I have used hushmail for a few years, it's quite nice and featureful. I especially like the greylisting option.
Hushmail has been around for years and is quite popular. There was some controversy in the past due to possible backdoors for law enforcement from what I can recall.
I've just started using it only because of the free e-mail services. I haven't dabbled with its security abilities, although you need to log into the account every 2-3 weeks according to their ToS in order to keep the account alive.
Well, if you set a private key to get into the account, law enforcement has to crack it to get into it, because hushmail doesn't keep a copy of the key.
This is not exactly true; If you google hushmail, a couple years ago some schmuck was selling steroids from a country where it was illegal, using hushmail as a contact. Once hushmail received the court papers, they handed over the private key. there was no hacking involved. Hushmail stores your private key on their servers. Private keys have the ability to be 'locked' with a password, but that password is the same as your login, so it is really trivial for them to hand it over. According to their docs, if you use their javascript option, the private key is inaccessible to them; however there is no real way to verify this. But for instance: Set up your hushmail account with the javascript authentication option, log in, disable the js option and log in again. Everything works as expected. So, they really do keep your keys on their servers. In hushmail's defense, they do have very few 'reported' incidents where they turned over anything, and in each case the perps were breaking laws. BUT, if you are selling privacy, in "the post 911 world" (as it were), where privacy can be invaded for practically any reason, these incidents do not garner any real trust. So, in the end the only way to secure your email is to either run your own mail server, or use any mail service and utilize your own pgp keys (thunderbird and enigmail are my fav's). As far as comodo email, I have not used them,. However, if privacy is your concern, I would not trust anyone.
I have tested Hushmail and Comodo SecureEmail. The former requires you to sign up for a Hushmail account. The latter works with an existing email account, and requires you to sign up for a free digital certificate for authentication purposes. The main drawback for encrypted email services is that both sender and recipients need to have accounts with the same service or setup, failing which to use less secure means. With Hushmail, email can be encrypted with a question/answer pair, where the recipient provides the correct answer to decrypt the email. With Comodo SE, encrypted email can be stored on Comodo servers, accessed by the recipient as a webpage by means of a decrypting password. Much depends on the nature of the information transmitted, and whether it is privacy or anonymity you seek. For privacy purposes, Thunderbird with Enigmail is recommended for home users by many security professionals. For anonymity, use mixmaster remailers.
Hushmail wont protect criminal activity, if the law asked for access to your account they would likely get it. Hushmail is a very good email service however, what are your requirements for an email service and what make you pick Hushmail?
exchanging digital signatures with someone required both of you to send each other already signed secure emails. Before taking this step, neither could read each other’s encrypted secure emails. SecureEmail’s unique ‘session’ certificates make this usually complex process seamless. Here’s how it works: when sending a digitally signedsecure email to someone else, they’ll be able to view it immediately by either downloading SecureEmail themselves, or simply using the online WebReader of Comodo.
safermail.biz is an email service that is secure This email service is using 1024 bit SSL certificate. So the communication between the browser and the mailserver is pretty safe. And they offer 256 bit AES encryption of the email content. If an mail is encrypted the only thing that is needed to decrypt is the password. This can be set before encryption. If the recipient doesn't know it, he can't decrypt. Encryption/Decryption is computed on the clients computer (javascript). If the recipient has no safermail.biz email account, he can decrypt the message at safermail.biz (there is a ssl link) if he has the password. The service is 10 US$ per year. This is technically a superior solution since the encryption/decryption is calculated 100% on the clients computer - no passwords are transferred. The webmailer is an upgraded horde with POP, IMAP. regards Rene Andre Poeltl