PRISM Proof Cloud Email Services
Cloud email services use SSL certificates to encrypt the conversation between your browser
and the HTTP server, this encrypted traffic is called HTTPS. Most HTTPS certificates allow for a
master key to decrypt the encrypted traffic, however this is not true for certificates which use a
temporary session key which is individual for each user. This is known as SSL ephemeral mode.
This article is a survey of free cloud email services. It lists services by their affiliation with the
NSA, their support for HTTPS, their support for SSL ephemeral mode, and the physical location
of their servers. By carefully choosing a cloud email service, users can be confident that their
traffic is not entering the network of the United States. Additionally if their traffic did enter the
United States, the SSL certificate of the cloud service they select supports ephemeral mode
which prevents the NSA from gaining a master key to decrypt network traffic.
Lists of free cloud email services
Individual cloud email services that support HTTPS
Private key disclosed to law enforcement (PRISM/FBI etc)
Private key not disclosed to USA law enforcement (this list is used for the remaining
Domains that use Ephemeral DiffieHellman key exchange on HTTPS
Domains that use Ephemeral DiffieHellman key exchange on POP3:995
Domains that use Ephemeral DiffieHellman key exchange on IMAP:993
Domains that use Ephemeral DiffieHellman key exchange on SMTP:465
Domains with POP3 but no POP3 encryption
Domains with IMAP but no IMAP encryption
Domains with SMTP but no SMTP encryption
Company geographic location
shortmail.com United States
lavabit.com United States
www.mail.lycos.com United States
mail.riseup.net United States
inbox.com United States
webmail.xmission.com United States
Server geographic location
DNS domain to ip address resolution and round robin:
This is where things start to get a bit more complicated. By looking up the DNS records for a
domain you will find that some organisations have servers located across several countries to
get better speeds. By looking up the DNS records for gmx.com you will see that gmx have
domains registered for different geographies such as gmx.net, gmx.at, gmx.ch, gmx.co.uk,
gmx.es, gmx.fr and gmx.com all of which can resolve to multiple ip addresses for requests to
the same domain. By visiting the following web page you can do a quick lookup to list the ip
addresses for the domain but beware as the addresses listed are not always the ones accesses
by your browser. http://who.is/dns/gmx.com
Try running the following command to download the dns records:
dig +nocmd gmx.com any +multiline +noall +answer
You may also notice that by pinging mail.gmx.com several times you will get a different ip
address in the response every time. This is due to the DNS server responding with a single ip
from a list of ip addresses using the round robin algorithm for load balancing.
ping mail.gmx.com > 184.108.40.206
ping mail.gmx.com > 220.127.116.11
ping mail.gmx.com > 18.104.22.168
URL redirects and CrossDomainSingleSignOn (CDSSO):
In some cases you may log into a domain such as gmx.co.uk by entering your credendials but
you will be redirected to gmx.fr. If the cookie is sent to your browser from the co.uk domain and
the fr domain requests the cookie from the first domain then your browser will block the second
domain from reading the cookies as it violates the crossdomain policy. By using
CrossDomainSingleSignOn web applications are able to authenticate across several
domains allowing the user to log in only once. For the purposes of knowing where your data is
being stored in the cloud, the best guess you can make is to assume it is coming from the final
domain you have been redirected to.
The POP3 port for inbound emails is 110 or port 995 if you want to use secured POP3. The
IMAP port for inbound emails is 143 or port 993 if you want to use secured IMAP. The SMTP port
for outbound emails is 25/2525/587 or 465 if you want to use secured SMTP. If your cloud mail
server allows connections over nonsecure ports and your traffic is crossing american
cyberspace then emails received on ports 110, 143, 24 and 2525 can be captured by the NSA as
the traffic is not encrypted between one mailserver and other (Alice > [https] > gmail.com >
[plaintext] > gmx.co.uk > [https] > Bob). An interesting project would be to survey how different
mail servers interact when exchanging mail documents, do they always attempt to use SSL and
downgrade if it is not available or do they have to be forced to use it? If mail servers use SSL by
default when available then the communication would be secure between the web interfaces and
also between the mail servers (Alice > [https] > gmail.com > [ciphertext] > gmx.co.uk >
[https] > Bob).
