SurgeMail At Rest encryption feature

The AtRest encryption feature allows individual users to encrypt their mail messages when they are stored 'at rest' on the mail system.  All messages in all folders are encrypted using a public encryption key, and decryption can only occur when the system has your actual password so it can use the private decryption key.  The password is never stored on disk so neither the administrator or Netwin or any external agency can decode the messages without having your password.

To enable AtRest encryption first the administrator must enable the feature
    g_atrest_enable "true"

Then the user must login via http://your.server/cgi/user.cgi and click on 'At Rest' on the left hand panel and enable encryption, at this time the user must provide their current password to ensure they really do know it!

Advantages of At Rest encryption

Disadvantages of at rest encryption.

Limitations, what it cannot protect you from

Recovery Code

At the time the user enables encryption they are given a recovery code, this is also emailed to the user.  The user should print and save this code, if the users normal password is lost or forgotten then it's the only mechanism by which they can reset their password without loosing all their messages.