Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.
Email is prone to disclosure of information. Most emails are currently transmitted in the clear (not encrypted) form. By means of some available tools, persons other than the designated recipients can read the email contents.
Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send.
With the original design of email protocol, the communication between email servers was plain text, which posed a huge security risk. Over the years, various mechanisms have been proposed to encrypt the communication between email servers. Encryption may occur at the transport level (aka "hop by hop") or end-to-end. Transport layer encryption is often easier to set up and use; end-to-end encryption provides stronger defenses, but can be more difficult to set up and use.
One of the most commonly used email encryption extensions is STARTTLS . It is a TLS (SSL) layer over the plaintext communication, allowing email servers to upgrade their plaintext communication to encrypted communication. Assuming that the email servers on both the sender and the recipient side support encrypted communication, an eavesdropper snooping on the communication between the mail servers cannot use a sniffer to see the email contents. Similar STARTTLS extensions exist for the communication between an email client and the email server (see IMAP4 and POP3, as stated by RFC 2595). STARTTLS may be used regardless of whether the email's contents are encrypted using another protocol.
The encrypted message is revealed to, and can be altered by, intermediate email relays. In other words, the encryption takes place between individual SMTP relays, not between the sender and the recipient. This has both good and bad consequences. A key positive trait of transport layer encryption is that users do not need to do or change anything; the encryption automatically occurs when they send email. In addition, since receiving organizations can decrypt the email without cooperation of the end user, receiving organizations can run virus scanners and spam filters before delivering the email to the recipient. However, it also means that the receiving organization and anyone who breaks into that organization's email system (unless further steps are taken) can easily read or modify the email. If the receiving organization is considered a threat, then end-to-end encryption is necessary.
The Electronic Frontier Foundation encourages the use of STARTTLS, and has launched the 'STARTTLS Everywhere' initiative to "make it simple and easy for everyone to help ensure their communications (over email) arent vulnerable to mass surveillance." Support for STARTTLS has become quite common; Google reports that on GMail 90% of incoming email and 90% of outgoing email was encrypted using STARTTLS by 2018-07-24.
Mandatory certificate verification is historically not viable for Internet mail delivery without additional information, because many certificates are not verifiable and few want email delivery to fail in that case. As a result, most email that is delivered over TLS uses only opportunistic encryption. DANE is a proposed standard that makes an incremental transition to verified encryption for Internet mail delivery possible. The STARTTLS Everywhere project uses an alternative approach: they support a preload list of email servers that have promised to support STARTTLS, which can help detect and prevent downgrade attacks.
In end-to-end encryption, the data is encrypted and decrypted only at the end points. In other words, an email sent with end-to-end encryption would be encrypted at the source, unreadable to service providers like Gmail in transit, and then decrypted at its endpoint. Crucially, the email would only be decrypted for the end user on their computer and would remain in encrypted, unreadable form to an email service like Gmail, which wouldn't have the keys available to decrypt it. Some email services integrate end-to-end encryption automatically.
Notable protocols for end-to-end email encryption include:
OpenPGP is a data encryption standard that allows end-users to encrypt the email contents. There are various software and email-client plugins that allow users to encrypt the message using the recipient's public key before sending it. At its core, OpenPGP uses a Public Key Cryptography scheme where each email address is associated with a public/private key pair.
OpenPGP provides a way for the end users to encrypt the email without any support from the server and be sure that only the intended recipient can read it. However, there are usability issues with OpenPGP it requires users to set up public/private key pairs and make the public keys available widely. Also, it protects only the content of the email, and not metadata an untrusted party can still observe who sent an email to whom. A general downside of end to end encryption schemeswhere the server does not have decryption keysis that it makes server side search almost impossible, thus impacting usability.
The Signed and Encrypted Email Over The Internet demonstration has shown that organizations can collaborate effectively using secure email. Previous barriers to adoption were overcome, including the use of a PKI bridge to provide a scalable public key infrastructure (PKI) and the use of network security guards checking encrypted content passing in and out of corporate network boundaries to avoid encryption being used to hide malware introduction and information leakage.
Transport layer encryption using STARTTLS must be set up by the receiving organization. This is typically straightforward; a valid certificate must be obtained and STARTTLS must be enabled on the receiving organization's email server. To prevent downgrade attacks organizations can send their domain to the 'STARTTLS Policy List'
Most full-featured email clients provide native support for S/MIME secure email (digital signing and message encryption using certificates). Other encryption options include PGP and GNU Privacy Guard (GnuPG). Free and commercial software (desktop application, webmail and add-ons) are available as well.
