General Practice, Solo & Small Firm DivisionMagazine
What can I do to protect my messages?
By Brian C. O’Reilly and Bruce A. Barney
For most of us, e-mail is a no-brainer. We type our message, attach a document, hit "send" and off it goes. We don’t consider (or care) what happens next. In order to truly understand and appreciate the security risks involved with sending and receiving sensitive communications via the Internet, we must first gain an understanding of what happens to our e-mail from the moment we click "send" to the moment the recipient reads the message. Next, we will analyze the possible security risks that exist along each step of the way. Finally, we will conclude with a discussion of steps you can take to ensure the security of your communications including a detailed discussion of e-mail encryption.
How Your E-mail Works
When you write an electronic mail (e-mail) message and press the send button, a number of things happen behind the scenes before the message appears on the recipient’s screen.
First, depending on the e-mail software you are using, the message may sit in your outbox, "queued" for delivery, for a certain length of time, until the computer automatically sends messages to the server or you press the button to send all queued messages. If privacy is an issue, you should be aware of whether your software sends the message immediately or queues it for delivery; generally there is an option you can view (and change) in the "Options" or "Preferences" of your software.
If you are working on a Local Area Network (LAN), the message is next transferred to the Send Mail Transfer Protocol (SMTP) mail server. For larger networks, the SMTP server may actually be on-site. Most smaller networks use their Internet Service Provider’s (ISP) mail server to send and receive mail. If you are using a stand-alone computer that dials into the Internet, you are using your ISP’s mail server(s) to send and receive mail. In either case, the SMTP server will then attach a header to the message, which contains the sender (you), the date and time, the recipient’s full e-mail address, the subject, and other information used by the mail servers. A typical header may look something like this:
Received: from mail.hostamerica.com (firstname.lastname@example.org [188.8.131.52]) by maybe.friend.ly.net (8.8.6/8.8.6) with ESMTP id PAA03660 for
Received: from indsangh.com (www.indsangh.com [184.108.40.206])
by mail.hostamerica.com (8.9.1/8.8.5) with ESMTP id PAA17138;
Tue, 8 Sep 1998 15:55:06 -0400 (EDT)
Received: from 220.127.116.11 (unverified [18.104.22.168]) by indsangh.com
(Rockliffe SMTPRA 2.1.4) with SMTP id
Tue, 08 Sep 1998 12:37:24 -0700
X-Sender: email@example.com (Unverified)
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Tue, 08 Sep 1998 12:55:04 -0700
Subject: New celeron with cache ,Pentium 350 specials
Content-Type: multipart/mixed; boundary="=====================_905309704==_"
Next, the message is transferred over the Internet from your SMTP server to the recipient’s mail server. Most mail servers use Post Office Protocol (POP), so if you hear someone mention a "POP" server, that’s the server where the e-mail is actually received. As with all information passed over the Internet, the message may actually be sent from server to server many times along the way before it arrives at the recipient’s mail server. (In the header example above, the e-mail message was first sent from firstname.lastname@example.org to his mail server, i.e., "indsangh.com," then to "hostamerica.com" from which it was forwarded to "friend.ly.net" and on to the recipient’s desktop.) Generally, the whole transfer takes well under a minute.
The last step is for the recipients’ computer to pull the e-mail message from their mail server to their computer. If they are logged onto their computer or network when the message is sent, they will probably get the message less than a minute after you clicked the send button. If they are not logged on, the message will remain on their server until they log on and read their mail.
You may also have an interoffice e-mail system set up. In this case, the message goes to the computer or server with the mail post office, and, if the recipient is logged onto the network, their computer will receive it almost instantly. With this type of system, the message stays within your LAN and never goes out across the Internet.
The Possible Risks
Your Out Box: Many people have their messages sent to a "local queue" before they’re actually sent out. If you’re using a dial-up account and only connect to the server every hour, for instance, the queue will allow you to send and receive all your messages at once and then disconnect. Until the queue is actually sent and emptied, however, your messages are sitting unsent on your local computer. Anyone with access to your computer could read and possibly delete your messages before they’re ever actually sent to the recipient.
Your Computer: Most contemporary e-mail software leaves a copy of your messages in an "out box" or "sent mail" folder, in case you ever want to look back through your sent messages. If you are sending a confidential message, however, this means anyone with access to your computer can simply read any and all messages you’ve sent.
