and large business will presumably be the first to make extensive use of electronic
mail, followed by small businesses and private individuals. When this starts to
happen, it will become increasingly desirable to have fast, efficient cyphers
to safeguard information from electronic eavesdroppers.
Martin Gardner; Scientific
American; Mathematical Games; August 1977.
Related information is provided in the sections on Internet
security, remailers, viruses,
and email viruses. This page focuses on the
the security of email: compromise of confidentiality and disclosure of your
messages. The following subsections provide information on email
filtering, web email vulnerabilities, the reaper
exploit, and email encryption.
Filtering. Most countries
have specific legal protections that prevent Governments and individuals from
opening and reading your paper mail. Unfortunately, few countries have yet provided
the same protections for electronic mail, which gives individuals, companies, and the state lots of legal room to read your email.
As a practical matter, your email can
be easily read by people working in your company's or Internet service provider's
computer department, and by the computer services department at the email's destination.
Email can also be read at any of the many routers along the path your
email takes to get to its destination. However, unless you are the subject of
a legal investigation, it is unlikely that anyone will ever actually intercept
and read your email, if only because of the sheer volume -- there are far too
many thousands of emails passing through each email server and Internet router
for anyone to realistically read more than a small fraction of them, even if they
Nevertheless, it is possible that either the source computer,
destination computer, or some intervening router could have a program configured
automatically copy any email that contains certain keywords for later human review.
For example, your company may filter and copy email that contains important
like "Financial" or "Project Venus". The computers at other companies
receiving your email may have
similar filters in place on mail coming into their network from the Internet.
In many countries the laws also
allow police departments to put a filtering computer into Internet Service Provider
network facilities that trap email from or to certain individuals or containing
certain keywords, so that your email might get caught up in one of these vacuums.
is particularly common for companies to monitor email that contains adult content. There
have been many cases of employees being fired for sending email with adult content,
such as adult jokes, when the company specifically had a policy in place against
Web email. There is an unexpected vulnerability
to confidentiality of personal information with some web based email services.
When you click a link on a web page, the HTTP protocol
sends the URL of the current page to
the new page. Therefore, if you access your email through a web based email
service and click on a link in an email, the URL of the current web page is
passed to the new page. This can cause unexpected compromise of personal information
with web email services that put account information in the URL of the web
page, since this information is transmitted to the server of any third party
web page you access through your web email account. This information can include
your email address, login ID, and even your actual name. In most cases the
information can't be used to actually access your web email account, since
most services have implemented password and other protections, but it can reveal
more personal information than is available through other normal web communications.
Some actual examples logged by the LivingInternet server are shown
below, where the identifying portions in bold have been slightly changed to
the innocent. These were captured in 2002, and the sites may be more
If you are concerned about this risk, take a look at your URL when using
web email, and if it has identifying data, then then instead of clicking
on a link in your email, manually
and paste it from the email into your browser's location field, which is
a clean jump with no sending web page to transmit personal data.
Reaper exploit. Email confidentiality can also
be compromised by macro viruses like the reaper
exploit, where the virus waits in the background and sends your reply
or forward of an email back to the hacker, and then travels with your email
to divulge copies of replies or forwards by the recipients back to the hacker
as well. This term is used mainly as an historical reference because it sounds
cool, and less because it is in common current use.
email is the only way to guarantee its confidentiality in transit. The
most widely used method of email encryption is Pretty
Good Privacy which integrates directly with your email application. There
technologies that provide various email delivery security features (historically
including Hushmail.com, Securedelivery.com, Ziplip.com,
The following document provides some historical information on email
2634; P. Hoffman; Enhanced Security Services for