E-mail is insecure – fact or myth?

Security & Privacy

We all know that e-mail is insecure, right? Not to be trusted for anything important, right? Yes, that’s the common opinion about e-mail security. But is it correct? Is e-mail really as bad as we think? Let’s dig a bit deeper.

E-mail is one of the old-school services that we still use today. It was created during an era when the whole Internet was a trusted and secure environment, and cyber crime was science fiction. And as we can expect, the basic mail exchange protocols lack security almost completely. So our common mindset about insecure e-mail was definitively based on solid facts.

But times are changing. Snowden showed us that intelligence agencies really are taking full benefit of anything they can find on the net. And this has led to one of the most rapid change processes in Internet’s history, deployment of encryption. The core e-mail transfers still have glaring security flaws, but we are using protection at other layers. So the question about e-mail’s security is not that simple anymore.

But first we must define what security means. People tend to instinctively think confidentiality when we talk mail security. It means that sent and received messages shall remain confidential and not leak to outsiders. This is no doubt a central issue, but not the only one. And we must remember that confidentiality is more than just securing the message content. Metadata, information about whom we communicate with and when, may be as important and sensitive as the actual content.

The other central issue is integrity. Can I trust that a message I receive is correct and unaltered? And especially important for mail, can I trust that the sender really is the claimed one? Sender authentication, or lack thereof, is actually e-mail’s biggest integrity issue.

So how secure is e-mail today? First the simple part, integrity. No improvement on this front. It is still trivial to forge the sender field of a message. You can easily make it look like it came from any address, and direct replies to any e-mail you like. This is widely utilized by scammers and there’s no cure in sight. We just have to learn how to live with this and be suspicious about mails we receive.

But confidentiality? Here we have some quite significant progress. The actual mail transfer protocols, like POP, IMAP and SMTP, are still fundamentally insecure. But Internet traffic is to an increasing extent being sent inside encrypted “tunnels”. Protocols like SSL and TLS enable devices on the net to set up encrypted connections and exchange data securely. The e-mails you are sending and receiving are to an increasing extent transferred inside such virtual tunnels. Almost all connections between your own device and your e-mail server are already protected. And a large portion of the traffic between mail servers is also secured.

So what does this mean in practice? That depends a lot on who you are and what security needs you have. Let’s condense it into some simple pieces of advice.

  • Never trust the sender of an e-mail. It’s trivial to fake mails and scams based on this are very common. Spam filters catch some scams, but not all. So you need to learn how to recognize scam mails.
  • The e-mail servers are themselves pretty secure against cyber criminals. But you are usually the weakest link in the protection of your mails. Crooks may get access to your mail by using spyware on your device or breaking into your mail account with your password. Make sure your devices stay clean, learn to recognize phishing scams and use good passwords for your mail accounts.
  • Companies getting their revenue from marketing may want to scan your mail for interesting data to profile you. This may not be a direct threat, but this kind of profiling is disturbing at a principal level. Yes, Google and Gmail belong to this category.
  • Authorities can get your mail traffic from the service providers. How easily depends on the legislation in the country where your mail server resides. This is however not really a big issue for normal law-abiding citizens.
  • Network surveillance is not only used for fighting crime and terrorism. It’s also widely misused for other purposes, like industrial espionage. Never rely on plain e-mail for state secrets or information of significant business value.
  • E-mail is a commonly used carrier for malware attacks. Learn to be suspicious against attached files and links in mail messages.
  • You can use add-ons to encrypt the content of your mails. They are very secure if used in the right way, but typically leave your metadata open. The extra effort makes this an option mainly for those with special security needs. PGP and S/MIME are good examples.
  • Another approach if you need stronger security is to switch to a secure mail service altogether. As usual, there’s a lot info available on the net.

So we can conclude that the insecure e-mail is a myth to some extent. It’s definitively not a service for classified information. But private persons do in practice not have much to fear when using e-mail, at least not on the confidentiality front. Your mails may get in the wrong hands, but you can usually blame yourself if that happens. The leaks will likely be caused by a malware infection on your device, a weak password or you falling for a phishing scam. Not by weak security in e-mail itself.

You can easily make educated decisions about your private mail traffic. But it’s harder when you deal with organizations that are stuck in the e-mail security myth. My bank has a convenient function that sends me a mail notification when an electronic invoice is received. But the notification just states that I have a new invoice. It omits the important information, from whom and for what amount. So I’m still forced to log in to the bank and check it. I can’t even turn on detailed notifications as an option. And all this just “to protect me”. Fail! It’s OK to have the detailed notifications off by default. But preventing customers from turning them on is just stupid and bad customer service.

Same thing with our school’s system for communication with parents. The system supports mail notifications, but they are turned off for certain events that are considered sensitive. But these events are important and parents should react to them promptly. So the school is trying to solve a mostly imaginary problem, but don’t realize that they are creating a new risk at the same time. That parents miss important notifications. And that can be a far more severe threat to the children’s development than a leaked mail notification.

It’s always good that people are aware of security issues and takes them into account when planning systems. But this is an excellent example that there can be too much security. Never aim for total security, learn to know the threats and implement a suitable security level.

 

 

Safe surfing,
Micke

 

Image by Tony Webster

 

0 Comments

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You might also like