Email Encryption Showdown: SMTP TLS vs PGP vs S/MIME vs Portal Pickup
While messaging apps may have become more popular over the last ten or so years, email remains an important method of communication, particularly for business. Despite its common use, there are many security problems associated with regular email:
False messages are a significant threat, particularly when it comes to business and legal issues. Imagine someone else sends an email from your account – how can you prove it wasn’t you? There are many viruses that spread in this way, and with regular email, there is no concrete way to tell whether a message is false or not.
Normal emails can also be modified by anyone with system-administrator access to the SMTP servers that your emails pass through. They can alter or completely delete the message, and your recipient has no way of knowing if the message has been tampered with or not.
In the same way, messages can be saved by the SMTP system administrator, then altered and sent again at a later time. This means that subsequent messages may appear valid, even if they are actually just copies that have been faked.
On the other side, we have message repudiation. As we have just discussed, emails can be faked. If you receive a message, how can you prove that it is legitimate? The sender can try to claim that it was a false message and it can be difficult to deduce who is telling the truth.
In a world where the NSA continues to develop evermore powerful tools, eavesdropping is incredibly easy against unsecured email. Snoopers can capture and read your emails as they travel through the network, allowing them to look through all of your secrets.
Emails transmitted over SMTP can easily reveal significant amounts of your information, such as your IP address, your city, or even your actual address. IMAP, POP and WebMail don’t reveal your IP address, but there are still other privacy issues you should consider when using these forms of unsecured email.
Unencrypted messages are stored in plaintext on SMTP servers. Any backups will also be in plaintext, so anyone who can access these backups can also read your messages. One of the biggest issues is that these unprotected backups can be kept around for years, even after you have deleted your email.
If you aren’t accessing your email server over an encrypted connection, it is possible for hackers to capture your login details. They can then use these to access your email, read your messages and even send new ones while impersonating you. Identity theft can be absolutely devastating to your professional and personal life, making it one of the key reasons to consider using encrypted email.
Fight the Threats to Your Email with Encryption
Each of these possible abuses pose a significant threat. If you want to protect yourself and your business, you really need to begin to implement an adequate email-encryption strategy. There are several major types of email encryption, including SMTP TLS, PGP, S/MIME and Portal Pickup. Each of these have their own advantages and disadvantages, including level of security, ease of use and compatibility. No single option is right for all situations, so you need to consider each option carefully to find out which is right for your individual use case.
Simple Mail Transport Protocol (SMTP) is the protocol under which computers and servers transport emails from the origin to the destination. Transport Layer Security (TLS) is the encryption protocol that provides secure connections for much of the internet (such as HTTPS websites).
Together, these technologies provide an encrypted tunnel for both inbound and outbound email traffic. The messages are encrypted as they travel, which prevents spoofing between the servers. It is an easy form of encryption to use, but it is not quite as secure as PGP or S/MIME.
How Does SMTP TLS Work?
SMTP TLS relies on hashing algorithms for endpoint authentication, which are generally orchestrated by your email provider using SSL certificates. These are issued by Certificate Authorities (CA), which are trusted third parties that do the necessary checks to make sure that they only grant certificates to those that have the right to them.
This type of email encryption uses both asymmetric and symmetric-key encryption techniques. The server proves its authenticity with its private key, which lets you know that you aren’t facing a man-in-the-middle attack. You then send the server your public key, which it uses to generate and return a key to you. This shared key enables you to communicate securely through symmetric-key encryption, which is faster than asymmetric encryption.
When both the sending and receiving servers support opportunistic TLS, they negotiate a TLS-encrypted connection to transmit your email. This allows for secure delivery from server to server. While this is great, not all email providers support opportunistic TLS. Messages will be sent in an insecure fashion if they travel over servers that do not support TLS, if they are stored, or if there is a failure in the security setup. Despite this, TLS protects your login details, which can help to keep you safe from identity theft.
LuxSci supports Forced TLS, which can prevent an email from being delivered unless TLS is functioning between the servers. If the recipient server does not support opportunistic TLS, a different form of encryption can be used instead.
TLS is simple to set up and use. In most email clients, you only need to change a few settings to implement it. One of the other major benefits of TLS is that your recipients don’t need to personally set anything special up, which gives it more versatility than rivals such as PGP or S/MIME. As is often the case with technologies that are easy to use, it does not secure your email to the same degree as its rivals.