Your Network: If your mail messages are sent through a LAN, the network administrator probably has access to files that go through the server (such as your confidential e-mail messages). For most offices this isn’t much of a security risk as long as you trust your network administrator, and he or she is unlikely to be sitting at a terminal intercepting and reading outgoing e-mail (especially if he or she hopes to keep the position of network administrator). You should, however, be aware of this potential risk. Also, if you use your ISP’s mail servers to send and receive mail, the ISP administrators also have access. Internet Service Providers are very unlikely to browse through e-mail on their servers, but some ISPs may scan their servers for inappropriate content, such as profanity.
Over the Internet: While your e-mail message is en route, it is transferred from your SMTP server over several other servers on the Internet to the receiving mail server. At any point along the way, a hacker or snoop can use software such as a "packet sniffer" to save and read any information sent from a particular server. E-mail messages are sent as several small packets rather than one large chunk, but it is possible for a hacker to piece together the message, and if the message you’re sending is confidential, chances are you don’t want anyone reading even a small part of the message. We’re not conspiracy theorists and we’re not trying to imply that there are hordes of hackers out there waiting to snoop through all your private e-mail, but packet sniffers do exist and this is a real security issue for anyone who wants to send truly secure messages.
The Recipient: The recipient’s network administrator may have access to the message before it is received. Similarly, if the recipient leaves the message in his or her in box after reading it, or saves the message to a folder, then anyone with direct access to the recipient’s computer could also read the message.
What You Can Do to Keep Your Messages Secure
With all these security risks, is e-mail even worth considering for sending confidential messages? It may seem like e-mail is very risky, but rest assured that sending an e-mail message is fundamentally no riskier than sending the same message through regular postal mail. You always run the risk that someone could break into the mailbox and steal the envelope before it is collected, that the mailman will open the mail, that someone will steal it from the recipients’ mailbox before they check their mail, etc. Likewise, it is possible to tap phone lines and set up surveillance equipment to record a person’s conversations, set up tails to follow someone wherever they go, etc. Does that mean these things that happen will happen to you? Not likely, and none of the risks involved in sending and receiving e-mail are likely either.
However, because there is no equivalent to registered mail in the e-mail world, and the laws that prevent postal carriers from reading mail weren’t meant to include system administrators, there are several steps you can and should take to keep your messages secure if confidentiality is an issue.
Risk #1 (Your Out Box) can be eliminated simply by being careful. If your e-mail software is set to queue your messages before sending, you can either change the setting (usually in "Options" or "Preferences," depending on your software) or make sure no one has access to your computer until after the messages are sent. Just keep in mind that you’re responsible for the e-mail until it has actually been sent out to the server.
Likewise, Risk #2 (Your Computer) can be eliminated by making sure you have no saved copies of the message sitting in your "Sent Mail" folder. If you don’t have a sent mail folder, you don’t have to worry about this one at all. Most current e-mail software automatically saves sent messages to a specific folder, so check the settings on your own software. Disabling the "Save a copy of sent messages" feature or manually deleting the sent copies of any confidential messages will eliminate this risk. Also, be aware that most e-mail software packages periodically "archive" all of your old sent messages to a file on your hard drive. Be aware of this feature and shut it down if security is an issue.
The other possible risks are a bit trickier. No matter what precautions you take, there is no way to completely prevent others from being able to read data that’s passed over the Internet. Your best bet is probably to encrypt your messages.
Encryption in a Nutshell
Encryption takes your plain text or document message (and any attachments) and garbles it completely, so that even if someone manages to intercept and read a message you’ve sent, all they will see is gibberish. When the other person receives the message, he or she decrypt it using a cryptographic key.
Sounds complicated and expensive, right? Not at all. A technology called "Public Key Cryptography" has been floating around for years. With Public Key Cryptography, you have two "keys" (a key is a computer-generated random sequence of characters): a private key, with which you encrypt messages, and a public key, which you give out to people you trust so that they can decrypt messages that you send them. Software plug-ins exist for most popular e-mail software, including Microsoft Outlook and Outlook Express, Eudora and Novell Groupwise. In the past year or two, the plug-ins have become almost completely seamless and consist simply of hitting a couple of buttons and typing in your password. And the cost? Probably the most widely used Public-Key Cryptography is called PGP (Pretty Good™ Privacy), which was originally developed as freeware. You can still find copies for free, or you can get a licensed, commercial version for less than fifty bucks. You can download an evaluation copy yourself at http://www.pgp.com, and many other places as well.
