In a recent discussion with Greg, our I.T. guy at Team Expansion, he pointed me to this article…
http://www.makeuseof.com/tag/3-secure-encrypted-email-providers-online/
in which the author points out that providers like Hushmail can, if compelled by court order, impose software to capture a use’s password the next time he or she logs on. So is there really nothing truly encrypted and safe? Be sure to see the comic at the end of the article, which points out that, in severe cases, a thief (or government worker) could simply threaten to bludgeon you with a big wrench until you give up the password anyway. If you have a solution that is rock-solid encrypted, please click “the link below to log on to the web version of this item then click “comment” and leave your opinion/resource. Thanks in advance for your help.
Hi.
Also, another trusted tool is the Office 365 Encryption.
ps: this article is from 15/Feb/2012, is more then 3 years. Also, if you read the comments you can see that have a lot of complains about the “solutions”…so…think about.
Many blessings
Gustavo Hellwig
It’s important to remember that there’s a difference between “encrypted in transmission” and “encrypted in storage”. Although most mail servers now support SSL connections, that’s an “encrypted tunnel”, and when mail exits the tunnel, then it’s unencrypted.
In most mail exchanges, there’s at least two servers involved — the sender’s server, and the receiver’s server. Even if a sender’s server supports encrypted connections, there’s no guarantees that the receiver’s server will support encrypted connections, and it’s entirely possible that a “super secure” mail service will deliver mail over an unencrypted connection. There’s nothing anybody can do about that, if the receiver’s service doesn’t support encryption.
In this model of “store and forward”, when mail is received, if it’s being relayed to another server, then the mail is placed in a queue for outbound delivery, and this is normally unencrypted and anybody with admin access to the server can see the content. The message in question may be in the queue only momentarily (the most common condition), but in some circumstances, it may be there for days, and there are times when servers don’t purge copies of outbound stuff after they’ve been delivered.
Encryption of storage is a different matter, and there’s very few providers that do that, so that content stored in mailboxes is inaccessible to server admins.
It’s actually quite difficult to do mail with end-to-end encryption, that is never accessible to outsiders. Something like Hushmail might make it possible, but only if both the sender and the receiver are using Hushmail accounts, and messages never leave Hushmail’s server. However, Hushmail has its own potential problem in that the name broadcasts “security enhanced mail”. You may be technically protected, but sometimes it can be useful to use a service that has a lower profile.
It’s also possible to do end-to-end encryption of content (that is, message bodies, but not headers), but that takes some work to set up public keys, and everybody who you communicate with has to do the same. You can do that with either PGP (or GPG) or S/MIME, but the mechanics are complicated enough that it’s hard on a non-technical user, and for a lot of non-sensitive stuff, many may conclude the the extra effort isn’t worth it. If you use Mozilla Thunderbird, there’s an extension called Enigmail that helps, but it’s still extra effort.
With content encryption, stuff is encrypted until it reaches the intended recipient, but only the content. Header information (including To: and From: lines, Subject lines, and headers such as Received: that are inserted by intermediary servers) is not protected. That’s all stuff that is added to the message after it leaves the user’s control, and there’s a lot of information in headers that can indicate what is in the encrypted content.
Good Comments GP.
So that is why Office 365 do it in a very safety way, because they encrypt the email and send it as an attachment.
So by that way, even if the server forwards the email between other relays, the content are untouchable.
blessings.