End-to-End Encrypted Emails

[johannes]

Gmail enterprise users can now send end-to-end encrypted emails: https://thehackernews.com/2025/04/enterprise-gmail-users-can-now-send-end.html
Is such a feature possible for DirectAdmin?

 

[Richard G]

DA is a hosting panel. Gmail is a specific e-mail service.
One could use an e-mail client like Thunderbird which has PGP build in.

In my opinion it's up to the appropriate software developpers to provide such option.
So not the hosting panel, but for example Roundcube, as that is the webmail system. Or Exim to put mails encrypted in the mailboxes, or the e-mail clients (like Thunderbird does), so customers can choose whether or not to use encryptions.

So that is why my choice was no. I wouldn't know what DA would have to do with it. DA is basically just a shell for other applications.

 

[kristian]

That gmail offering looks like just another "it's encrypted to everyone, but you need to use this special web service to read the encrypted version" solution. There's been many over the years. It's in my opinion a bad solution. Encrypted e-mail should stay in the e-mail client, such as already mentioned PGP. The downside of using PGP is that it's not as simple to get started with for end users.

 

[zEitEr]

Hello,

Is such a feature possible for DirectAdmin?

Why? Emails can be already stored encrypted on the server. PGP can be used by users on their sides (without much efforts) as mentioned by kristian and Richard.

But if you email somebody who does not have a key for a decryption, they can not read an email. What would you benefit here?

 

[Richard G]

without much efforts as mentioned by @kristian.

Not that it matters/changes anything, but it was mentioned by me. Kristian said the contrary, that it is not simple to start with.

 

[johannes]

Well, simply because a user asked me if we could offer mailservices as protonmail does. Easy for end-customers without knowledge about PGP.

 

[Richard G]

With Proton that is easier, but if I'm correct you have to use their app or webmail and if you want to use Outlook for example, you have to install Proton Mail bridge. So still extra's to configure while Gmail and other mailservices can be configured automatically.

Next to that, this is just like Gmail a special seperate mail service. Nice for customers who want to mail more safe/secure, but it's not DA's competence. DA is not a seperate mail service and this is not a simple customisation either.

DA is just presenting a GUI shell to configure other applications. So for these kind of changes, you have to be with those applications like Roundcube and Exim.

But I understand that some would like it.

 

[zEitEr]

Well, simply because a user asked me if we could offer mailservices as protonmail does

Dovecot can store emails in encrypted format, but it is no about End-to-End Encrypted Emails.

See:

The Mail crypt plugin [for Dovecot] is used to secure email messages stored in a Dovecot system. Messages are encrypted before written to storage and decrypted after reading. Both operations are transparent to the user.

In case of unauthorized access to the storage backend, the messages will, without access to the decryption keys, be unreadable to the offending party.

There can be a single encryption key for the whole system or each user can have a key of their own. The used cryptographical methods are widely used standards and keys are stored in portable formats, when possible.

More details: https://doc.dovecot.org/2.3/configuration_manual/mail_crypt_plugin/