Protects against the following threat(s):
The email clients we recommend support both OpenPGP and strong authentication such as Open Authorization (OAuth). OAuth allows you to use Multi-Factor Authentication to prevent account theft.
電子郵件不提供前向保密
當使用端到端加密( E2EE )技術(如OpenPGP )時,電子郵件仍然會有一些未在電子郵件標頭中加密的中繼數據。
OpenPGP 也不支援前向保密,這意味著如果你或收件人的私鑰被盜,所有以前用它加密的訊息都會被曝光:[如何保護我的私鑰?考慮使用提供前向保密的媒介:
跨平臺¶
Thunderbird¶
Thunderbird 是一個免費、開源、跨平臺的電子郵件、新聞組、新聞提要和聊天(XMPP、IRC、Matrix)客戶端,由Thunderbird 社區開發,之前由 Mozilla 基金會開發。
建議配置¶
We recommend changing some of these settings to make Thunderbird a little more private.
These options can be found in → Settings → Privacy & Security.
Web Content¶
- Uncheck Remember websites and links I've visited
- Uncheck Accept cookies from sites (1)
- You may need to keep this setting checked when you're logging in to some providers such as Gmail, or via an institution’s SSO. You should uncheck it once you log in successfully.
Telemetry¶
- Uncheck Allow Thunderbird to send technical and interaction data to Mozilla
Thunderbird-user.js (進階)¶
thunderbird-user.js
is a set of configuration options that aims to disable as many of the web-browsing features within Thunderbird as possible in order to reduce attack surface and maintain privacy. Some of the changes are backported from the Arkenfox project.
平臺特定¶
Apple Mail (macOS)¶
Apple Mail is included in macOS and can be extended to have OpenPGP support with GPG Suite, which adds the ability to send PGP-encrypted email.
For those using macOS Sonoma
Currently, GPG Suite does not yet have a stable release for macOS Sonoma.
Apple Mail has the ability to load remote content in the background or block it entirely and hide your IP address from senders on macOS and iOS.
Canary Mail (iOS)¶
Canary Mail is a paid email client designed to make end-to-end encryption seamless with security features such as a biometric app lock.
Downloads
警告
Canary Mail only recently released a Windows and Android client, though we don't believe they are as stable as their iOS and Mac counterparts.
Canary Mail is closed-source. We recommend it due to the few choices there are for email clients on iOS that support PGP E2EE.
FairEmail (Android)¶
FairEmail is a minimal, open-source email app which uses open standards (IMAP, SMTP, OpenPGP) and minimizes data and battery usage.
Downloads
GNOME Evolution (GNOME)¶
Evolution is a personal information management application that provides integrated mail, calendaring and address book functionality. Evolution has extensive documentation to help you get started.
Downloads
K-9 Mail (Android)¶
K-9 Mail is an independent mail application that supports both POP3 and IMAP mailboxes, but only supports push mail for IMAP.
In the future, K-9 Mail will be the officially branded Thunderbird client for Android.
Downloads
警告
When replying to someone on a mailing list, the "reply" option may also include the mailing list. For more information see thundernest/k-9 #3738.
Kontact (KDE)¶
Kontact is a personal information manager (PIM) application from the KDE project. It provides a mail client, address book, RSS client, and an organizer.
Mailvelope (瀏覽器)¶
Mailvelope is a browser extension that enables the exchange of encrypted emails following the OpenPGP encryption standard.
NeoMutt (CLI)¶
NeoMutt is an open-source command line email reader for Linux and BSD. It's a fork of Mutt with added features.
NeoMutt is a text-based client that has a steep learning curve. It is, however, very customizable.
標準¶
**請注意,我們所推薦專案沒有任何瓜葛。 ** 除了 標準準則外,我們還發展出一套明確要求以提出客觀建議。 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。
最低合格要求¶
- Apps developed for open-source operating systems must be open source.
- Must not collect telemetry, or have an easy way to disable all telemetry.
- Must support OpenPGP message encryption.
最佳案例¶
最佳案例標準代表了我們希望從這個類別的完美項目應具備的功能。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。
- Should be open source.
- Should be cross-platform.
- Should not collect any telemetry by default.
- Should support OpenPGP natively, i.e. without extensions.
- Should support storing OpenPGP encrypted emails locally.