What is Evolution?

Evolution is the official personal information manager and mail client for the GNOME Desktop Environment. It is Free and Open Source Software, licensed under the GPL.

It is usually distributed with the GNOME Desktop Environment with linux, making it likely available either upon installation of a Linux distribution that uses GNOME, such as Ubuntu, or available via your distribution’s Package Manager. Evolution is also available for Windows.

Evolution includes support for email, calendar, address book, contacts, and GPG encryption.

Install Evolution

  • Debian/Ubuntu Linux: Most likely, evolution is already installed. If not, sudo apt install evolution
  • Windows: Download and install the windows version.

Setup a New Account in Evolution

  1. Start Evolution (e.g. Press Alt+F2 and enter: evolution)
  2. If you’re running Evolution for the first time, you will be asked if you want to restore your settings from a backup file, if you have one.
  3. Enter the name you wish to have appear in the From field to your email recipients along with your email address. You may also choose to make this your default account in Evolution.
  4. Enter the following information to receive email for a riseup.net account:
    Server Type: Choose either IMAP or POP. What is the difference between IMAP and POP email servers? %>
    Server: mail.riseup.net
    Use Secure Connection: TLS is recommended
    Authentication Type: Password
  5. The next screen has 4 sections. Connection to Server and Folders can be safely ignored. Enter how often you want evolution to automatically check for new emails in minutes in the Checking for New Mail section, or unchecked to only check for email when you manually instruct Evolution to do so. The Options section allows you to apply spam filtering to your incoming email and to automatically keep local copies of your email to enable disconnected access (applies to IMAP only).
  6. Enter the following information to receive email for a riseup.net account:
    Server Type: SMTP
    Server: mail.riseup.net
    check Server requires Authentication
    Use Secure Connection: TLS is recommended for security reasons (StartTLS and SSL are easily compromised).
    Authentication Type: PLAIN
    username: foobar
  7. Give the account you’re creating a name. This is only used for your reference when managing multiple accounts in Evolution and is not disclosed to recipients of your emails.
  8. Click Apply

You’re finished! You now can use Evolution to send and receive email through Riseup’s servers.

Enhance your email security

  • Don’t enable secure passwords or secure authentication. These are somewhat of a misnomer. These methods of specifying passwords require that the email server keep a cleartext copy of your password. We would consider this a security risk, so we don’t enable “secure passwords.” Because the connection to riseup.net is encrypted anyway, these are not needed.
  • Encrypt your mail! For enhanced message security use Encrypted Email.
  • The secure connection may be of type TLS or StartTLS. For security reasons, we no longer support SSL. You should not use StartTLS. Instead, it is much better to use regular TLS. For added security, go to your account settings and change your connection type from StartTLS to TLS.
  • There are many vulnerabilities with how secure connections work. If you need high security, you should always connect to Riseup services using the Riseup VPN. This will prevent a long list of potential attacks against your communication.
  • To enhance connection security you can use Tor to connect to Riseup’s .onion services for IMAP and SMTP. Look for the according mail.*.onion and smtp.*.onion addresses on the linked page and replace mail.riseup.net for each server. Note: * SMTP port 465 is often blocked by exit nodes, but port 587 is less frequently blocked. If you have a problem sending mail, try port 587 or configure your client to use Riseup’s email hidden service in place of the regular mail.riseup.net domain. This is better than sending traffic through a Tor exit as it is MITM resistant, but it will generate certificate errors on the client side.

Setup OpenPGP Encryption in Evolution

All that’s necessary to work with encrypted emails in Evolution is to tell Evolution the OpenPGP KEY ID for your account and then to select encryption every time you send an email.

  1. First, Generate a OpenPGP Key pair, if you haven’t done so already.
  2. Go to EditPreferences
  3. In the Mail Accounts section, select the account you wish to link to your OpenPGP key and press the Edit button.
  4. Click the Security tab.
  5. Enter your OpenPGP KEY ID (See the Howto on OpenPGP Keys to find your KEY ID). Select Always encrypt to myself when sending encrypted messages; this encrypts the copy saved in your Sent folder on the email server with your own key so you are able to decrypt it later. UNCONFIRMED!!! Always trust keys in my keyring when encrypting enables you to communicate with people in your keyring whose keys you haven’t signed. You can ignore the Secure MIME section. Please note: “Always sign” is not the same as “Always encrypt”; signing an email is different from encrypting it and does not make the message unreadable to third parties.
  6. Click OK

You are now able to encrypt and decrypt emails in Evolution!

Send Encrypted emails

  1. Compose a new email
  2. Select SecurityPGP Encrypt

The email you’re composing will now be encrypted upon being sent! You can always verify that your email is going to be encrypted by going into the Security menu and seeing if there’s a checkmark next to PGP Encrypt.

Unfortunately, there currently doesn’t appear to be any way to enable encryption by default either globally or per contact, meaning that every time you want to encrypt an email to someone, you have to go to Security → PGP Encrypt to enable encryption, otherwise your email will be readable by third parties.