How to secure an email account in a shared hosting environment

What is the best way to secure an email account so that even the systems administrator cannot read a user's email?

Here is the scenario I am facing:

I am the site administrator for a domain that is hosted in a shared Linux / Apache / Cpanel environment managed by  One of the email accounts for the domain I manage is used to send / receive confidential information that even I should not have access to.  Since I am the site administrator, I have full access to the system, so I can get in and view the files used to store the email messages.  Basically, I have the ability to snoop on other users if I want to.

Is there any way that this sensitive email account can be secured so that even I cannot view the emails if I desire?

Who is Participating?
Do the communications need to be via email?

I can send a message to my bank using its "secure messaging" service that is visible only after I log into my internet banking account.  

When they reply, I get an email to tell me that they've replied, and to see their message, I should log into my internet banking account again.  

Your confidential information could be transmitted in a similar system, with notifications that the messages are there ready and waiting for the right eyes to log in and see them.  I've never used it, but there's one called Kana that I found with a quick search - you could use their page to explain better to your customer what happens.

If you just want to remove your ability to see the messages, you could instead change the domain's MX records so that email doesn't pass through the cPanel server at all, and use an email system like either Fastmail or Google Apps - but that just means that some other admin somewhere else could look at the email if they so wished.
Dave HoweSoftware and Hardware EngineerCommented:
Not as such, no. at the worst case, if you were completely locked out of the email box, the email still has to get INTO that box, so you could intercept the mail in transit and take a copy at that point.

However, there are multiple good solutions for email encryption out there - it would be down to the user and his correspondents to use that securely though, and its hard going for most users.

there are two major standards for encrypted mail - s/mime (uses x509 certificates, usually uses the openssl libraries) and openpgp (uses a similar hybrid solution - commonly implemented using gnupg)

many thick client solutions come bundled with s/mime support - in fact, lacking it is the exception rather than the rule. openpgp support is less common, but there are plugins for many major thick clients (such as thunderbird)

webmail is not commonly associated with either. horde imp supports s/mime, squirrelmail has a gpg plugin, and there are browser plugins to add support to popular solutions, but that is no better than a thick client really.

Email itself however is rarely secure; even SMTPS is rare in the real world, with most email being sent unencrypted. If I really had to remove temptation, I would therefore implement a fully local solution, using a webserver, encryption (asymmetric), user logins, and so forth. while nothing can prevent later modification of such a system to allow access, It would at least be secure until tampered with (I would have suggested the hushmail approach there but given the twin and fatal flaws of
a) the current security problems with java and
b) that hushmail have been guilty in the past of deliberately compromising the security of users on receipt of an american court order,
That probably wouldn't go down too well :)
Have you tried calling site5 and explain your concern?  as the above experts stated, anyone that has physical access to the server will be able to gain access.  I am sure that your hosting company can assist you.  good luck
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

The service provider would just tell you to get free or paid email certain to encrypt the message traffic.  Even if SMTP is transmitted plain-text over port 25, the contents are already encrypted.

Users need to trade keys first.  So the first messages between users will be in the clear.  After that, it's up to the users to use a mail client that supports encryption.

For other mail that is not user-to-user, you should contact the third party.  Banks and insurance companies will have their own message systems that email alerts for you to login.
But, at some point, you must trust your admin...or find a new service.  What would stop an admin from generating and intercepting a password reset?  Or getting the link from a cert provider to download your email encryption key?
jbaird123Author Commented:
I decided that the easiest solution with the greatest flexibility would be to simply use Google Apps.  This works because I am able to make the person who needs the confidential email the only administrator.  

This solution is easier than the others because it does not require that the user implement encryption.
Dave HoweSoftware and Hardware EngineerCommented:
That should be ok, just bear in mind that the administrators at Google Apps can (and will, if given a court order by an American court) give the lot to whomever is holding the court order.
jbaird123Author Commented:
Thanks, Dave.
Does not require a court order any more.  NSL will do it without any oversight, and the ISP is threatened to not disclose the letter even exists.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.