Now that I have Thunderbird as my main email client (see my previous post), I started thinking about PGP.
Now, why would I be doing this?
At work, we received this memo from the Ministry of Education:
Some schools have recently received phishing emails with requests to change employees’ bank accounts, pay invoices or purchase gift cards. The email will appear to come from a known sender’s email address, such as the principal of the school, but the reply address may be a public email such as gmail or yahoo. You may then receive an apparent email confirmation. Phishing emails lure victims into disclosing sensitive information, releasing money or installing malware. They appear to be from a legitimate source and often request the recipient to click on a link or provide additional information. These types of scam emails are often difficult to spot as they appear to be coming from someone you know.
Which got me thinking, how do my recipients know that the email that purports to come from me ... actually is from me?
Which, of course, got me on to PGP. Basically, I wanted to be able to send emails using a PGP signature so that recipients would know it's from me. Then, if any spam arrives looking like it's from me, my contacts would know it's not.
Using Thunderbird, this is very easy. I installed an add-on called Enigmail, which is absolutely brilliant. It allows you to create your keys, publish the public ones to key servers, and encrypt and/or digitally sign your emails.
Which is all well and good, but I also access my mail through the Gmail web interface, and the Gmail Android app. What I wanted was a seamless workflow, so that all email that I send or receive that is encrypted can be decrypted anywhere.
What I've settled on (after much testing!) is FlowCrypt.This comes as a web extension for both Chrome and Firefox, and as a stand-alone mail app for Android. This allows me to use TB as my main email app, but also gives me the freedom to be off the laptop and still able to access and send encrypted email. The setup was fairly straightforward, as I was able to export my keys from Enigmail and import them into FlowCrypt.
The last app I installed was OpenKeychain. This is a stand-alone encryption/decryption app which I can use without having to be writing an email. I can encode text or files and email them without any hassle. It also decrypts the PDP attachments in the Gmail app by simply clicking on them, which is nice.
The next step, of course, is to get my colleagues and other email contacts to start using PGP. That will be the real challenge ...
Thursday, 19 September 2019
Friday, 23 August 2019
Thunderbird (yes, an Email Client in 2019)
Over the last couple of weeks I've been working on getting Thunderbird working with my Gmail. Why? Well, I realised that I had reached a point after using Google Apps (now GSuite) for over 10 years, I had totally moved to living in the cloud. Which, in terms of actually doing stuff, is fantastic. But what if ... what if Google servers died? What if the cable coming into New Zealand was chopped and we lost our international internet feed? What if I wanted offline backups of everything?
I've been using Insync on Linux for a number of years now to do exactly that, mirror my Google Drive onto my laptop and automatically converting the docs into something that a "real" app can read (it was OpenDocument, it's now MSOffice for reasons I'll go into in another post). And that works well. Whenever I backup my laptop, all my Google Drive gets backed up to.
But what about my emails?
Years ago (before July 2008) I was using Thunderbird as my email client. It was open source, worked well, and more importantly was cross-platform. So I've decided to use Thunderbird as my email client once more, mainly to have a backup of my Gmail "somewhere sensible".
On the way, I've come across a number of different ways of doing this, and I've taken what I thought was the best of a few different ideas, and put them together for a way that works well for me. Hopefully, this will help some people out there too.
If you're like me, you have thousands of messages just ... "there". No labels, just there waiting to be searched for. To get all these messages into TB, we need to give them all labels. Happily, there is a quick search that will allow us to do this fairly easily.
However, first we need to turn off conversation mode in Gmail (in the settings). We want to label individual unlabeled emails with a label so TB can find them.
Once you've done that, enter the following search into Gmail:
This will find all email that you have received that does not already have a label. Now click on the "select all" checkbox, then click on "select all conversations that match this search", then label all of these with "Archive".
We now have to do the same with the Sent mail. The search this time is
Same as before, select all the messages, then apply the label "My Sent Mail".
Phew! That's all done now, time to hit TB ...
Once that's done, there are quite a few changes to make from the defaults.
What I did change on the server settings was to move the message to the Bin (Trash) when it was deleted. This is immediate, and ensures that mail is always deleted when I delete it.
I did try with the Auto-expunge options and have this set to "just mark it as deleted", but I always either had email simply archived, or left set as "deleted" and never ... deleted. This way works. (Also, since the Bin is being synced, I can also go there and un-delete email.)
Here is where my main changes were made.
The default is to have TB do nothing with sent mail. This is because Gmail will always give any mail you send the "Sent" status, so it appears in the Sent label. If you have that syncing, it will come back to TB, right?
Well ... sort of. The problems I was having were related to the fact I wanted the whole conversation together in TB. If I selected the "place replies in folder" option, I would sometimes have just one copy of my sent email in a conversation ... but sometimes, two. Which was annoying, to my mild OCD.
Also ... if I moved a message out of Sent into (say) the Inbox, it "lost" the Sent status in Gmail. Moving it back into Sent did not give it back it's sent status, so it was lost from the sent view in Gmail. Annoying.
My solution was to ignore Gmail's Sent folder completely. I basically give every Sent emal a label ("My Sent Mail"), which means TB knows where the copy is to go, and it still ends up as a labeled message in Gmail's Sent view. Same with replies that are moved into the same folder as the message. It works well for me.
Since I am not syncing "All Mail", Archived messages have to "go" somewhere else, hence the "Archived" label I created in Gmail.
I just left Draft and Templates as their default settings.
Last (but by no means least), make sure the mail is actually being copied to your computer!
