Email Encryption

Some of the world’s biggest tech companies have now woken up to the need to make something as basic and essential as the email a lot more secure than it currently is.

Among the companies that have joined forces to make new email protocol follow advanced encryption techniques include Google, Microsoft, Yahoo, Comcast, LinkedIn, and 1&1 Mail & Media Development.

Although everything is still in the planning phase with the only progress made so far include a proposal submitted to the Internet Engineering Task Force that outlines how these companies wish to achieve their goal.

It is SMTP or the Simple Mail Transfer Protocol that still forms the backbone of all our email exchanges. It has been so since the 80s though surprisingly, it has taken this long for the biggest tech companies to finally become aware of the glaring lapse.

What makes the service so unreliable is that most of the mails are sent unencrypted which makes them susceptible to Man-In-The-Middle or MITM hacks. The idea with the new email encryption proposal that is being referred to as the ‘Neither Snow Nor Rain Nor MITM’ is that either the email is sent securely, or it is not sent at all.

The proposed email encryption technology will also check if the email’s digital certificate is valid and will inform the sender if it is otherwise.

The only notable approach adopted so far to make the email more secure is the introduction of the new extension called STARTTLS. That was in 2002, but it never took off in a big way due to its various flaws that never could ensure email have indeed been encrypted.

It has proved to be quite unreliable invalidating the digital certificate of the server but sends the mail anyway. This loophole enables hackers to impersonate the destination server using MITM method with the sender having no idea the mail has made it to unauthorised hackers.

Right now, no ground level success is achieved, and no one knows for sure how long it might take for concrete steps to be taken towards the final implementation of the proposed new email encryption protocol.

In any case, it perhaps couldn’t have been a more opportune time for companies to attempt adding encryption to emails what with the ongoing privacy vs. security debate currently raging not only in the US but around the world.


Please enter your comment!
Please enter your name here