Pin Me

How Secure is Email?

written by: Bruce Tyson•edited by: Jean Scheid•updated: 2/1/2011

Email is a common form of communication, yet tales of compromised email correspondence are in the news, affecting everyone from the rich and powerful to the ordinary computer user. Here we answer the question, "How secure is email?"

  • slide 1 of 2

    Email Overview

    Email consists of messages composed on one computer, uploaded to a server, and then either stored on that server for retrieval byAROBAZE  the recipient, or transmitted to another server where the message is stored until retrieved. Email correspondence is often convenient because the sender and receiver of a message need not be online simultaneously in order to communicate. Unfortunately, email security issues leave many users vulnerable.

    Insecure Transmission Paths

    Email security can easily be compromised as it travels from one server to another. Much of the time, email is transmitted in plain text, without encryption, leaving it vulnerable to hackers with the ability to intercept it online. Also, because email messages are often routed through multiple routers and servers, message footprints are often left behind, allowing operators of those intermediary devices to snoop into the communications that have passed through them. Even when email is sent and received without any interference, the recipient can often glean important information about the sender such as IP address, geographic location, and service provider that can leave the sender vulnerable to attack.

    Hacking

    Email, like any other Internet server is vulnerable to hacking. A college student hacked an email account associated with Sarah Palin during the 2008 presidential campaign. In 2009, hackers obtained emails from "climate change" scientists that documented a significant amount of deception and fraud, exposing much of the global warming agenda as political theatrics.

    Email passwords can either be guessed or hacked by brute force attacks. "I forgot my password" links on Web based email services can expose vital clues to what a user's password may be. Computers left unsecured can be easily browsed by jealous spouses or competitive coworkers. Snooping software can be installed to send screenshots and keyboard strokes of a client computer automatically via email.

    Problems With Web Mail

    The advent of Web-based email has introduced even more questions about email security. Gmail, one of the world's most popular email services, has undisclosed policies regarding how long user emails are stored by the service, how willing it is to surrender user data to the government and to other corporations, and how well it secures user accounts from tampering by its own employees.

    In one famous case last year, a Google employee accessed the Gmail accounts of several minors and then used the information gained from snooping in their business to stalk them.

    Spam, Phishing, Viruses, and Worms

    Along with the vulnerabilities that are associated with the transmission of email messages, attachments that include viruses and worms can infect destination servers, email accounts, and host computers. Phishing messages aim to deceive users into thinking an email came from a reputable source, and spam email is a major problem that pummels users with miscellaneous sexual enhancements, weight loss products, investment schemes, and other pesky topics.

    Image Credit: Wikimedia Commons/Platonides

  • slide 2 of 2

    How Secure is Email?

    In its natural state, email is not very secure. It leaves every user vulnerable at multiple levels, putting virtually every user at risk. There are some steps users can take to make their email more secure, especially if they're wondering how secure is email?

    1. Use hardened email systems and networks. Corporate and government entities have systems in place for sending and receiving secure messages. Private users can use online services such as Hushmail and others to help reduce the risk of compromised messaging.

    2. Use encryption. Individual users who do not have the means to set up a secure system can encrypt their messages using PGP (or other) techniques to make sure that messages can only be read by their intended recipients.

    3. Use common sense. Passwords used to secure email accounts should be changed often and should be difficult to guess or memorize. Computers should routinely be scanned for viruses, worms, malware, and spyware. Users should be sure to use a product that will detect keyboard logging and screen capturing programs. Best of all, email users should send as little personal and sensitive information as possible through email.

    4. Test email security. Email users should read about ways to test email security so they can take steps to protect themselves.

    An awareness of the security issues and possible solutions should help email users to develop safer email practices. Unfortunately, email will likely remain vulnerable for the average user until encryption and other security solutions that do not interfere with everyday use are readily available.