9.1. Understanding Email Security
To understand how to send and receive email securely, you should know a bit about the ordinary, insecure methods of exchanging email. As I outline the typical path a message takes on its way from sender to recipient, notice the many points at which your data is effectively out in the open.
Suppose Pat composes a message to send to Sandy. For starters, there's a copy of the message somewhere on Pat's computer, and although it may be stored in any of several different formats, it's essentially cleartext that anyone who looks in the right place could read.
When Pat clicks Send, his email program contacts an SMTP (Simple Mail Transfer Protocol) server where he has an account (such as one run by his ISP, his employer, or another email provider). In most cases, the SMTP server asks Pat's email program for his username and password to make sure he has permission to send messages, and those credentials may be sent over the network in cleartext. Once Pat has been authenticated, his email program transmits the message, again in cleartext, to his SMTP server.
Now the message is sitting on Pat's SMTP server, and it may stay there for as little as a fraction of a second or as long as several days. During the time it's there, anyone with access to the SMTP server could read Pat's message, and if the server is automatically backed up (as it likely is), one or more copies of Pat's message could be kept indefinitely.
Pat's SMTP server next tries to contact Sandy's ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
