Integrating E-mail: From the Intranet to the Internet
By Simon Collin
Secure Electronic Mail
Secure Electronic Mail
In a standard installation, any user sending a mail message to another user on the network or Internet is sending a plaintext copy of the message that any competent expert could intercept and read with little difficulty. The same applies for attachments that are sent in their plain file format without encryption.
The security measures at a mail server often are so feeble that it would be embarrassing to the system manager if users realized how easy it is for messages to be read. For example, messages will be stored temporarily on the mail server before being forwarded, and they generally are stored in plaintext format. If a message does not reach its destination, it will be bounced back and sit on the mail server, again in plaintext format.
With the relative ease of access to mail messages, it is essential for any company that handles sensitive information or would like to provide private channels of communication to adopt a secure mail policy. Four main techniques can be employed to secure your electronic mail transfers:
1.
Encrypt the mail message body (not the header with its destination) and any attachment using a third-party encryption scheme such as PGP. The recipient will need to run the message through the decryption tool to read the original message.
2.
Use a secure mail client that implements encryption and authentication technology such as S/MIME. This is a good standard for e-mail transfers but does require an authenticated certificate.
Copyright Simon Collin 1999 under license agreement with Books24x7