New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Btw I set this thread to sink. It kind of got a semi-mild necro and I don't like encouraging positive mxroute threads to stay toward the top. It doesn't help me maintain the image to go along with my attitude, which is that I am not admin here for profit.
My main complaint is that if I set up multiple user accounts for email on a domain, then I can access all the accounts and read everyone's mail. If I'm doing a project with some friends and create mailboxes for them, I'd want to be locked out of those mailboxes. I can do that with fastmail, migadu, gandi, etc. but currently not with mxroute. That's a significant use case so I'd be interested to know if it can be fixed through the cpanel api.
Will there be a custom panel in say 3-4 years time?
Security theater. Even google apps will let you get into the accounts, they just have a different path and set of steps to do it. You could get into and/or take over those email accounts and you know it. You own the domain, you can absolutely do this. You're just adding a step at most. Anyone expecting otherwise while using email on a domain owned by someone else is exceptionally naive. There must ALWAYS exist a level a trust between the client and the domain owner in such a relationship. Playing a game of security theater to make them think they're totally secure and that you could never take over their email account is dishonest. Are you hosting email for other people on your own domain and telling them this? Because an extra step that is available to you at your discretion is not a layer of security.
I mean let's say you're truly using a system with security above all of the usual names people recognize, maybe something that heavily encrypts the email and even the host themselves have no way of getting you into the account. So you change the MX records and make a new account, you now own their path to password resets, etc. That's assuming an above average situation, I guarantee not the situation you're dealing with at the hosts you mentioned. I'm thinking more like lavabit.
But how to make this more equal (aka the same but different) via API is easy. New front-end panel that doesn't have a feature to drop into the webmail of your email accounts. Firewall off direct cpanel access and require all data to flow from the new front end panel. You don't have to build the features, you benefit from their updates and support, and you get a custom interface
Hope so
Thanks Jarland!
I've never used google apps. I don't know how I could get into user accounts at fastmail or at my home isp (I don't control the domain of the latter). I'm presuming they get their password recovery somewhere I don't control. Fastmail also supports 2FA and I don't know what happens on the admin side if they use that.
On migadu it looks like I can reset user passwords, but since I wouldn't know the old password, the user would at least be locked out of their account and know something was up: I couldn't silently monitor them. Or if I changed the DNS, I could intercept messages that came later, but not get at old ones.
I guess there's advantage for this purpose of having the email domain controlled by the host. Fastmail offers this, my home ISP doesn't offer anything else afaik. Migadu and Mxroute require users to supply their own domains unless something changed recently.
@willie in most of these systems the support staff/sysadmins would be able to read your email if they really wanted to.
They'd probably get fired (Gross misconduct) and possibly even taken to court over it, only time they're really likely to be looking is if they get a legal demand (warrant/court order) to hand over the data and even then It wouldn't surprise me if all they do is package up anything that fits the required time period and hand it over to whichever law enforcement agency requested it.
Now in an enterprise setting yes admins can access email and yes they might do it if instructed by HR or someone senior enough, but then if you are using your company provided email for personal stuff that's your fault as it will say in the contracts you signed that they're allowed to do this.
Sure, but why would they want to? They have millions of users who they don't know or care anything about, and they are up to their ass in work, so they have better things to look at random users' email.
Compare that to my situation, where I give my buddy Bob a mailbox under my MXRoute account, and then Bob starts dating Alice who I think is pretty hot, and you see where this going. Bob is emailing Alice and even if I don't look at the email, Alice and I might coincidentally end up in the same place at the same time, and Bob knew through emailing Alice that she was going to that place on that day, so he suspects I'm reading his mail even if I'm not. It's obvious that I might have an interest in doing so, and that I have the ability.
That's why I'd rather not have the ability.
Just an update.
It's been over two years with @Jarland and MXRoute and things are still amazing.
Just paid my renewal a few days ago and looking forward to another 12 months with MXRoute
I think it's a 1 man show , support ticket is still open... ! https://ibb.co/nP0Hrx