Are residential mailboxes secure enough?

Are residential mailboxes secure enough?
Mailbox FI 2
The most common in post-Soviet space is a mailbox, made in the form of a rectangular box, which is attached to the fence near the gate or the wall near the front door of the country house. Letters and correspondence enter the mailbox through a horizontal slit at the top of the item, and the contents are removed by opening its bottom, door or lid. Such a box is made of metal and less often of wood. It is most convenient to attach standard letterboxes to the fence so that the postman can easily deliver his correspondence. Also such a mail box is suitable for apartments. In this case it can be attached directly to the door. Historically, a street letterbox for a home in Europe or America has a radically different look. In these countries, mailboxes are used not only for receiving but also for sending letters. If the box contains letters to be sent, they are picked up by the postman and taken to the post office, after which they are delivered to the recipients. Accordingly, in order for the postman to see that there is mail in the box that needs to be delivered, some kind of sign had to be invented. In America, the issue was resolved with a checkbox. There is a small checkbox attached to the side of each mailbox – if it is omitted, it means there are no mails to be sent, but if the checkbox is raised, the postman must look inside. In addition, in western countries, a street mailbox is not attached to a fence or wall, but mounted on a lawn near the road, using a vertical support.
The shape of an ordinary American letterbox is like a horizontal container with a semicircular lid. In recent times, however, it has been rare in America to find a standard mailbox shape. The fact is that many American states hold annual competitions for the most original mailbox, which residents prepare with the utmost care. Therefore, in these states you can see mailboxes made in the form of animals, fairytale characters or even grand garden sculptures. A slightly different but no less interesting design of the best locking mailbox is used in the UK. Residents of this country try to adhere to stylistic unity in everything, so the characteristic English letterbox resembles a miniature house made of bricks or made of any other materials. In the UK, a street letterbox for cottages or houses is installed directly on the ground. Since in this country the territory of the country house is very rarely fenced, the box is near the front door.

Often, the mailbox belongs to the citizen who owns the housing to which the box belongs. In this case, any act of vandalism or layout of advertising leaflets at the request of the owner will be prosecuted. Naturally, a citizen will take care of his property and treat it accordingly, maintaining its reliability and appearance … . And as the fixed capital in any HMO is owned by the state, the management of this organization certainly not to the mailboxes. Although recently the homes have been transferred under the management of management companies, organizations – the situation with mailboxes also remains relevant.

Many residents of apartment buildings, in the nineties, wanted to protect the entrance, mailboxes, which in fact did not belong to them – from encroachments on them, through the installation of intercoms, organization of watch in the entrances. The first to fail was the organized watch, which instead of protecting the owners’ mailbox, slept in the workplace, and those who worked, in an era of rapid economic growth, considered their wages unworthy and left, so the watch in the entrances is now rare.
Intercoms also showed their second weak points. Everybody hoped that only they had the keys and nobody would get into the entrance except them. But it wasn’t so cloudless. Teenagers, who are most often vandals to the mailbox under some pretext call the residents of the entrance and ask for help to get into the entrance. The same is true for advertisers. Sometimes they just wait for someone to open the door and walk through it unobstructed – and here your mailbox is in their hands. You have to admit, if the people in the driveway were to be careful, some of them wouldn’t get to your mailbox. But even in this case, some of them would still have gotten to it, because in your entrance there is sure to be some “grandmother” ready to always help everyone and everything.


P.O. BoxWhat’s the attitude of the residents on “attempts” on their mailbox?

If with acts of vandalism everyone is clear and everyone understands that without radical changes in society, in the minds of young people this problem is not eradicated, then about the advertising that is placed in the mailbox every day – the residents have different views, but almost 90% of them negative.

According to a sociological survey conducted among the residents of Kazan, the question: How do you feel about the daily delivery of advertising in your mailbox?

The following answers were received:

  • 50% of respondents answered: – The mountains of advertising garbage that are placed in our mailbox are simply annoying.
    However, when asked, “Do you try to avoid the brand that your mailbox advertised? – 65% gave a clear answer of “yes.”
  • 30% of those surveyed said: – I consider it categorically unacceptable to send advertising leaflets to our mailbox, because several times along with this “trash” threw away important documents for us.
  • 15% of respondents said: – I think it’s necessary to be more polite about it and close your eyes to the fact that the heap of advertising that got into our mailbox, may be a potential burglar to say that you are away.
  • 5% of respondents said: – We need to get used to it, we live in a highly competitive environment and advertising is another source of information for a potential buyer.

As we see, there are not many people who approve of this type of mailing in their mailbox – only 5%. It turns out that advertising customers and performers work more for the “paper mill”, if for their own purposes.

Really, nothing protects my mailbox?

  • Strange as it may seem, the law says everything clearly, it just is not executed or is not executed in full.
  • Sending advertising via mailboxes cannot be banned in any way, because the state’s attitude towards this kind of advertising is not reflected in the “Law on Advertising”. But according to the Postal Communication Act.
  • Do not think that we do not pay anything in this case. To perform all this list of services, we pay a certain amount per month, which is included in the line of rent called: “Entrance service.”
  • Therefore, we have every right to apply to the court: either to return the funds or to demand that we perform our duties. Apparently, only in this case will our mailbox please us every day.

How secure is e-mail?

How secure is e-mail?
Today we are talking about an infrequently touched but important topic – how secure are such communications and how to protect themselves when using email? We present you the best answer given by Bill Franklin, a former employee of Lavaboom’s secure mail service (the project closed in summer 2015).

