Search Google Appliance

Home >> Email >> Introduction to Security Issues in Email - PGP, S/MIME and SSL

Introduction to Security Issues in Email - PGP, S/MIME and SSL

Although we now take the email for granted, it is important to realise that - in its most basic form, at least - it is not necessarily a very secure or private means of communication. In fact, email has often been likened to the use of the postcard in conventional postal systems: it is open to being read or tampered with during transmission, and it might not even actually come from the person who apparently sent it.

For casual, social messages this might not be a great concern. However, there are many situations when you might want to guarantee the privacy or authenticity of an email.

There are two main strategies for making your email secure and private:

  • Use email encryption software to encode your messages, which are then decoded by the recipient after delivery. Even if a message is viewed in transit by someone else, they will not be able to decipher it. Email encryption software can also be used to digitally sign a message to guarantee it really did originate from the apparent sender. Two of the most widely used email encryption systems is called PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions).

  • Use a secure connection system between your own machine and the server - this is rather like the use of a `scrambler' on a conventional phone system. This protects all forms of information - for example passwords - passing between a workstation and a remote server, not just email messages. It prevents against anyone 'snooping' on your connection's network traffic, although offers no protection on information once it passes beyond the secure connection. One of the most widely used forms of secure connection system is known as SSL.

Most popular security systems, including those mentioned above, are based on the concept of Public Key Encryption. This involves the use of a linked pair of digital "keys":

  • a public key, freely publicised by its owner, which is used to encrypt information being sent to that person or system.
  • a private key, known only to its owner, used to decode incoming information encrypted with the corresponding public key.


Service area: 

Written by IT Services. Latest revision 22 May 2017