If you want to increase the security attached to your email messaging then there’s several routes you can take. First of all, you should look at digitally signing and encrypting all your email messages. There are several applications that can do this, or you could switch your emails to the cloud and look at a server based email system. Most of the major suppliers of web based secure mail are extremely secure with regards to interception and end point security, however obviously you have to trust your email with a third party.
Many companies won’t be happy with outsourcing their messaging like this as it’s often the most crucial part of a companies digital communications. However what are the options if you want to operate a secure and digitally advanced email messaging service within your corporation? Well the first place to investigate is increasing the security of authentication and data transmission. There are plenty of RFCs (Request for Comments) on these subjects particularly related to emails and their related protocols.
Here’s a few of the RFC based protocols related to Email :
- Post Office Protocol 3 (POP3) – the simple but effective protocol used to retrieve email messages from an inbox on a dedicated email server.
- Internet Message Access Protocol 4 (IMAP4) – this is usually used to retrieve any messages stored on an email server. It includes those stored in inboxes, and other types of message boxes such as drafts, sent items and public folders.
- Simple Mail Transfer Protocol (SMTP) – very popular and ubiquitous email protocol, generally just used to send email messages to recipients.
- Network News Transfer Protocol (NNTP) – Not specifically an email protocol, however can be used as such if required! It’s normally used to post and download newsgroup messages from news servers. Perhaps slightly outdated now, but a seriously efficient protocol that can be used for distributing emails.
The big security issue with all these protocols however is that the majority in default mode send their messages in plain text. You can obviously counteract this by encrypting on a client level, the easiest method is by simply using a VPN. Many people already use VPN to access things like various media channels – read this post about BBC iPlayer VPN which is not exclusively about security more about bypassing region blocks.
However remember when an email message is transmitted in clear text it can be intercepted at various levels. Anyone with a decent network sniffer and access to the data could read the information and message content. The solution is in some ways obvious and implied in the title of this post – implement SSL. Using this extra security layer you can protect all the simple RFC based email protocols, and better still they can slot simply to interact with standard email systems like Exchange.
It works and is easy to implement and also when SSL is implemented the server will accept connections on the SSL sport and not the standard oirt that the email protocol normally uses. If you have only one or two users who need a high level of email security then using a virtual private network might be sufficient. There are many sophisticated services that come with support – for instance this BBC Live VPN is based in Prague and has some high level security experts who work in support.