Chapter 5
The Secure Email System

Secure email works exact­ly the same as ordi­nary email. The dif­fer­ence is your email pro­gram auto­mat­i­cal­ly encrypts the trans­mis­sion of a mes­sage so that nobody can read it from the time it leaves your email pro­gram until it gets to your email serv­er. In oth­er words, at any point in the path from your email pro­gram to your email serv­er (i.e., your email ser­vice provider’s email serv­er) that a hack­er inter­cepts your mes­sage, the hack­er will not be able to read the mes­sage because it’s trans­mit­ted secure­ly. RMail Inbox is an exam­ple of a secure email sys­tem.

Next, your secure email serv­er sends your mes­sage over the inter­net to the recipient’s email serv­er. Most secure email sys­tems will first try to send a mes­sage to the recipient’s serv­er through a secure trans­mis­sion. Whether this is pos­si­ble, how­ev­er, entire­ly depends on set­tings on the recipient’s email serv­er over which you (the sender) have no con­trol. In fact, you don’t even know. Once your mes­sage leaves your email serv­er, you have no con­trol over it unless you use RMail Mes­sage-Lev­el encryp­tion (read Chap­ter 9). See Fatal Flaws below for a fur­ther expla­na­tion.

Half Secure

When your email gets to your recipient’s email serv­er it’s only nor­mal email beyond that point and is not nec­es­sar­i­ly encrypt­ed. What hap­pens after that depends on your recipient’s email sys­tem. Since most peo­ple don’t have secure email sys­tem, it like­ly that the remain­der of the email path is unse­cure and sub­ject to hack­ing.

Thus, you might say that by using a secure email sys­tem such as RMail Inbox, your email is half-secure or secure halfway (unless you use RMail Mes­sage-Lev­el encryp­tion).

How­ev­er, it’s impor­tant to note that it’s your half of the email path that’s secure. That pro­tects you send­ing and receiv­ing emails as much as pos­si­ble. You’ve done the best you can do to keep your email secure with­out using a spe­cial encryp­tion ser­vice, such as RMail Mes­sage-Lev­el encryp­tion.

In Some Cases

But that’s not the last word. If the recip­i­ent has a secure email ser­vice as well as you, your email mes­sage may trig­ger secure trans­mis­sion between the two email servers. Your mes­sage will, there­fore, go auto­mat­i­cal­ly encrypt­ed along the entire email path from your email pro­gram to the recipient’s email pro­gram. But read Fatal Flaws below.

Gmail

Gmail is a secure email sys­tem. If you use RMail Inbox and the recip­i­ent uses Gmail, your email mes­sage will the­o­ret­i­cal­ly go over the entire email path encrypt­ed.

In Other Cases

Anoth­er sce­nario is that the recip­i­ent has the same secure email ser­vice provider as you do. That means that your mes­sage nev­er leaves the provider’s email serv­er. It goes from your email pro­gram to your email serv­er (i.e., your email ser­vice provider’s email serv­er, which hap­pens to be the recipient’s email serv­er too) to the recipient’s email pro­gram encrypt­ed all the way. But see Fatal Flaws below.

Secure email ser­vices, although avail­able, are not wide­ly used. They are typ­i­cal­ly spe­cial ser­vices that cost a pre­mi­um over nor­mal email ser­vice. And many nor­mal email ser­vices are free, such as Hot­mail (Out​look​.com Mail), giv­ing folks an incen­tive not to use an email ser­vice that they have to pay for.

The cur­rent excep­tion is Gmail, which turned into a secure email sys­tem recent­ly. Note, how­ev­er, that Google data mines the email that pass­es through the Gmail email serv­er, which is a type of secu­ri­ty breach itself (read Chap­ter 17).

The inter­net is migrat­ing toward greater secu­ri­ty, and more major ser­vices can be expect­ed to be con­vert into secure email sys­tems.

Fatal Flaws

There are sev­er­al prob­lems with the secure trans­mis­sion SSL/TLS secure email scheme.

