Email: A Security and Privacy Disaster

Monday , 2, September 2019

The Simple Mail Transfer Protocol (SMTP) has survived to this day due to widespread use, enabling us to send email messages quickly to people all over the planet. Yet email remains a sore spot for privacy advocates and a nightmare for security professionals. Email was the first real application on the Internet, and remained the most popular app even after the web became popular in the 1990s.

In the 1970s when the Internet was still being developed, people read and sent email by logging in to a central computer on a console and used a text-based email program. This basic technique of sending text messages and reading them using simple email programs continued to be the primary method of communicating online through the 1990s. But now, with yearly email messages sent somewhere on the order of one hundred trillion , it has grown into an unrecognizable beast.

When an email message is sent from A to B it often passes through multiple email servers and may be stored by each. The sender passes the message to a mail server that tries to route the message to another mail server on which the recipient has an account. This might involve other intermediary mail servers and all of these servers receive the message, and can choose to store a copy. This is obviously not the best scenario for protecting privacy.

Storage space was limited for most of the 20th century, so most people ran email clients on their computers that downloaded copies of new messages and typically deleted them from the server. This method of downloading all new messages is called POP3, and it allowed accounts to be 1MB or less in storage while letting users keep and organize all messages forever on their personal computers.

The rise of desktop email clients gave rise to larger, email clients like Microsoft Outlook, which was integrated with other services like calendaring and scheduling that were valuable to enterprise users in particular. These local email clients also made Internet Message AccessProtocol (IMAP) popular, as people organized email on the server, synchronized the email on their home computers and began to access it with multiple devices.


There are a wide variety of email providers to choose from these days, including many free services. There was a time when most people used email accounts from their work, or used free but very limited email accounts. Very few people had their own domains and used a custom email address, or paid for relatively expensive, small storage email accounts.

Along came Gmail on April Fools Day in 2004 and completely changed the email landscape, offering orders of magnitude more storage space for free, and a new web-based user interface that allowed effective searching through messages instead of using folders to organize it. Many people started using it, and still use it today as their primary email account. But there was a catch – Google parsed the email messages to figure out what the users were interested in, in order to sell advertisers the opportunity to display targeted ads.

Gmail today accounts for over one quarter of all email clients in use as measured by Litmus, a firm that tracks email usage rates. They show mobile email client usage at slightly less than half, with webmail share now around 36%. Desktop email clients have remained steady at around 17% market share.

Similar free web-based email accounts were soon offered by Yahoo and others, and they employed the same strategy of reading email messages in order to serve more relevant ads. The privacy concern here is not simply that Google and others are storing the contents of your email messages, although that is taking place.

The real concern is that Google, in the case of Gmail, is building a highly detailed profile of you based on your communications. This profile includes who you communicate with, when, and about what topics. It includes your interests, and by inference your lifestyle, occupation, educational levels,income, political affiliation and much more. This data is collected and analyzed regardless of whether you are using the “free” webmail service or the other party is.

This extremely detailed profile data is shared with marketing partners, shared with government, and sold in obscured formats to advertising networks and data brokers. Your personal information is the main product in a corporate business strategy. It is for this reason we recommend avoiding free webmail services.

Winning Strategies

There are no shortage of things to frown about about email from a security perspective, but in terms of privacy concerns, a few key things are worth mentioning.

Avoiding passing message through other people’s mail servers is very difficult to avoid. Using alternatives to SMTP (email) is one way to avoid having your communications read by multiple parties. There are open source tools like Bitmessage that can be used instead to send encrypted messages back and forth. Secure Instant Messaging (IM) clients like Signal and Wire provide an easy way to communicate over an encrypted channel using text messages, voice or video. We strongly recommend the use of these services because the people you communicate with can easily use these IM clients.

Having said that, it’s important to note that encryption works, and prevents any potential eavesdropper from reading your messages. Asymmetric cryptography enables two parties to communicate privately by using public and private keys. If you encrypt a message using the recipient’s public key, only they will be able to decrypt and read the message.

This method will enable your conversations to remain private, and can be used safely with webmail. Simply encrypt the message first, then paste it into the message form field and send. The obvious downside to this approach is that it requires both parties to learn how to encrypt messages, and this is often an obstacle. It has other advantages as well, including non-repudiation: the ability to sign the message using your private key that allows the recipient to verify (using your public key) that you were definitely the person who sent the message.

Another technique that also allows you to take advantage of public key cryptography is to use a local desktop email client to send and receive encrypted messages. Thunderbird, for example, is an open source email client from Mozilla that has a plugin called Enigmail to let you easily encrypt messages and manage keys from within the email program.

Mitigating Strategies

If using secure IM clients or encryption are not possible with some of the people you communicate with, one way to reduce the sheer number of 3rd parties reading your messages is to use a domain you control. Pay to get a domain name, and pay a hosting provider so you can use that domain for email. Setup your email program (if you’re not using webmail) to use this mail server for all incoming and outgoing email messages. Unless the recipient is also using an email account on this domain messages will still be forwarded by at least one mail server, but it reduces the number of machines that can read your email.

Use disposable email addresses or email forwarding services for unencrypted email communication. Using the same email address in many places has some distinct privacy and security disadvantages. When databases of popular services get compromised, having used the same email address means a profile can easily be assembled from the various breach data sources.

Many badly behaved smartphone apps, and many attacks on desktop email clients like Outlook aim to harvest a user’s contacts. If an Outlook user had a forwarding address, or throwaway email address for you it is easily discarded, removing the ability to build a social graph that includes a primary email address of yours.

Outlook is particularly troublesome from a security and privacy perspective not because it acts like other locally run email programs – downloadingemail messages and avoiding the parsing of said messages by a web- based mail provider. Remember this can only prevent these third parties from reading the messages if it is encrypted. A concern with Outlook is that being a Microsoft product, it is often exploited because it has the ability to execute VB script, which has often been cited as a security risk.