While PGP can protect messages, it can also be hard to use in the correct way. Researchers at Carnegie Mellon University published a paper in 1999 showing that most people couldn't figure out how to sign and encrypt messages using the current version of PGP. Eight years later, another group of Carnegie Mellon researchers published a follow-up paper saying that, although a newer version of PGP made it easy to decrypt messages, most people still struggled with encrypting and signing messages, finding and verifying other people's public encryption keys, and sharing their own keys.
Because encryption can be difficult for users, security and compliance managers at companies and government agencies automate the process for employees and executives by using encryption appliances and services that automate encryption. Instead of relying on voluntary co-operation, automated encryption, based on defined policies, takes the decision and the process out of the users' hands. Emails are routed through a gateway appliance that has been configured to ensure compliance with regulatory and security policies. Emails that require it are automatically encrypted and sent.
If the recipient works at an organization that uses the same encryption gateway appliance, emails are automatically decrypted, making the process transparent to the user. Recipients who are not behind an encryption gateway then need to take an extra step, either procuring the public key, or logging into an online portal to retrieve the message.
Continue reading here:
Email encryption - Wikipedia
- Encryption Software Market 2019 Size, CAGR Status, Key Players, Growth Analysis and Forecast to 2026 - The Market Publicist - December 2nd, 2019
- Global Encryption Software Market Industry Analysis and Forecast (2018-2026) - Daily Research Stack - December 2nd, 2019
- Fortinet took 18 months to strip software of flawed crypto cipher and keys - The Daily Swig - December 1st, 2019
- Mobile Encryption Market Competitive Research And Precise Outlook 2019 To 2025 - The Market Publicist - December 1st, 2019
- NordPass: Get rid of password stress. Forever. - EE Journal - December 1st, 2019
- Apple patents anti-snooping technology that would stop police from tracking locations and messages - Stock Daily Dish - December 1st, 2019
- Encryption Software Market Research Report by Geographical Analysis and Forecast 2017-2027 - Kentucky Reports - November 28th, 2019
- Encryption Key Management Software Market : Industry Research, Growth Trends And Opportunities For The Forecast Period 2019-2029 - News Description - November 28th, 2019
- iStorage cloudAshur is named: Security Innovation of the Year at the UK IT Industry Awards 2019 - ResponseSource - November 28th, 2019
- Database Encryption Market Analysis Report by Product Type, Industry Application and Future Technology 2025 (International Business Machines... - November 28th, 2019
- The IT Guide to Enforcing Full Disk Encryption Windows Edition - Security Boulevard - November 28th, 2019
- Why The FBI's Former Top Lawyer Now Embraces Encryption - Law360 - November 28th, 2019
- Big Boom in Cloud Encryption Market over 2019-2026 with CipherCloud Inc., Hytrust Inc., Gemalto NV, IBM Corporation and more - Market Expert - November 28th, 2019
- Encrypted Flash Drives Market Size, Growth, Global Industry Analysis, Share, Segments and Forecast 2019-2024 - Space Market Research - November 28th, 2019
- Encryption Software Market 2019 Global Industry Status, Segment by Region, Type and Future Forecast To 2026 - Financial News - November 28th, 2019
- FBI worried about criminals having unfettered access to encryption technology - KTVI Fox 2 St. Louis - November 23rd, 2019
- What Is End-to-End Encryption? Another Bulls-Eye on Big Tech - The New York Times - November 23rd, 2019
- Think of the children: FBI sought Interpol statement against end-to-end crypto - Ars Technica - November 23rd, 2019
- Security Expert Comments On NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - ISBuzz News - November 23rd, 2019
- Global Hardware-based Full Disk Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report... - November 23rd, 2019
- Moniker makes a statement with The Encryption EP - The Untz - November 23rd, 2019
- Global Mobile Encryption Market By Industry Business Plan, Manufacturers, Sales, Supply, Share, Revenue and Forecast Report 2019-2024 - BeetleVersion - November 23rd, 2019
- NSA Publishes Advisory Addressing Encrypted Traffic Inspection Risks - BleepingComputer - November 23rd, 2019
