends on all intermediate mailservers between sender and recipient corretly implementing encryption.
1)Mailserver never sends or recieves email from other servers. If you want to use it you have to login.
2)Use a VPN to login or Tor, or both if you want to conceal your usage of the mailserver.
3)Use ssh to login to the mailserver. Mailserver generates own SSH keys, not dependent on (possibly compromised) certificate signing authorities.
4)Mailserver shares public key out of band (OOB,yes i know this gets into secure key distribution), choose your own OOB method possibly using postal mail.
In short, a local mailserver, with local access. And harden the hell out of it. Use onion addresses, but use a VPN as well, Tor is probably compromised in the sense it would cost the larger spy agencies a small (relative to their budgets) amount to swamp the Tor network with their own machines.
This means that you and your recipient communicate the location and public key of mailserver OOB, login using anonymization like Tor/VPNs and email each other using addresses local to the mailserver.
Remember, charity begins at home. Harden your personal machines first. Then either sender or recipient can run the mailserver on their local machine. Or both, but that leads to other issues.
Lawyers might like this. They usually know their clients and have lotsa OOB facetime.
Back to Index Page