• 10
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

e-mail encryption during transfer

for the sake of simplicity i want to visualize the dangers of sending an unencrypted e-mail. I'm just not sure WHO can read unencrypted e-mails.

Lets say i'm using Office365 as mail provider and i send an e-mail using my local Outlook client. The mail is send and received using Office365 mailserver and both sender and receiver use an third party spam filter solution.

Now i would suspect that the mail goes through the following hubs:

Sender

  1. Local mail client to ISP
  2. ISP to Office365
  3. Office365 to ISP (spamfilter)
  4. ISP to spamfilter (sender)
  5. Spamfilter to ISP (ISP spamfilter receiver)

Receiver

  1. ISP to spamfilter (receiver)
  2. Spamfilter to ISP (office365)
  3. Office365 to ISP (receiver)
  4. ISP to local mail client

According to my knowledge the network traffic between all these hosts is encrypted by TLS. This would mean an ISP could only decrypt the mail send from Office365 to the spamfilter (step 3 and 4) if they intercept the certificates using MITM techniques.

if i'm right the only external parties in this mail during transfer who would be able the read the content of the mail would be mail- and spamfilter providers due to the nature of their service, right?

Since the emails are not encrypted, they can also be read by intruders that have been able to break into one of the servers that store the transmitted emails. This is at least the ISP.

I personally believe this to be the more probable threat, because if someone wants to find out about the communication of a person or company, breaking into their email server would be the most efficient attack, leading to access to all their email.

This scenario requires the email to be stored on the server. However, this is the usual way (IMAP) to do it nowadays to satisfy the requirement to have access from multiple devices.

Of course, it‘s also possible to break into the client. Unencrypted email can then be read very easily, while encrypted email requires the intruder to also gain access to the private key which is another barrier.

  • 0
Reply Report

Trending Tags