An idea to secure email from getting hacked. Sorta.

So, without having a real deep understanding of if this is possible I have an idea.

Email is ubiquitous, and if you are like me I can never get to inbox ZERO, I have tried. I always looked at in a couple of ways: 1. I might need to reference that email sometime in the future, so I have to keep it. 2. Wow, I was away from email for a week, now I have 3,000 unread emails and I don’t feel like dealing with that. 3. Subscriptions and email lists, yeah throw in some shopping emails and they add up quick.

I have used a single email address (it has changed over the years) for both personal and business, so I get a lot of email from a variety of sources, and for the most part, I ignore the 20,892 unread emails (I also have unread texts, and un-listen to voice mails). I do however try and address important messages in the appropriate/acceptable timelines.

Security, I use Gmail for business, with 2-factor authentication, so I’m pretty confident that I won’t be phished, I also pay attention to emails that look like they should be important, yet suspicious. Always right click a link to see what the full URL looks like!

So my idea!

G Suite has a feature called Vault. Vault archives all the email in and out of an account, even if you delete them. This feature is mainly used for compliance issues, like for example if you are a bank and your employee email is hosted by Gmail, all the communication are stored in this vault, so if there was ever a reason to audit a conversation, the business would have access to the communications. The vault is only accessible by the admins of the main account. How about adding a layer or two.

Personal vaults.

Let’s say I send an email to a coworker, I happen to be working with an environment where sensitive data is often exchanged. As I receive an email, it is archived to my vault, and if deemed necessary by corporate governance, archive to the company vault. The vaults are not associated with my general email login information. The vault does not have the ability to email to or from (maybe some mechanism to forward a conversation but only within the organization’s firewall).

My personal email box is set so that… let’s say in 7 days (or a predetermined time allotment)  those emails are removed from my account and only available by accessing the vault.

So what does this mean? One, if your account is hacked, there is only a certain amount of data that can be breached. Two, it keeps your inbox pretty tidy. Yes, it has some drawbacks that old email is no longer on your device and there is an extra step to find said emails, but it seems a small price to pay for security.


My not so smooth move to Google Apps for Business

Last week we finaly decided to make the move to gmail. Our current email server has been humming along for the last 4 years, it was only a matter of time before something was going to go wrong. We have been using a combination of our own IMAP server running on a G4, yes a G4 xServe and Microsoft’s Frontbridge for spam and virus protection. Initially the transition was smooth, a few DNS changes and we were up and running on gmail, sweet. Then came the migration of my 15 years of email, not a problem Google has a tool for that, it did take a while (hours), I had 10gb of mail (I delete a lot, sorta my workflow). Everything looked OK when I logged in from a web browser. Then the fun started, I opened my Mac Mail program, created a new account for my gmail and let the IMPA synch begin.

I left for some dinner, when I arrived back, I had a message that I ran out of disk space, I panicked a bit since some years ago I had a similar experience and my MacBook was never the same. I quickly dumped a bagillion pictures to my backup (I have been meaning to do that anyway) and let the sync finish. But I was curious, I knew I had about 10gb of mail, and when I started the sync, I checked and I had about 25gb available on my drive, hmmm something is not right so I started digging around to locate the culprit.

First I did a i on my old IMAP and the new gmail IMAP directories, wow gmail was 3x larger! (gmail on the left)

Pretty strange! so more exploration, looking around my Mac Mail app I noticed this,

Ah-ah, that makes sense, well sorta, why would Google have 3 copies of the same email, it’s tripling my mail? and upon a little further looking, I found that emails were sometime 4x and 5x repeated (mostly due to some messy old filtering on my part). wow. Not very Googley. I did a little thinking and in a bold move I selected the migrated “Lable” in my browser based email and deleted the reference to that label, re-synced from the Mac client and low and behold my gmail box fell to 20gb.

Why did this happen, well I have no idea why there is a migrated folder for the email, that’s a Google thing (and customer service did inform us to hide the label, 3 days after we filed a ticket). As the years evolved using email, thru many different clients, I created a lot of sub directories on my old IMAP server, this at the time, was a good way of dealing with hundreds of email a day, I had filters that would move junk, 2nd, 3rd and 4th level email messages so the the primary important stuff was findable.

Google while they support IMAP, does not work the old way, the approach to IMAP is by creating lables, and you can use filters to apply lables, but the messages never get moved into subdirectories. The apple mail client is configured to work like the older style IMAP servers and would make a copy of the emails in your gmail Inbox into the subdirectories, leaving a copy in your Inbox and then duplicating the “migrated” and “allmail” labeled emails into those subs, as well as making additional copies into your other IMAP subdirectories.

So when I have some time I am going to remove most of the older IMAP folders and replace them with Mac Mail smart filters, I have used smart filter pretty much exclusivly for the last few years, but still left the old folder structure inplace, just because. Then I plan to create similar filters to match the desktop client.

Yeah some may say why use the desktop client, for me, it is still a lot faster to scan and delete (a workflow I have been using for a long time) in the client than in the browser. maybe over time I will change my workflow to browser only.

Mystery solved.

My Advice, once the migration of your email is complete, clean up any of the IMAP directories using gmail in your browser, remove the migrated label (I haven’t removed the “allmail” label yet) and then sync, it will save you a massive headache and time.

Update, I also made these recommended settings from Google