Email Security 101

Tomorrow evening, I’ll be discussing email security at the NYC Oath Keepers meeting. For whatever reason, I won’t have any bandwidth at the facility so I took a stab at creating my first screencast. This turned out to be a fun project as I discovered some very powerful (and extremely easy to use) software called OpenShot. There was no need to install or run in on my laptop. Instead, I just used recordmydesktop to create the videos and then pieced everything together on another box.

This video is my attempt communicate the following:

It can be very easy to spoof an email. Yes, I know SMTP can be hardened but I wanted to expose my viewers to the core issues.

Once an email is sent, it is accessible to anyone with access to the server where it is eventually delivered (or even the network, for that matter).

Email security is best addressed from an end-to-end perspective using public-key crypto.

TIP: You can expand the video below to “full screen” mode by clicking the >< icon in the lower right hand area (to the left of the Vimeo logo)

So go ahead and send me a email if you’d like. Just make sure you use my public key. If you would like to start using digital cryptography with your email but are not sure where to begin, you can start here.

Tags: , ,
Posted in Uncategorized | 3 Comments »

3 Comments

  1. Adam Kosmin says:

    This article provides yet another example of why end-to-end public-key cryptography is so important.

    http://www.infowars.com/isps-removing-their-customers-email-encryption/

    What is important to understand here is that the encryption strategy described in the article is not truely end-to-end to begin with. It only covers the connection between a user’s email client and the ISP’s mail server. From there, the data (your email) still has a bit of a journey to take before it ends up in the intended INBOX of the person you are communicating with. All in all, it would be best to combine both strategies whenever possible. In other words, your mail client should always attempt to use an encrypted connection when communicating with your ISP’s mail server and your actual email messages should always be digitally signed and/or encrypted when appropriate.

  2. Adam Kosmin says:

    Another great introduction to PGP can be found on http://robots.thoughtbot.com/pgp-and-you

  3. garry says:

    Providing security to the emails data and the other things is very important to maintain the confidentiality.

Leave a Reply