SSL and TLS are not enough to secure your email
A very common marketing ploy involves companies advertising “secure” services .. where that security consists of only SSL- or TLS-encrypted connection to their servers. While use of TLS and SSL is a critical part of web and email security, it is only one small aspect of security. Below, we will talk about some of the other aspects of what you should be looking for in terms of an actual secure solution so you can be more saavy of simplistic marketing claims in the future.
What SSL and TLS do for you
SSL and TLS are critical to any security solution. They work by encrypting the connection from your computer to your email provider’s servers when you check your email, send email, or use their web based interface. For details see: How does Secure Socket Layer (SSL or TLS) work? This encrypted connection ensures that no one can eavesdrop on your communications and read them, intercept your username or password, change the data in transit, or perform other malicious actions.
What is not secured with just SSL and TLS
There is a whole lot more to the flow of inbound and outbound email than your connection to your email service provider’s systems. In short and sweet terms, this includes:
- Messages travelling to and from your email service provider’s servers and your correspondent’s email servers
- If your correspondent’s connections to their servers are secure or not
- What happens to temporary storage of messages and backups of them on your provider’s or your correspondent’s provider’s servers?
There are many steps here that are not secured simply because you connected over SSL to your provider. When you send a message, even if you use SSL or TLS:
- That message could be transmitted insecurely (in plain text) to your recipient from your email provider.
- That message could be accessed insecurely by your recipient at their provider
- That message could be changed/modified at your provider, in transit, or at your recipient’s provider
Similarly, for inbound email, you have no control over the security or integrity of the message before it hits your email provider’s servers. Any of the same things could happen.
For an in depth discussion on how email flows and what the security implications are, see: The Case for Email Security.
How can you augment SSL and TLS to have any kind of real security?
What you are really looking for is “end to end email encryption“. This implies that email messages are encrypted all the way from the sending to the reading so that any possibility of eavesdropping or message modification is eliminated. You also need to trust the email service provider that is enabling this encryption service — a malicious or incompetent provider could leave security holes that allow them or attackers access to your data.
Levels of End-to-End Email Encryption
There are various ways to accomplish end-to-end encryption of email. They vary from more secure to less secure … with the security tradeoff coming in terms of usability as is typical. More security often means less convenience (at least in terms of initial setup).
Most Secure: PGP or S/MIME Encryption
The most secure method of end-to-end encryption involves packing up your email content in an encrypted block at the time of sending. In order to read your message, the recipient needs to decrypt that block. This keeps the content encrypted at all times and only the recipient with his special key and password can access it.
It is the hardest to use in general as the recipient and sender both need to be set up to use the same technology and need to trade security “keys” ahead of time. This is doable for like minded people that you frequently communicate with. This is a no-go for general communications with “just anyone”.
Escrow: Secure Message Pickup Services
The next level of security involves encrypting the message (e.g. with PGP or S/MIME or some other technology) and saving that in a secured system at your email service provider. Your recipient is then sent a regular insecure email with none of the sensitive content in it — it’s a note and link to come to a special secured web site to pick up the message.
This works well because it allows you to communicate with anyone who has an email address.
It is less secure because it involves your email service provider holding the “keys” to your message data and requires you to find ways to authenticate your recipients (so not just anyone can intercept these notices and get the secure email messages in their stead).
LuxSci’s Escrow system allows you to choose how you want your recipients to verify their identity — either by:
- Answering a security question that you provide, or
- Signing up for a free account that verifies their access to the email address in question
Option #2 is quick and easy, but not as secure as #1 … assuming that you choose good security questions for your recipients!
An Escrow-type service is also nice in that it uniquely provides:
- The ability to retract messages after being sent
- Auditing of the access of messages
The simplest, though least secure, method of end-to-end email encryption is the use of SMTP TLS. This mechanism extends the use of SSL to the sending of your message from your email provider’s servers to your recipient’s servers. It only works for some recipients — those whose email providers actually support SMTP TLS.
It is simple … because the message appears to the recipient like a regular email message — they can open and read it without any passwords or special steps. Also, the sending on your part does not require any special work. It does provide transport-level encryption from you to your recipient’s email service provider (the minimum level of security needed for HIPAA compliance). However, it is less secure than previous methods because:
- You cannot be sure that the message remains secure while on your recipient’s email server
- You cannot be certain that your recipient uses a secure connection to download the message
- The message is not encrypted when stored on disk at your email provider or your recipient’s email provider. It is thus also more susceptible to possible malicious modification.
There are other solutions available on the market as well, such as:
- Special plugins to your email client that assist in email encryption
- Systems that send executable files to recipients that they must open and enter a password to access
- Use of encrypted ZIP files
However, we find that most customers prefer it if they do not have to install anything and their recipients can access the messages without any special software or work. They also prefer it if they do not have to communicate with their recipients ahead of time, if possible, when sending secure messages. Of course, it all depends on the level of security you are trying to achieve and the goal of your communications. This is why there are so many options.
For more details, see LuxSci’s SecureLine end-to-end email encryption service, which supports PGP, S/MIME, Escrow and SMTP TLS, as well as a free secure portal for people to login and send secure messages to you, so that you can send and receive securely … in the most appropriate way for your business needs.