This page is obsolete and should be updated

Why do I need secure e-mails?

Important

Have you ever put an envelope around a letter? Sending an unencrypted email is much worse than sending a post card…

You need to secure your e-mail for the same reason you need an envelope to send your personal letters. Sending an unencrypted email is much worse than sending a post card. Emails traveling over the Internet can be easily intercepted and read by others. Multiple copies of your emails can be intentionally or unintentionally stored at dozens if not hundreds of places for a long time, or even permanently. They can be easily searched, categorized, and analyzed by identity thieves, hackers, marketers, spammers, competitors, and “Big Brothers”. For this reason, every one of your email messages should be encrypted, just like every one of your personal letters should have an envelope.

The pathway of e-mail.

Exposing your communication to prying eyes is only one of the vulnerabilities of regular email. Another vulnerability is that email communications can be easily forged or tampered with. Spammers routinely send out email messages pretending to be from addresses they do not own. Just because an email message you receive has your friend’s email address in the “From:” field does not mean that it is truly from your friend. For this reason, every email message should be digitally signed. Digital signatures cannot be forged and digitally signed messages cannot be tampered with.

Encryption makes sure only the addressee of the email is able to read it. Good encryption (like S/MIME or GnuPG) is so secure that it would not be very difficult for an attacker/hacker to read a message not addressed to him even if he had access to today’s largest computers for his attack. In fact, a properly encrypted message will not be readable for many years (even decades) to come, unless one is in the possession of the decryption key.

So basically, encryption is not at all about sending secret messages (even though it can be used for it), but about putting envelopes around your messages.

Do you respect your correspondent’s privacy?
Maybe you do not care about your own privacy (even though you should). But any email you send contains information about the person(s) you send it to. So if you are sending unencrypted (insecure) email, you might very well be revealing information about your correspondent. Your correspondent may not like this! What is public information for you may be personal for other people.

What is encryption?
Encryption is a mechanism that ensures that only the correct recipient of a message is able to read it. When I send a message to Thomas, it is encrypted, that means it is changed in a way that nobody can read it. Only Thomas is able to change it back to the original message (decrypt it), and will then be able to read it.

The mechanism used for this nowadays is called public key cryptography. It eliminates the need to exchange a secret key that makes many traditional encryption schemes much less secure.

I suggest here two ways to sign and/or encrypt your messages:

  1. S/MIME: Secure Multipurpose Internet Mail Extensions
  2. GnuPG: Gnu Privacy Guard