Are there any secure email services, and what makes popular emails different in this regard?
E-mails are inherently unsafe. It was created for personal correspondence, but in reality emails are not much safer than a postcard.

Franklin says that when he sends an email from Oxford to a friend in San Francisco via Gmail to Yahoo! Mail, the message can be intercepted at least 7 times: on the sender’s computer, when it’s sent to a Gmail server, when it’s sent from Gmail to Yahoo! Mail, when it’s sent to a friend’s computer and finally to the recipient’s computer. Everyone knows that the chain is as strong as its weakest link, so even if both messengers do their best to secure their computers, they’ll still have to rely on Gmail and Yahoo!
White Email

Who might need to hack into a mailbox


Who might be interested in accessing someone’s mailbox? First of all, these are government organizations, the postal service provider and cybercriminals. Of course, there is no way to hide the mail from the mail service, the average user is also unlikely to be able to resist hackers. However, if Gmail has access to your account, then the U.S. National Security Agency (NSA) also has it. And if NSA embeds a backdoor in the mail service, it can also be used by cybercriminals. Thus, the user needs to protect his account from all three groups of “interceptors” because if one of them gets access, the others can get it.

The reasons why they might want to hack into an email account:

  • Government agencies: mass surveillance and obtaining data on individuals;
  • Gmail: Scanning keyword letters for advertising;
  • Hackers: Sending spam, stealing bank data, stealing personal information – the list is limited only by the ingenuity of hackers who find new ways to make money using stolen personal information.

Below is a diagram by information security researcher Brian Krebs – it clearly shows that the average user’s mailbox is much more valuable than you might think.

Weak spots

Weak spots

There are many ways to intercept email at the seven access points listed above. Franklin explained how this could be done in his example. The fastest (this method takes about an hour) is to hack into the Cardiff base, where the transatlantic phone cable starts, install a node to intercept the email and wait for it to be sent.

The U.S. Homeland Security Agency has the ability to access the email box at all seven access points. And according to articles by Jacob Appelbaum and Glen Greenwald, NSA collection activities are not limited to these.

The cost of the program is about $20 million per year.

PRISM is a surveillance program launched by the U.S. National Security Agency (with the participation of the UK Government Communications Center), which is used, inter alia, to intercept emails. The largest email providers Microsoft, Yahoo! and Google were among the first to participate. And yet e-mail remains a more popular means of online communication than Facebook or any other service. So its importance for intelligence agencies is obvious. So, when sending an email, you must assume that it will end up on PRISM servers or other similar programs where “employees” can read it.

In addition to technical shortcomings in email security, we may also consider laws that protect the privacy of its users. A huge number of users send emails from US email services such as Gmail.

  • After 180 days, your emails on U.S. mail servers become the property of the United States.
  • Research has shown that 55% of U.S. employers read the emails of their employees.
  • It’s worth reading the story of the now discontinued Lavabit service, which was used by Edward Snowden. We can conclude that it is impossible to hide any email while it is on the server of an American company.
  • Read Glenn Greenwald’s “Hide Nowhere” series of reports.

Metadata, or simple data about data, is important. For example, the matadata of this response to Quora is the time it was published, the author’s details, how long he’s been on the site, the location, the browser he uses, his computer details, local time… in general, the list is quite long. There is even more metadata in the e-mails. The whole Internet is overflowing with it, and it is probably even more valuable than the data itself. In his stunning presentation “How the NSA betrayed the trust of the world – time for action” Mikko Hyppönen discusses the importance of metadata.

When you send an email, all metadata is sent with it. When you reply or forward an email, you automatically forward all the metadata from a previous email. For example, if more than one person is sharing an email, using any of the above capture methods, any interested person can easily access the whereabouts of all the people in the email, as well as learn the topic of the discussion without even reading the content of the email. You can read more about this in the material entitled “What metadata of your emails can tell NSA”.

It is also worth mentioning that by sending an email to Gmail, even if you are not a customer of Gmail, you automatically provide Google with all the information – and you do not need to accept its terms of service (which include reading your email). The same goes for other US email services.

How to keep your mailbox secure


So, all of the above basically says that e-mail is insecure, data and metadata can tell a lot about you, and it is impossible to save yourself from invasion of your privacy. But it’s not that hopeless. As Edward Snowden said, “The times when protecting the privacy of citizens was completely dependent on the state are a thing of the past. We no longer have to ask the government for privacy, that’s our right.”

“All intelligence agencies – absolutely everyone – are afraid of simple and safe communication tools,” says Jacob Applebaum.

Asymmetric encryption is the most secure and simple solution, but there’s more. All you have to do is take a few simple steps to significantly improve the security of your email communications.

Step 1. Encryption

Pretty Good Privacy (PGP) is a program that makes the content of emails meaningless to everyone but the sender and the recipient. It is suitable for some very easy to use email clients. More details about it can be read here.
Step 3: You should not trust the postal provider.

Opting out of U.S. mail services is a good start, but ideally you should use mail providers with zero-disclosure. Zero Disclosure means that the server does not have access to the source data. You can find more information about this here.
Step 2. You shouldn’t use American emails.

When choosing a postal service, you should also consider the geographical factor, but you should not rely on it entirely. In Germany and Switzerland, for example, privacy laws are more effective than in the US or UK. It is therefore safer to use mail clients in other countries, such as Korean Naver.
Step 4: Mail on your server (it’s not that difficult)

Running your own mail server is not as difficult as it seems. This way, you can reduce the risk of hacking into your email account. This means that the user himself will administer his own mailbox and if someone needs to retrieve its contents, they will have to create a backdoor for that particular server. The likelihood that someone will need you is not very high.