A common situation in my life is the following: a small-ish organization consisting of somewhere from 3 to 50 people need some type of way to be reached as a group. The current solution is to have an email adress, normally with a password that is shared in some way among the trusted subset of members that need to be able to access the email directly.
The solution isn’t great for multiple reasons:
- Sharing a password among multiple people isn’t great, 2FA is tricky
- Most email communication are readable by the email provider, unless PGP is correctly used. For most people, PGP is non-trivial to use correctly, and meta-data will not be encrypted even with correctly used PGP.
But it has the following upsides:
- A single stable address to reach the group
- Communication is gathered in one place, searchable, possible to for multiple members to track communication with someone that has reached out.
- Easy to use from any device anywhere
Ideally we’d like all of these things: sensible access controls, some level of transparency within the org regarding who has responded to what messages, an address that is easy to share with people outside the group, minimal (meta)data accessible by the providers, and easy to use across devices.
How do you handle this? What would your recommendation be? I have considered setting up a Signal account, but having multiple signal accounts on a single device is non-trivial, as is setting it up on a new device, meaning that probably each group would need a single dedicated device, which isn’t super practical.
The purpose of the email addresses tends to be something like contact@example.com - it’s the central place outsiders contact the org. A common way to work with it would be that emails are checked during the orgs weekly/monthly meeting, incoming emails are discussed, and someone is tasked with writing a reply with the group’s response to the email. I haven’t seen mailing lists being used for this type of thing, but I guess that could be a solution for the password sharing, but at the cost of having individual email addresses in-house - some type of individual accounts would probably be necessary either way to get away from the whole shared passwords situations…
The appeal of Signal is that it’s managed and has some level of security by default. My impression of securely configuring email, in particular on someone else’s hardware, is that it is very technically challenging, but it’s also not something I’ve ever attempted. Would you say my impression is correct?
I’m slowly also realizing that this is probably also a key requirement for a lot of these orgs: they do not have dedicated IT people or a lot of cash. A lot of the time there’s someone with some IT interest, but rarely with time or interest in long term admin-ing.
Hmm yeah, I thought this is about organisation internal discussion. Of course if it is just a mailbox for outsiders to use, you could just configure some forwarders so that multiple people get the emails and can respond from their own account if necessary.
Selfhosting email specifically is quite hard. Not so much technically, but because of how a few large providers have cornered the market and drop most self-hosted emails reaching them with the excuse of fighting spam.
Hosting a forum that requires login credentials (incl. 2fa etc.) is quite easy though. But I guess that wouldn’t work as a way for outsiders to contact you.
Right, forwarders solves the password issue, but the encryption issues remains. Any thoughts on how to handle that? PGP in my experience is non-trivial to set up correctly, and even when correctly setup does not protect metadata.
I played with something in Zoho before. Forgot what it actually named. In essence, you create a group, then you add members to that group. The group would have an email address. Anyone can send email into the address and everybody in the group will be notified (like forwarded). I believe members can also use the group address to reply.
Any thoughts on how to handle the encryption aspect here? :)
I don’t understand why you need encryption. It seems you are concerned about access control and metadata on the security side. If that’s the case, it is more advisable to host your own email server. However, be aware that once the email is sent, your recipient email system may be hosted by other email providers that you might not desire. You can reduce the metadata leaks by using encryption, but as you are aware, not everybody kin to use it. And to be effective, it must be used by both sides.
The issue you’re describing is why I’m not keen on email, and why I mention Signal as an alternative I’ve considered - Signal is a user-friendly way of ensuring both encryption and that meta-data isn’t accessible to providers on either end unless someone’s device is compromised.
The reason I’m interested in encryption is that I want a higher baseline of security for these orgs. In a changing political landscape it is hard to say what may become sensitive over time. Hypothetically, if one of these orgs is distributing contraceptives internationally we want neither meta-data about who is contacting them nor message contents to be accessible to providers. Since encryption is a pain with email we can assume both are accessible to providers when using that. Ideally I want encryption to be an easy default for both the orgs and the people contacting them.
Say your organization is doing something like Amnesty International (at least sounds awlful lot similar to me), you want a solution that
Am I correct? To be honest, it is quite a tall order. I can’t really think of a solution right now. Email is definitely out of the question because you can’t hide who is sending and receiving the email.
Thank you for this - yes, I understand that this is a tall order, but I also can’t help but think that most of these requirements are fairly common individually?
As for address stability, it would be good to have a point of contact that’s easy to put on a website or flyers or whatever.
Thinking aloud here, I guess one option could be to have a signal account and a setup similar to what is described under the ‘Start Your Own Announcements-Only Service on Signal’ heading here: https://crimethinc.com/2024/05/27/the-sunbird-how-to-start-an-announcements-only-thread-on-signal-and-how-organizers-in-austin-used-one-to-coordinate-solidarity-with-palestine to be able to check the incoming messages from multiple devices. I guess some level of tech-savviness would be needed for the setup of multiple Signal accounts on a single machine if people are using their own hardware, but otoh it also means minimal setup for people contacting the organization. If more than five (max number of linked signal devices) people are responding to messages, group chats with the incoming user, the org account and the account of the person responding could be setup for searchability etc. This solves some problems but creates others…
This is a reality of any software. Those requirements exists by themselves or in some combinations, but once you want them all, the difficulty grows exponentially.
The Sunbird model works. Their model isn’t that hard to replicate, and have the steps laidout for you to copy. However, it doesn’t offer some perks you want with limitations. For example, you can only have 5 devices linked to 1 Signal account. There is no 2FA, fine grained access control, nor audit log. The search functionality is not particularly good.
There are ways to overcome those limitations but you will need some tech savvy dude with proper security backgroud/training to design, implement, and manage that. It steps into semi-custom developement and integration, and be warned, it is hard to done right, especially anything with security.
Use a distribution list?