Secure vs. Unsecured Emailby Edward Mercer
Like other forms of information technology, email is vulnerable to attacks such as account hacking and information interception. Especially in the case of sensitive email information like work documents, private messages and financial transaction confirmations, these threats can result in identity theft, privacy loss and even financial losses. While no amount of security measures can make online information 100 percent safe, secure email clients are designed to minimize these threats, and differ from unsecured clients in several important ways.
Process and Threats
Understanding email vulnerability requires understanding how email works. Both secure and unsecured email clients operate in essentially the same way, relaying information between servers using a protocol known as Simple Mail Transfer Protocol, or SMTP. Your message is not sent directly to the recipient, but rather is stored on a variety of servers on its way to the destination -- just like a letter making its way through regional and local post offices. Secure email operates by providing protection at each point in this process, while unsecured email clients simply relay information without any protection in transit or on storing servers.
When you enter your username and password into an email client, your login information is transferred to the client server, usually through IMAP or POP protocols. These protocols are not encrypted, meaning that -- in an unsecured service -- third parties can intercept this information and use it to enter your account. Secure email connections encrypt data from your computer to the email client's server, affecting both your login details and any message you type on your computer to be sent through your webmail connection.
Data Encryption and SSL
The most common form of data encryption is the Secure Sockets Layer protocol. This technology asks that both the sending computer and server identify themselves and exchange an encryption key that allows both to decipher encrypted information. Information is then encrypted, making it illegible to third parties that do not have access to the key. SSL encryption is used in secure email clients to protect data in transit, including your login details and any message sent between computers and servers. You can tell if you're using a secure connection on a webmail server if you see an "https" instead of an "http" in the Web address on your browser.
While security protocols like SSL are used to protect data in transit, server security measures like firewalls and regular malware screens are used by secure email clients to protect your emails while they are stored on any of the servers involved in the relay process. Like any server, email servers are vulnerable to hacking, and these measures help keep unauthorized third parties from reading your emails. These protections are especially important because email information is seldom encrypted while housed on a server, meaning that any user that gains access to the server could read private email messages.
- Jupiterimages/Polka Dot/Getty Images