Gray Duck Mail

Easy to use email discussion lists

Important Security Concerns

Take the time to understand special security concerns with your installation of Gray Duck Mail


Gray Duck Mail stores email login credentials in a local database. These credentials are not encrypted. Additionally, the web administration interface has no concept of users or content segmentation. This means that anyone with access to the web interface will have access to the login credentials of each email discussion list, as well as the list users' contact information (name and email address) and message archive list (sender and message content).

Gray Duck Mail should ideally be placed behind a firewall with no external HTTP access. If exposed to the public internet, Gray Duck Mail should be served behind a reverse proxy serving SSL content paired with HTTP basic authentication.

The database files used by Gray Duck Mail are not encrypted and store all data in plain text. When making backups of the /database docker volume or exporting copies of the database, care should be taken to ensure that file access is restricted.