Let’s step through how to install and use PGP encryption. For this example, we’ll use PGP 6.0 freeware, from Network Associates, Inc. (This version is for "noncommercial" purposes only. Their full commercial version, at the time of this article, is approximately $39.95.) Other versions may differ slightly, but the principles are the same.
When you install the software, you’ll be asked to enter a passphrase, from which your "keys" are randomly generated. Knowing your passphrase will not let someone crack your private key, but it will give them access to decrypt files on your computer, so keep it safe and don’t write it down in an easy-to-find spot. A long jumble of mixed uppercase letters, lowercase letters and numbers is best, provided you can remember the passphrase. (Do not use birthdays, names or any other information that someone could guess if they knew you.) You will use this passphrase every time you encrypt or decrypt a message or file.
Before you can send an encrypted message to someone, you need to give them your public key. More importantly, your recipient must have encryption software that uses the same encryption algorithms that yours uses. This will let them decrypt messages and files sent by you when you have explicitly given them access privileges. Likewise, in order to decrypt messages sent to you by someone else, you need to have that person’s public key. Public keys are usually stored in databases accessible on the World Wide Web. Your encryption program should allow you to search the database for people you know automatically. Likewise, if you attempt to send an encrypted e-mail to someone for whom you do not have a public key, the encryption software will inform you and assist you in acquiring their key if one exists.
Once you have the public key of the person to whom you wish to send an encrypted message, you need to "sign" it with your passphrase to signify that you are certain it is the right public key for that person. Make absolutely certain you have their real public key and they have your real public key, so that there will be no chance of someone else decrypting your messages. It’s best to verify the key with the person over the phone or in person.
If you are using Outlook, Outlook Express, or Eudora to send e-mail, PGP 6.0 installs a plug-in for your software that adds PGP buttons to your e-mail client. When you open your e-mail program, you’ll probably see a "PGP" menu that wasn’t there before. When you’re going to send a message that you want to keep confidential, make sure you’ve selected the options to encrypt and sign the message before sending. If the e-mail address you’ve entered in the "To:" field doesn’t match any of the public keys you have on file, the software will ask you to select the recipient(s) who will be able to decrypt the message. Even if someone has your public key, they will not be able to decrypt the message unless you select them here. You’ll then be asked to "sign" the message using your passphrase. This will verify that the message was really encrypted by you, so the other person knows it wasn’t intercepted by anyone else along the way.
Once you’ve encrypted and signed the file, you can send it out without worrying if anyone will be able to intercept and read the message. Provided no one has access to your passphrase and provided the recipient understands not to leave a decrypted copy in plain view on his or her computer, you’ve addressed and virtually eliminated all the confidentiality risks. No one will be able to intercept and read the message without a team of crack hackers and a supercomputer. Of course, if you have teams of hackers and supercomputers hounding your every move, you can look into military or government cryptography, such as the U.S. Federal Data Encryption Standard (DES), but unless you’re smuggling top secret documents or extremely paranoid, it’s probably unnecessary to look beyond PGP.
When you receive an encrypted message from someone, one of two things will happen. If the sender didn’t specify you as authorized to decrypt the message, you’ll see a bunch of gibberish where the message should be, and a little note saying the message is encrypted. You won’t be able to decrypt or read it, and that’s that. If you were specified and you have the sender’s public key, then you’ll be prompted to enter your passphrase. The computer will automatically decrypt the message (this should take no more than a few seconds, depending on the size of the message, and probably much less), and you’ll see it on your screen exactly as if it were a regular message. After you have read the message, it will return to its encrypted form until you choose to reenter your passphrase and reread the message.
One final caution: If you keep confidential documents on your computer and send them as attachments, you may already be running a risk. No matter how secure your e-mail is, if you have an unprotected copy of the document saved on your computer or network, you’re already running Risk #2 (Your Computer) and Risk #3 (Your Network). Remember to restrict access to the document on your own computer in addition to keeping your e-mail secure, and you can rest assured that your message is far more secure than any conventional means of communication.
Communicating with clients or associates via electronic mail is generally as secure as any other common form of communication. There are, however, affirmative steps one can take to make e-mail highly secure and virtually impenetrable to attacks from snoopy adversaries or zit-faced hackers. As with any sensitive communication, communicating online can be safe and secure if you are willing to be thoughtful, careful, and meticulous about the procedures and software you use. n
Brian C. O’Reilly and Bruce A. Barney are with Network Business Solutions in Baltimore, Maryland.