- The security of the connection between you and the Expiry.com email service.
- The security of the connection used between the Expiry.com email service and other email services.
- Securing the content of your email in addition to 1 and 2 above.
1. Between You and Expiry.com
If you are using the Expiry.com Webmail, any email that you send or receive between your computer and the Expiry.com servers will be encrypted whilst it is transferred. This is the case for email you send and receive. Similarly, if you are using an email client such as Windows Live Mail, Outlook, Thunderbird or Apple Mail with our secure.Expiry.com server, then your email will be encrypted whilst it is transferred between your computer and our servers. Your email is not currently encrypted while stored on our servers, but the servers are located in a high security facility in Kelowna, Canada.
2. Between Expiry.com and other Email Services
Whenever our servers send and receive email for you, they will try to use a secure encrypted connection with the email service used by the other person. Our server “asks” the server at the other email service if it can accept a secure connection. If it “replies” saying it can, then the transfer of your email will be done over a secure encrypted connection. This prevents your email being read even if it is intercepted during transmission. If the receiving server is unable to support a secure connection then email will be transferred using the usual protocols that all email services can use. Unless you have encrypted the content of your email (see part 3 below), it is possible that if it was intercepted during transmission that it could be read. Expiry.com has no control at all over whether other email services use secure connections, so whilst this is a very useful facility provided by Expiry.com (and some other email companies) it is not something you can rely entirely on to keep your email private. In addition, Expiry.com has no control over how the people you correspond with connect to their email service.
3. Securing/Encrypting the Content of your Email
The only way to ensure that your messages are completely private is to encrypt the content of each message before you even send or receive it through Expiry.com. This means you are not relying on any technologies Expiry.com or other services employ, and your message will remain private and secure between you and the people you correspond with. To do this you will need to use some kind of encryption system such as PGP (Pretty Good Privacy). When using this you and your recipient will both need to generate encryption keys that you use to send email to each other. Keys are used to encrypt messages before emails are sent from your computer, and then used to decrypt the messages once they have arrived at their destination computer. PGP is very secure and as far as the industry knows has not been compromised. However, the need for senders and recipients to both use encryption keys means it is not very convenient and therefore most people do not bother to use PGP or other similar methods. Expiry.com is planning to integrate PGP in to our services to facilitate the use of this kind of security.