Compare the certificate types of https/pop3/imap/smtp using the following bash shell script:
echo ne "$i:t"
echo "EOF" | openssl s_client crlf connect $i 2>1 | grep o "Cipher is[^>]*"
Additionally to check if a port is open try the following commands (type “quit[enter]” to exit telnet):
telnet pop.gmx.co.uk 110
nmap T5 p 110 pop.gmx.co.uk
By determining if the ports are open you can assume the service is running on the port, however
this is not always the case. Also be aware that some servers block port scanning. Try the
following bash shell script to use nmap to test if ports are open on the cloud servers:
#http pop imap smtp
for i in $http;
echo e "n$i:"
nmap T5 p 80,443 $i | egrep "http$|https$"
for i in $pop;
echo e "n$i:"
nmap T5 p 110,995 $i | egrep "pop$|pops$|pop3$|pop3s$"
for i in $imap;
echo e "n$i:"
nmap T5 p 143,993 $i | egrep "imap$|imaps$"
for i in $smtp;
echo e "n$i:"
nmap T5 p 25,2525,587,465 $i | egrep "smtp$|smtp$"
Ensure your browser is using the “HTTPS everywhere” extension when browsing these
domains. If you bookmark a cloud email service, be sure that you are using the absolute ip
address of the server to lock its geographic location. So for example, bookmarking
www.gmx.com which could bring you to the servers in the USA or Germany, instead bookmark
https://22.214.171.124/ which is the German ip address as opposed to bookmarking
https://126.96.36.199 which is the ip address for the US server. A useful extension for geolocation
of servers is “Flagfox” which attempts to perform geolocation of the server currently delivering
the content for the web page.
It should be noted that no single cloud service provides SSL certificates in Ephemeral mode for
all their services (HTTPS/POP/IMAP). Additionally out of the 20 service surveyed that provide
HTTPS there are only 3 that are not based in the United States. It was possible to shortlist the
top 3 services to bronze, silver and gold based on the results of this brief survey.
#1 ojooo.com (DHE_RSA on https/pop3/imap/smtp, and they’re base in Germany)
#2 contactoffice.com (DHE_RSA on https/pop3/imap, and theyre based in France)
#3 inbox.com (DHE_RSA on pop3/imap/smtp)
Worst security award:
#1 rediffmail.com (no security implemented on any protocol)
Normally if the traffic happens to pass through american telecommunications networks the NSA
will tap into the fibreoptic systems in the network backbone of the country and record all the
traffic in their Utah data centre and will keep it for up to 5 years in cold storage on hard drives
before discarding it. An famous case of the NSA tapping major network backbone is the
fibreoptic tap in “Room 641A” when the NSA split the fibre optic communications cable in AT&T’s
By choosing a mail service that uses a different encryption key for every network
communication, your traffic will be secured against the NSA from taking your traffic out of
coldstorage and decrypting it using the compromised master keys used to generate the SSL
certificates. These master keys are normally compromised by the NSA simply walking into a
corporation and demanding the keys from the owners. However this is not possible with SSL
certificates that are operating in Ephemeral mode as a different key is used for every connection
and is then discarded immediately. However this technique will not prevent the NSA or other
surveillance organization from demanding physical access to the companies servers and simply
copying the data off their hard drives.
An interesting project would be to survey how mail servers interact to exchange messages when
a secure communications channel is available. Does Postfix mailserver attempt to use SSL
before downgrading to a plaintext alternative. Does Microsoft Exchange server attempt to use
SSL before downgrading to a plaintext alternative?
1. PRISM Accomplices
2. PRISM Network Graph
3. Explanation of Ephemeral DiffieHellman key exchange
4. DH vs. DHE and ECDHE and perfect forward secrecy
5. Geographic ip mapping tool http://www.geoiptool.com/en/
6. HTTPS Everywhere https://www.eff.org/httpseverywhere
7. Flagfox https://addons.mozilla.org/enus/firefox/addon/flagfox/
8. NSA Utah Data Centre Yottabyte Storage Capacity
Last edited: Tuesday, July 16, 2013 at 1:35:15 PM IST