who can read your email?

April 18th, 2010 by Sebastian Leave a reply »

Most people don’t care about email security but would be very mad if someone open their mail and copy it. Most of the people don’t know, that an unencrypted email is like a postcard – So who can read your email?

To answer that question you have to look at two different scenarios:

  1. You send an email to a colleague.
  2. You send an email to someone from a different domain.

The first scenario isn’t that scary:

Bob sends an email to his colleague Claire.

The only person (besides the recipient) that can read your email is your own administrator. Sure your own administrator you trust but what about it-service companies? Their consultants often have access to your mailbox too. Furthermore you should be aware, that your email-client (software you use to write emails) communicates over a secure protocol with your own mail server. Otherwise someone can read your email before it is even send.

The second scenario is more scary:

Alice sends an email to Bob, who is member of a different domain.

Here you have three people (besides the recipient) that can read your message:

  1. Your own administrator / it-service-provider.
  2. Someone in the middle (like employees of the company’s internet service provider or some hacker on the internet in general…).
  3. The administrator / it-service-provider of the recipients mail domain.

Beside that you should be aware of the email clients protocol again. If you use your phone to send and receive emails the security of the email clients protocol is important too.

Ok are you scared now? Don’t worry, there are some simple things you can do to improve the security of emails with confidential content:

  1. Be sure, that your email client is using an encrypted protocol to communicate with your email server – So you shouldn’t use pop3 or imap without encryption! And if you use a webmail client (like gmail), you should check if you use it with SSL encryption – You can see that in the address line of your browser: If there is a ‘https://’ it is secure if there is a ‘http://’ it is not secure.
  2. If you have to send confidential information via email, you should put the confidential stuff into an encrypted zip-file and attach the encrypted zip-file to the email. In that way you can be sure that only people with the knowledge of the decryption password can read the information.

For the second part you need a secure way to send the decryption password – A good way is to use a different medium (like text messages or a phone call). Another way is to put a little puzzle into your email – If you have a business card of the recipient you could for example write something like:

The decryption password are the first 8 characters of the 4th line of the backside of your business card.


1 comment

  1. limewire says:

    lol sweet stuff man.

Leave a Reply