My workflow is as follows now:
I've been using Insync on Linux for a number of years now to do exactly that, mirror my Google Drive onto my laptop and automatically converting the docs into something that a "real" app can read (it was OpenDocument, it's now MSOffice for reasons I'll go into in another post). And that works well. Whenever I backup my laptop, all my Google Drive gets backed up to.
But what about my emails?
Years ago (before July 2008) I was using Thunderbird as my email client. It was open source, worked well, and more importantly was cross-platform. So I've decided to use Thunderbird as my email client once more, mainly to have a backup of my Gmail "somewhere sensible".
On the way, I've come across a number of different ways of doing this, and I've taken what I thought was the best of a few different ideas, and put them together for a way that works well for me. Hopefully, this will help some people out there too.
What's wrong with the defaults?
There are a few things "wrong" with the default way both Gmail and Thunderbird are set up by default to work together. Here are the things that annoyed me:- Deleting emails in Thunderbird didn't delete them. I only found this out after trying to work out why my "All Mail" folder wasn't losing messages when I deleted them. In Thunderbird, using the defaults means deleting is the same as "remove all labels and archive".
- Using All Mail caused duplicate messages in conversation view. After using Gmail's conversation view for years, I still want to. But having All Mail there just makes it unnecessarily convoluted when Thunderbird displays the conversation.
- Sending or replying to mail made conversations broken. I'm so used to having the whole thread together, it was annoying to have to keep opening messaging in "Conversation View" to view my replies.
Configure Gmail
IMAP
I started by turning on the IMAP setting in Gmail. This allows me to use Thunderbird in the same was as the Android app, and anything I do on the web is mirrored in TB. A couple of things while we're here:- I left the Auto-expunge option on. As detailed later, I configure TB to delete messages when I delete them (!), so this makes no difference.
- Once IMAP is on, head to Settings > Labels, and untick "All Mail" and "Sent". I left everything else on. (All Mail ends up copying all the emails twice, once for the labeled messages in folders and once for All Mail. Annoying.)
- Make a couple of new labels: "Archive" and "My Sent Mail" (you'll see why soon). Make sure the IMAP option is ticked for all the labels you want to see in TB.
Labelling Messages
Now that's all done, we can get on with the "real" work.If you're like me, you have thousands of messages just ... "there". No labels, just there waiting to be searched for. To get all these messages into TB, we need to give them all labels. Happily, there is a quick search that will allow us to do this fairly easily.
However, first we need to turn off conversation mode in Gmail (in the settings). We want to label individual unlabeled emails with a label so TB can find them.
Once you've done that, enter the following search into Gmail:
-has:userlabels -in:inbox -from:me -in:chats
This will find all email that you have received that does not already have a label. Now click on the "select all" checkbox, then click on "select all conversations that match this search", then label all of these with "Archive".
We now have to do the same with the Sent mail. The search this time is
in:sent -has:userlabels -in:inbox
Same as before, select all the messages, then apply the label "My Sent Mail".
Phew! That's all done now, time to hit TB ...
Configure Thunderbird
The first thing we need to do is to add the Gmail IMAP account to TB. The wizard worked well for me, even though I have a GSuite custom domain email. It obviously queries the MX records and found the Gmail servers, so let me set it up as a Gmail IMAP account.Once that's done, there are quite a few changes to make from the defaults.
Subscriptions
I found the first thing to do is to check that the TB account is "subscribed" to folder changes. Right-click on the account in the folder pane, and follow your nose from there.Account Settings
Right, here is where my trial-and-error went. I'll do each option in the settings window separately...
Other than adding my standard signature here, I didn't change any of these settings.
I did try with the Auto-expunge options and have this set to "just mark it as deleted", but I always either had email simply archived, or left set as "deleted" and never ... deleted. This way works. (Also, since the Bin is being synced, I can also go there and un-delete email.)
The default is to have TB do nothing with sent mail. This is because Gmail will always give any mail you send the "Sent" status, so it appears in the Sent label. If you have that syncing, it will come back to TB, right?
Well ... sort of. The problems I was having were related to the fact I wanted the whole conversation together in TB. If I selected the "place replies in folder" option, I would sometimes have just one copy of my sent email in a conversation ... but sometimes, two. Which was annoying, to my mild OCD.
Also ... if I moved a message out of Sent into (say) the Inbox, it "lost" the Sent status in Gmail. Moving it back into Sent did not give it back it's sent status, so it was lost from the sent view in Gmail. Annoying.
My solution was to ignore Gmail's Sent folder completely. I basically give every Sent emal a label ("My Sent Mail"), which means TB knows where the copy is to go, and it still ends up as a labeled message in Gmail's Sent view. Same with replies that are moved into the same folder as the message. It works well for me.
Since I am not syncing "All Mail", Archived messages have to "go" somewhere else, hence the "Archived" label I created in Gmail.
I just left Draft and Templates as their default settings.
Last (but by no means least), make sure the mail is actually being copied to your computer!
Allow to Sync
I'd do this, then let TB spend some time sucking the mail across. In my own experience, trying to do too much while TB is syncing the mail makes it run slooow.My workflow is as follows now:
- I can read, reply to and send new emails in TB. Emails that are read in TB are marked read in Gmail. Deleted emails end up in the Bin in Gmail, replies and new emails appear in Sent on Gmail as well as under the appropriate labels.
- Working from the web, I just have to ensure that any new emails I send have a label on them before I send (otherwise they never get imported into TB).
Subscribe to:
Comments (Atom)