While the name Pretty Good Privacy might not seem so inspiring, PGP has been relied on for email encryption since 1991. It uses both public and private-key encryption to offer a high degree of security, although its difficulty of use can often lead to user errors which have the potential to expose confidential messages. When used properly, current versions are thought to be secure, but earlier versions were shown to have some theoretical vulnerabilities.
PGP has been around for quite a long time and it has a wide userbase. This makes it a useful protocol, despite the fact that it is not compatible with other protocols and your recipient will also need to setup PGP.
There are both open source versions as well as commercial options available, and it can be used with most email accounts. You can download free software called GNU Privacy Guard (GPG) to get started with PGP.
How Does PGP Work?
PGP allows you to generate a public and private key pair, which you can use to turn plaintext into ciphertext. The public key is used to encrypt a message, so you first need to find the key of your recipient. These can be found on public key exchanges, or you can ask for it through normal email. Once you have their public key, you use it to encrypt the text you want to send. Once it is encrypted, it can only be decrypted with their private key.
When someone wants to send you an encrypted message, they first need to encrypt it with your public key. Once you receive the encrypted message, you can use your private key to revert the ciphertext back into plaintext.
What Are Digital Signatures?
PGP also allows users to sign their messages with digital signatures, which can be used to prove that the message is authentic and hasn’t been tampered with. Anyone can use the public key of the sender to verify that the message has not been altered. If the message has been changed, the signature will not be valid.
Web of Trust
For emails to be secure, it is important to be able to trust that recipients are actually who they say they are. Traditionally PGP has handled this through the web of trust. Public keys are distributed through identity certificates, which are vetted by other users who confirm the association between the key and the individual.
This system has some advantages over hierarchical systems such as the one used in S/MIME, although it also puts a burden on users to verify the certificates. Because of this, a system of trust signatures that operates similarly to Certificate Authorities has also been developed.
Problems with PGP
Despite the high level of security when PGP is used properly, there are also several negatives. One of the biggest stumbling blocks is its complexity of use, which can result in messages being sent in an insecure manner. This is particularly problematic for new users. Another issue is that it does not integrate seamlessly with email clients.
Adding to these problems is the fact that it is not compatible with other protocols. For messages to be sent and received with PGP encryption, both the sender and the recipient need to be using the PGP protocol. The public key of the recipient also needs to be known beforehand. If it is not readily available on a key exchange, it can make it more difficult to get in touch with them securely.
Getting the Most Out of PGP
While PGP is an excellent technology for encrypting the body of a message, it does not encrypt the metadata or the headers (including the sender, recipients, and subject). If you only use PGP, it is possible for snoopers to gleam a lot of information from your email exchanges. You can protect your login details, headers and metadata by using it in combination with TLS.
Secure/Multipurpose Internet Mail Extensions (S/MIME) is another encryption standard that has many similarities to PGP, however some aspects make it easier to use. S/MIME can’t be used with other protocols, however it is integrated into most email clients. All you need to do is acquire a certificate and adjust your settings.
One of the key differences between PGP and S/MIME is that instead of using the web of trust to confirm the validity of a user’s email and certificate, it relies on Certificate Authorities (CAs) who issue S/MIME certificates, instead. These organizations provide oversight, however users still need to be able to trust the CAs for the system to work.
There are two classes of certificate. Class 1 certificates only declare that the sender owns the email address that you received the message from. Class 2 requires a more detailed verification from the CA, and it connects the sender’s identity to the email. Certificates typically last for one year and can be stored on your computer or on a smartcard. When a user acquires a certificate they receive a public and private key that work in the same way as PGP keys.
How Does S/MIME Work?
Once you have your certificate, you may need to import it into your email client. Most clients that detect a certificate will then have a menu option that allows you to encrypt and sign messages whenever you compose them.
When sending and receiving messages, the encryption works similarly to PGP in that the sender’s email client encrypts them with the public key and the recipient decrypts them with their private key. If the private key has already been entered into the email client, an encrypted message will open normally. If it hasn’t, it will appear as cipher text.
S/MIME digital signing also works in a similar way to PGP. It proves the authenticity of the sender and that the message has not been altered. You can only send someone an encrypted email if you already have their certificate, but you can send them a digitally-signed message without it. You can therefore send your public key to a recipient with a signed email and they can do the same. This allows you to exchange encrypted messages.