- Encryption Key Management Software Market Research Report: Market Analysis on the Future Growth Prospects and Market Trends Adopted by the... - November 23rd, 2019
- Microsoft Windows 10 To Natively Support DNS Over HTTPS Encryption And Obfuscation Technique Making Internet Traffic Monitoring Near Impossible -... - November 23rd, 2019
- Import EFS File Encryption Certificate and Key (PFX file) in Windows 10 - TWCN Tech News - November 23rd, 2019
- What Is Homomorphic Encryption? And Why Is It So Transformative? - Forbes - November 19th, 2019
- FBI Recruits Interpol to Condemn End-to-End Encryption - WebProNews - November 19th, 2019
- Is encryption to blame for WhatsApp snooping? - Livemint - November 19th, 2019
- BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups in the field - Security Boulevard - November 19th, 2019
- Astonishing Growth in Global encryption software market size was valued at USD 2.98 billion in 2018. It is projected to post a CAGR of 16.8% from 2019... - November 19th, 2019
- Encryption Software Market Overview, Latest Analysis and Future Forecast 2019 2025 - Markets Gazette 24 - November 19th, 2019
- With end-to-end encryption, we wouldn't be able to listen in even if we wanted to, says Facebook's Stan Chudnovsky - Mumbrella Asia - November 19th, 2019
- Microsoft Jumps on the DoH Train Company to Introduce Encrypted DNS - Computer Business Review - November 19th, 2019
- Global Mobile Encryption Technology Market 2018 Manufacturers, Types and Application, Analysis History and Forecast 2025 - Galus Australis - November 19th, 2019
- Hardware Encryption Market Growth Forecast Analysis by Top Manufacturers, Regions, Product Types and Application (2019 - 2026) - News Obtain - November 19th, 2019
- The Best Encryption Software for 2019 | PCMag.com - October 21st, 2019
- What is data encryption? - October 19th, 2019
- USB Enforced Encryption - Endpoint Protector - October 19th, 2019
- Authenticated encryption - Crypto++ Wiki - October 19th, 2019
- Tinder's Lack of Encryption Lets Strangers Spy on Your ... - October 19th, 2019
- 'Without Encryption, We Will Lose All Privacy': Snowden ... - October 18th, 2019
- Security pros reiterate warning against encryption backdoors - October 18th, 2019
- Encryption - servicepro.wiki - October 18th, 2019
- Mozy Encryption - October 18th, 2019
- Optical Encryption Market Size, Share, Trends and Forecast ... - October 18th, 2019
- MySQL Enterprise Transparent Data Encryption (TDE) - October 18th, 2019
- What is Encryption? - Definition from WhatIs.com - October 17th, 2019
- How to Set Up BitLocker Encryption on Windows - October 2nd, 2019
- Encryption: What It Is, and How It Works for You | Tom's Guide - October 2nd, 2019
- Security Encryption Systems | HowStuffWorks - October 2nd, 2019
- What is The Difference Between Hashing and Encrypting - October 2nd, 2019
- How Encryption Works | HowStuffWorks - September 5th, 2019
- encryption - How secure is AES-256? - Cryptography Stack ... - June 2nd, 2019
- The World's Email Encryption Software Relies on One Guy, Who ... - May 5th, 2019
- Encryption breakthrough could keep prying eyes away from your ... - May 5th, 2019
- What Is Data Encryption? Definition, Best Practices & More ... - May 1st, 2019
- IronClad Encryption Partners with Data443 Risk Mitigation ... - April 30th, 2019
- What Is Encryption? An Overview of Modern Encryption ... - April 30th, 2019
- Symmetric vs. Asymmetric Encryption What are differences? - April 29th, 2019
- Difference Between Hashing and Encryption - ssl2buy.com - April 29th, 2019
- What is Advanced Encryption Standard (AES)? - Definition ... - April 29th, 2019
- How to Encrypt Your Wireless Network - Lifewire - April 29th, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 ... - April 22nd, 2019
- What is Encryption, and Why Are People Afraid of It? - April 8th, 2019
- Data encryption | cryptology | Britannica.com - April 8th, 2019
- How to Enable Full-Disk Encryption on Windows 10 - April 1st, 2019
- After Paris, Encryption Will Be a Key Issue in the 2016 Race - March 27th, 2019
- Does Encryption Really Help ISIS? Heres What You Need to ... - March 27th, 2019
- AES and RSA Encryption Explained - March 27th, 2019
- Encryption: What it is and why its important - Norton - March 23rd, 2019
- Authenticated encryption - Wikipedia - March 19th, 2019
- Email Encryption Options for MDaemon Email Server - March 14th, 2019
- How to Encrypt Files on Windows - Tutorial - Toms Guide - March 6th, 2019
- Encryption, Key Management - bank information security - March 5th, 2019
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019