1. When a mes­sage arrives at the email serv­er from the sender through a secure trans­mis­sion, it is not encrypt­ed after arrival. At that point, those who admin­is­ter the email serv­er (the staff of the email ser­vice provider) can see the unen­crypt­ed mes­sages of cus­tomers. And if a hack­er gains access to the email serv­er, the hack­er can also see or even cap­ture the unen­crypt­ed mes­sages of the cus­tomers.
2. When the sender’s email serv­er sends a mes­sage to the recipient’s email serv­er, the two email servers nego­ti­ate how the mes­sage will be sent. If both of the servers are secure (using TLS), the sender’s email serv­er will send the mes­sage through a secure trans­mis­sion (using TLS). If the recipient’s email serv­er is not secure, the sender’s email serv­er will send the mes­sage unen­crypt­ed. But, in fact, not all secure email servers are con­fig­ured to receive an encrypt­ed mes­sage, even though they have the capa­bil­i­ty. And not all secure email servers use TLS. And some email servers may not be work­ing prop­er­ly. These facts cre­ate a lot of unknowns leav­ing reliance on TLS alone unre­li­able, as a prac­ti­cal
3. When a mes­sage goes from the sender’s email serv­er to the recipient’s email serv­er over the inter­net, it is par­tic­u­lar­ly vul­ner­a­ble to inter­cep­tion. If unen­crypt­ed, there is no secu­ri­ty. But in some cas­es, the mes­sage is vul­ner­a­ble because the sender’s email serv­er can be tricked into con­clud­ing that the recipient’s email serv­er is not able to receive the trans­mis­sion even though it can. In the case of an inter­cep­tion, the interceptor’s (hacker’s) soft­ware can nego­ti­ate with the sender’s email serv­er to send the mes­sage unen­crypt­ed rather than through a secure TLS trans­mis­sion. This is called a TLS down­grade attack. A hack­er can sim­ply down­grade the secu­ri­ty of the mes­sage trans­mit­ted over the inter­net (from encrypt­ed to unen­crypt­ed) and then inter­cept it and read it.
4. Peo­ple using TLS secure email sel­dom, if ever, know exact­ly what will hap­pen on the path of a mes­sage between sender and recip­i­ent. In oth­er words, they nev­er know for sure whether the mes­sage is real­ly secure.

Con­se­quent­ly, the secu­ri­ty of a secure email sys­tem based on TLS is not hack­proof. Even though it’s not hack­proof, how­ev­er, it’s bet­ter than no secu­ri­ty; that is, it reduces sub­stan­tial­ly the risk of being hacked.

Note that the RMail email encryp­tion ser­vices return a use­ful Reg­is­tered Receipt email record that may serve as proof of the fact of encrypt­ed deliv­ery. This is par­tic­u­lar­ly use­ful if a sender is lat­er accused of trans­mit­ting some sen­si­tive infor­ma­tion in the clear even though they actu­al­ly encrypt­ed it.

Office Email System

Email has enjoyed uni­ver­sal use, pri­mar­i­ly because every­one has easy and inex­pen­sive access to it. A small office (or even your home) can as eas­i­ly afford an email sys­tem as a large enter­prise can. And while we think of email as a means of com­mu­ni­ca­tions between our­selves and the out­side world, the truth is that email has also become a plat­form for the inner-office memo.

In oth­er words, peo­ple with­in an office, whether small or large, com­mu­ni­cate with each oth­er via email sim­ply because it’s a con­ve­nient and inex­pen­sive inner-office memo sys­tem. Con­se­quent­ly, it’s not unusu­al for you to send an email to the per­son in the office next to you, even a mes­sage with dig­i­tal doc­u­ments attached. The result is that email mes­sages become a record of how you have inter­act­ed with oth­er peo­ple in your orga­ni­za­tion, as well as how you have inter­act­ed with out­side clients, cus­tomers, ven­dors, orga­ni­za­tions, etc.