Issues with S/MIME
Like all forms of email encryption, S/MIME also has some drawbacks. Despite its ease of use with email clients, it is best not to use it with WebMail. This is because best security practices recommend keeping your private key away from your WebMail’s server (this best practice applies equally to PGP).
CAs also bring problems to S/MIME. For the system to work, you have to be able to trust them. In the past, there have been issues that have made users question the integrity of certain CAs, so some may not want to involve a central authority in their encryption process.
Another hassle is that certificates expire, typically after one year. If a certificate is lost or deleted, it means that messages that were encrypted with its key cannot be decrypted.
Getting the Most Out of S/MIME
Just like with PGP, S/MIME only encrypts the body of a message, rather than the metadata or headers. For a higher level of security, it is best to use TLS as well. This will protect your metadata, headers and your login details.
Portal Pickup, also known as Secure Message Pickup or Escrow, is one of the easiest ways to send encrypted messages. It does not require (buy may include options for) authentication or registration, which is a huge strength from a usability perspective.
It is universally compatible, so anyone with an email address can receive these messages without the need for additional software. This makes it useful for securely sending email messages to people that you have not previously communicated with.
How Does Portal Pickup Work?
The sender goes to a third party’s (such as LuxSci’s SecureLine) service over a secure connection. The third party validates the sender and enables them to create their message. The sender chooses how the recipient will verify their identity from a range of options. These can include login credentials, a security question or with a password.
The third party then encrypts the message, before storing it on its server. It sends an email to the recipient, which contains a secure link to the portal as well as a unique password that is part of the encryption key. The third party deletes this password, so that the message cannot be decrypted until the recipient enters the password.
The recipient receives the email from the third party, then uses the link to connect to the web portal. They then verify their identity according to the sender’s specifications and enter the password. This allows the third party to decrypt the message, so that the recipient to read it.
Benefits of Portal Pickup
The main advantages of Portal Pickup are that it is relatively easy for both the sender and recipient, and it can be delivered to anyone with an email address. The messages are also hosted on a secure portal, rather than being sent over the internet. They are encrypted at storage and are kept until they are deleted by the recipient, retracted by the sender, or they expire. Access to the message can also be logged, so it is also possible to see if and when it has been viewed.
Problems with Portal Pickup
One of the potential vulnerabilities of Portal Pickup is that it requires trust in a third party. If you are using an unreliable service, there could be significant security issues. If your provider is trustworthy, then the system is secure and simple to use.
Other Forms of Email Encryption
Internet users should be cautious of other forms of email encryption, particularly if they use major WebMail services. While parts of the journey will be encrypted, it is unlikely that your carrier offers end-to-end encryption that keeps your communications completely secure.
One of the main reasons for this is that these companies often make money from data mining. If they were to encrypt your emails from end-to-end, then they wouldn’t be able to capture and sell your data. Another worry is that these major companies can be leaned on by government agencies to provide data for criminal or other cases.
There is also a decentralized, peer-to-peer option that does away with companies altogether. Bitmessage is an encrypted communications protocol that is different from email, however services such as bitmessage.ch can be used to integrate it with email. Messages are encrypted using the OpenPGP protocol and they can be accessed from anywhere.
While it shows great potential, Bitmessage is still somewhat of an experiment and it can’t handle large volumes of email traffic. When you add in the fact that emails can only be stored for two days, email addresses are long and that it is yet to be independently audited, it is certainly not an option for everyone.
Which Type of Email Encryption Is Right for You?
Each of the email encryption protocols have their own advantages and disadvantages, so it really depends on how you intend to use them. While SMTP TLS offers transparent encryption, it only does so part of the way. PGP and S/MIME also leave gaps in their security, so those with a high risk level are often better off combining these technologies.
PGP can be difficult to use, but it is also the most flexible. For this reason, it is generally recommended for more advanced users, because small mistakes can have huge ramifications for the privacy of your communications. S/MIME is easier to set up and use, but it involves having to put your faith in Certificate Authorities, which some users may not want to do. Portal pickup is great because it is relatively easy and can be sent to anyone, but it also involves trusting a third party.
To find the right email encryption strategy for your business or personal use, you first need to think about your use cases, as well as your technical abilities. While normal email is insecure and shouldn’t be used for sensitive or high value communications, these technologies can only protect you if they are used properly.