Email is not the secure communication medium that most people take it for. Even if you’re using HTTPS or SSL to access your email account, after your message leaves your mail server it travels across the internet as relatively plain text until it reaches the intended recipient. During that journey, your message can be read or tampered with by cyber-criminals, government agencies, your ISP, unscrupulous network administrators, or anybody with some network knowledge and packet-sniffing software. Think of it more as sending a postcard through the mail, rather than a sealed envelope.
The only way to make sure that your private emails and attachments stay private is to encrypt and digitally sign your emails. In the past this meant swapping encryption codes with each person with whom you wanted to communicate securely, which could quickly become a hassle. Now, though, there is a solution: Hushmail, from Hush Communications, is a secure and reliable webmail service with integrated encryption that eliminates the need for code swapping.
First Impressions / Layout
Signing up for Hushmail is fast and easy. You can choose your own username or Hushmail will provide you with one if you prefer anonymity. You don’t need to input your name, alternative email addresses, or any other information about yourself. For security reasons, Hushmail requires a longer pass-phrase instead of a password, which might take a while for some users to become accustomed to, but forces those users who have the same password for all of their online accounts to create a new one.
Hushmail offer three types of accounts: a Free account which includes webmail and 2 MB of storage, a Premium account ($34.99/year) which increases storage to 250 MB and adds priority tech support and unlimited email aliases, and a Premium + Desktop Access account ($49.98/year) which, with the help of a downloadable plug-in, gives you secure IMAP/POP3 access via Outlook or Thunderbird. Also available is a Business account ($9.99 setup fee, $1.99/month) which is just like a Premium account but also allows users to use their own domain name as their email suffix.
All Hushmail accounts come with mobile access, integrated PGP encryption for email messages and attachments, spam-filter, and a virus scanner. If you choose the free account option, then you must sign into Hushmail at least once every three weeks to keep your account active and prevent it from eventually being deleted.
The Hushmail interface is utilitarian at best. The layout should be familiar to veteran webmail users with menus at the top and left side of the screen and a split-pane message list/content area. Advertisements are thankfully absent. The top banner is small, providing a large area for viewing messages but some of the fonts used in the interface can be almost too small to read, depending on your screen resolution. It is clear that Hushmail focuses first on security, with the visual aesthetics coming in a distant second.
How Hushmail Works
Hushmail uses OpenPGP (Pretty Good Privacy) to encrypt email messages. To send a secure message to another Hushmail user, the sender need only click the “encrypt message” and “digitally sign” checkboxes when composing. When sending to a non-Hushmail user, the security comes in the form of a link to a secure webpage where you are presented with a question that, if answered correctly, grants access to the encrypted email message. Answer incorrectly five times and the email is permanently disabled.
For additional security, a Java applet can be downloaded that performs many of Hushmail’s encryption operations right on the user’s local computer, rather than on Hushmail’s servers. This provides another added layer of security that can occasionally create problems with certain browser versions, so Hushmail leaves this option up to the user.
Features and Faults
Aside from the excellent security options, Hushmail doesn’t offer a whole lot in the way of features: mail can be accessed via mobile device, you can add external email accounts in the “Hushtools” area, there’s a virus-scanner, the spam-filter allows users to create allow/deny lists, and, well, that’s about it. There’s no calendar, no mail filters or rules, no labels, no themes, no way to save drafts, no inline document viewer, no plug-ins or gadgets to add, no social networking integration, and you must pay for a Premium account if you want desktop IMAP access.
Potential users may also be put off by the paltry 2MB (that’s mega-bytes) of storage that comes with the free account. After receiving just five emails with a few pictures attached I was already up to 80% of my available space. With other less-secure competitors offering up to 7GB of storage space for free, 2MB is comparatively tiny.
Another fault is that, when logging into a free account, the user is presented with a reminder that they could be paying for the Premium account and getting more disk space and a few more features. This occurs every single time the user logs in.
Final Thoughts
With few features, virtually non-existent storage, and a dull user interface, there’s not a lot to like about Hushmail. That said, and since LokMail went out of business, they’re pretty much the only game in town if you need hassle-free, reliable, end-to-end email message and attachment encryption right now. If that’s what you need, my advice is to set up a free Hushmail account, log-in once every few weeks to keep it alive, and only use it to send encrypted messages when you absolutely need to. The bottom line is that while the security is top-notch, Hushmail just isn’t up to par with other less-secure but more robust webmail services.
Although as a Hushmail Premium user I must say that their support service is excellent. Fast replies, you have the same support guy/girl all the time and they are very helpful.
But your review is true, there is a massive lack of basic functions like be able to label and put notes on your contacts. As I have a lot of contacts on my list I cant be expected to remember whos who. You should be able to make notes on your contact like what their title is, where they work, their phone numbers and alternative adresses and of course some basic information about them!
Contact labeling would certainly be welcome, but it’s the minuscule amount of storage space included with the free account that I find pretty unbelievable. 2MB? A single medium-resolution photo from a modern digital camera can eat up twice that!
[...] This post was mentioned on Twitter by Email Marketing and Hushmail, Email Service Guide. Email Service Guide said: Hushmail: Top-Notch Security But Not Much Else http://bit.ly/8KvzCa @hushmail #security #imap #pop3 #encryption #review [...]
In my oppinion nobody should be holding your encryption keys, the best secure email you can have is GPG software installed in your computer and any email service you like.
You dont need Hushmail if you know how GnuPG works, and most software is free anyway.
That’s a valid point, but it assumes that you are able to install GnuPG and your keys on all computers you are using. While storing the keys on a remote server reduces the security, it’s a reasonable approach if you’re moving between different computers (eg. public computers, internet cafes etc.)