Emails have been around about as long as the internet. Simple text messages sent back and forth via online platforms helped shape the internet when it was still emerging and continues to serve as the backbone of the worldwide web today.
Despite its age, this ubiquitous platform hasn’t changed much over the years. It still relies on email addresses and simple text formats. Senders still sign off on their messages as if they’re letters. In some ways, these messages are even worse than the handcrafted letters of yore. They’re less secure and easily intercepted.
Emails are unsecured by design. Complex hacking tools have far outpaced the security systems built into mainstream email platforms. Yet billions of emails containing vital information are sent across the lines everyday. Users send tax returns, new login details, job applications, password reset information, and medical records via emails.
Almost all these messages are easily intercepted. Even Google admits emails are insecure, saying 40 to 50 percent of all emails are unsecured. Considering there are over 38 trillion emails sent across each year, this is a major security concern.
In fact, the security standard that governs online emails, Simple Mail Transfer Protocol (SMTP), has no built in security features at all. This means the default state of all email services is unencrypted and open to attack, putting crucial information at risk.
The Journey of an unencrypted email
According to some experts, unencrypted emails are vulnerable to attack at every stage from sender to receiver.
The journey of an unencrypted email is not as straightforward as most people would expect. Emails tend to bounce around multiple points on their way from point A to point B.
- When an email is sent, the text may or may not be encrypted at the source, depending on the email service provider.
- Even if the email is encrypted, mail service providers do not encrypt the data they receive on their servers. This is the first point of vulnerability.
- Senders have no visibility on what happens to their message after their email service provider sends the message to another service provider. This is the second leg of the journey where the email could be compromised.
- If the recipient’s email provider is unencrypted, most mainstream email providers will send the message across as plain text, compromising data security.
However, the most vulnerable leg of the journey of an unsecured email is at the receiver’s end. The final destination is where most emails are compromised, according to security experts.
It’s clear that the journey an email goes through, from the first draft to the final recipient is different based on the level of encryption. While un-encrypted messages are vulnerable at every step of the way, encryption from the client’s side could secure the email. Email providers who assure end-to-end encryption and secured datacenters can protect private communications.