Insecure email
April 14, 2008 2 Comments
Working for a number of clients, it’s surprising how many people assume that an email sent is secure by default. The number of people (including e-commerce providers) who feel comfortable sending (and requesting) credit card information via email is quite shocking…
It’s worth clarifying that sending an email is the digital equivalent of sending a postcard….anyone, on any number of the hops between the sender and the recipient, could read the contents of that email with relative ease, in the same way that if you sent a postcard, anyone en route between the sender and the recipient who handles that card could read the contents. Worse yet, there are methods of spoofing (pretending to be) the recipient mail server – causing all emails that are destined for the recipient to be captured then forwarded on without the recipient even knowing that this has happened….
There are methods of securing email, however – one of these is worth noting as a free solution – GNUPG http://www.gnupg.org/ and it is worth considering if you need to send any information that you feel is sensitive. GNUPG can be used for digital signing of emails (proving that the email is really from you) and also for the encryption of emails using a private key pair.
There are resources on the use of GNUPG on the site, and it can be used on a variety of platforms (Windows, Linux, Mac) etc.
Agreed. folks often take for granted that email is secure when in fact its pretty much the same as standing outside and shouting it to the whole world. Sadly even with the availability of free tools such as gpg the average user finds it so cumbersome that encrypted email is the exception rather than the norm.
GnuPG is also used in some Firefox plugins which enables you to send secure, encrypted emails.