So keep­ing Chap­ter 2 in mind, let’s trace how an email mes­sage goes from your email pro­gram to the email pro­gram of the per­son in the office next door to you. First, it goes to your wire­less router. Then it goes across the inter­net to your email provider’s email serv­er. Then, it comes back across the inter­net to your wire­less router. From your wire­less router, it goes to the recipient’s com­put­er and email pro­gram, even in the office next door. This being so, when you send an email to your cowork­er, it’s trans­mit­ted local­ly twice and goes across the inter­net twice. (If you don’t have a wire­less router but instead have a router that works with net­work cables, it’s not trans­mit­ted local­ly twice, but it still goes across the inter­net twice.)

As you can see this is a lot of vul­ner­a­bil­i­ty for an in-office memo sys­tem. See Chap­ter 4. One way to defend against this vul­ner­a­bil­i­ty, of course, is to set up your router prop­er­ly as out­lined in Chap­ter 19. Anoth­er way is to sim­ply use net­work cables instead of Wi-Fi. But what­ev­er you do about local trans­mis­sions, that still leaves two trans­mis­sions across the inter­net that are vul­ner­a­ble.

Now, sup­pose you use a secure email sys­tem with RMail Inbox being the prime exam­ple. That means every­one in your office uses RMail. By using RMail Inbox your email mes­sages are auto­mat­i­cal­ly encrypt­ed from your email pro­gram to the RMail email serv­er, and they don’t leave the RMail serv­er except to return encrypt­ed to your office. Thus, an inner-office email (memo) still goes across the inter­net twice, but it goes across encrypt­ed. Any­one inter­cept­ing it can­not read it.

It’s easy to see that with a secure email sys­tem, such as RMail Inbox, your inner-office email is secure, at least from exter­nal hack­ers. This makes a pow­er­ful case for those inter­est­ed in inner-office email secu­ri­ty to con­vert to RMail Inbox, RMail Web, or a com­pa­ra­ble secure email ser­vice.

Note that enter­prise email sys­tems pro­vide secu­ri­ty, and the inner-office email is pro­tect­ed.

Case Study

In 2006 I had a valu­able domain name hijacked. It was stolen because some­body was able to first hijack my email iden­ti­ty and then hack into my account for the domain name. I didn’t even find out about it until a week after it hap­pened. The offi­cial new own­er was some­one in Alge­ria!

At that point, it took me almost three weeks work­ing five or six hours a day every day to get my domain name back. My domain name reg­is­trar was very dili­gent in help­ing me, but I also had to hire a lawyer to write let­ters to var­i­ous orga­ni­za­tions, which cost me sev­er­al thou­sand dol­lars. That’s when I first learned about secure email.

After that, I used LuxS­ci as my secure email ser­vice provider and did not had any trou­ble. When I sent and received email via LuxS­ci, my email mes­sages were auto­mat­i­cal­ly encrypt­ed between my email pro­gram and the LuxS­ci email serv­er. LuxS­ci charged a month­ly fee, but the fee was well worth the secu­ri­ty it pro­vid­ed. (RMail Inbox pro­vides the same secure email ser­vice free, and I use RMail Inbox with the email address of Sinclair@​RMail.​com.)

Recurring Theme

How do you make your mes­sages more secure than the auto­mat­ic secure trans­mis­sions enabled by secure email sys­tems? In oth­er words, how do you make your email more secure than RMail Inbox or RMail Web used alone? You can opt to use these togeth­er with RMail Mes­sage-Lev­el encryp­tion, at a low cost, which encrypts email all the way from your email pro­gram to the recipient’s email pro­gram.

The Last Word

This ebook is not the last word on email secu­ri­ty, nor is RMail alone the last word on email secu­ri­ty. Email secu­ri­ty is a very com­plex tech­nol­o­gy. This book is not about com­plete­ly elim­i­nat­ing secu­ri­ty risks from email. The email sys­tem is not designed to do so, and only spe­cial soft­ware and incon­ve­nient encryp­tion prac­tices can reduce the risks to almost zero. Rather this book is about insti­tut­ing secure prac­tices that will reduce the risks sig­nif­i­cant­ly so that your chances of becom­ing the vic­tim of a hack­er will be remote, not inevitable. And that’s cer­tain­ly worth the effort.