Email tracking
| Email tracking |
Table of Content |
Disposable email addresses
|
Using an email client like Mozilla Thunderbird is more comfortable for anonymous email accounts than using the overloaded webinterfaces of some mail providers. OpenPGP or S/MIME encryption for your email communication is possible and well supported.
The most easy ans secure way of configuration uses the add-on TorBirdy. The add-on will enable all required security settings, it will disable tracking features for e-mails and the account creation wizard and configures the proxy settings for Tor or JonDonym.
For install you have to download torbirdy-current.xpi (OpenPGP signature). Firefox user have to click with the right mouse button on the download link and choose "Save link as...". Start Thunderbird, open the add-on manager and choose "Install Add-on From File...".
Restart Thunderbird and choose the anonymisation services you want to use (Tor or JonDo) in the statusbar at bottom left corner.
After installation of TorBirdy you may configure your mail accounts. Because of a bug in Thunderbird you can't use the account creation wizard. The wizard is disabled by TorBirdy. You have to configure the POP3 server for incoming mails and the SMTP server for outgoing mails by hand.
You may find the settings for the POP3 server on the website of your mail provider. Enabled SSL encryption.
You may find the settings for the SMTP server for outgoing emails on the website of your mail provider too. Because of spam protection all premium exit mixes block port 25. You can use port 465 (SMTP-SSL) or port 587 (submission) for sending emails with Thunderbird. Please check whether your mail provider offers these possibilities and replace the settings like shown below.
TorBirdy enforces secure SSL/TLS connections to all mail servers but not all email provider support genuinely secure SSL/TLS encryption. Yahoo!, Cotse and AOL don't support Secure Renegotiation. This is a well known bug in the SSL protocol for years. It is possible for an attacker to decrypt your username and password. It takes less than a second to break SSL encryption, if Insecure Renegotiation was used. Choose another mail provider is our recommedation in this case.
If you were not able to connect to the mail server, you may use the OpenSSL library to check the SSL connection or you may ask the JonDonym community in our forum for a check:
> openssl s_client -connect smtp.aol.com:465
...
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
...
If you think, you don't need secure SSL encryption, you may allow insecure SSL/TLS connection in TorBirdy Security Settings.
| Email tracking |
Table of Content |
Disposable email addresses
|