Email Security

Posted by Wxcafé on Sat 24 December 2016

So, nowadays, everyone knows emails are not secure. If you didn’t know that, you should. Emails are to be treated like postcards : everyone between you and the person you’re talking to can read them. Don’t write military secrets in them. Back in the good old days, when the protocols they rely on were devised, the people creating them didn’t really need to secure them (and they didn’t have computers powerful enough to do encryption. Emails are old. Like, really old. Like older than I am. By decades.)

There are, of course, a few methods to “secure” email. I’m ready to bet at this point over 75% of the people reading this are at least thinking very hard “PGP”. Some might be thinking “S/MIME”. Maybe a few of you who didn’t think I was talking about encryption by the user are thinking about STARTTLS in SMTP, or SPF/DKIM/DMARC.

If this previous paragraph confused you, at least a bit, there’s a very good summary about these things over in the latest issue of the IP Journal, here (pdf). I also am going to start mirroring the issues of that journal over on https://wxcafe.net/pub/IPJ/. I encourage you to subscribe to the paper version of the IP Journal, it’s free and the content is generally very good and informative.

That was all, see ya