Email is insecure but it doesn't have to be

Perhaps you've heard that e-mail is insecure. Do you know why it is considered insecure? Do you know how to secure your e-mail?

Many of the protocols involved with the sending and receiving of e-mail are not considered secure protocols, in the sense that they are vulnerable to eavesdropping. For instance, Simple Mail Transport Protocol (SMTP), the protocol used to route e-mail around the Internet, is typically implemented without any type of transport encryption. This means that unencrypted e-mail messages are viewable to anyone with the tools to eavesdrop on the network connections between mail servers. Post Office Protocol (POP) and Internet Message Access Protocol (IMAP), when implemented without transport encryption, suffer from the same eavesdropping problems as SMTP. Even when SMTP is implemented with transport encryption it does not, by default, require the authentication of e-mail message senders, therefore mail servers cannot be sure that the senders of messages are really who they claim to be. Even though POP and IMAP require users to authenticate themselves, messages are sent and delivered using SMTP. The result is a situation where the recipient of an e-mail message can be positively identified but the sender cannot.

In addition to the vulnerabilities of the protocols which are used to transport e-mail across the Internet, one must consider the potential vulnerabilities related to the storage of their e-mail messages. Most mail servers store messages on the hard drive in the same format in which they were received, and since the majority of e-mail is sent in plain-text anyone with the right privileges on the mail server can read the stored e-mail messages.

How can you be sure that the sender of an e-mail message is really who they claim to be? Have you ever thought about how easy it is to impersonate someone using e-mail? SMTP does not authenticate the sender of an e-mail message. Therefore, I (or anyone) can send an e-mail and claim to be anyone else. It is typically possible to identify the address of the computer which sent the message, but this still does not mean that it was really me using the computer to send the message.

How can you be sure that an e-mail message was not modified by a third-party before you received it? Since most e-mail is sent in plain-text and since most e-mail servers store messages in the same format they were received, it is trivial for someone with the right privileges to view and to modify e-mail messages which are not digitally signed or encrypted.

The plain-text nature of e-mail and the inability to authenticate the sender of a message make e-mail insecure. For these reasons, you should consider e-mail to be similar, from a security standpoint, to postcards. Postcards can be read by anyone who comes in contact with them. You would not send any sensitive information via postcard, nor should you send any sensitive information via unencrypted e-mail.

E-mail can be secured
SSL client certificates and the S/MIME standard can be used to secure your e-mail. SSL certificates and S/MIME provide the ability to digitally sign e-mail messages and to encrypt message contents, including attachments. Each SSL client certificate must be signed by a certificate authority (CA). With an SSL client certificate installed, you will be able to digitally sign e-mail messages as well as encrypt messages. By digitally signing messages, you will provide a method for recipients to authenticate your identity and verify that a message was not modified during transit. By encrypting a message you drastically reduce the probability that anyone other that the intended recipient can read your message.

Simply having an SSL client certificate installed and configured is not enough. The sanctity of your digital identity (the SSL client certificate) is only as good as the password (or pass phrase) used to protect it. Failing to set a password or using a weak password for your certificate can be worse than not having a certificate at all. Consider the impact of a unauthorized person using your computer to send digitally signed or encrypted e-mail messages using your identity. For this reason, special care should be taken to choose a strong pass phrase to protect your certificate. This is usually done when installing your certificate.