In a word, no -
an email message has always been nothing more than a
simple text message sent unencrypted to a recipient we
choose. So all the email that we so blithely send all
over the Internet everyday is neither private nor
secure. Every birthday greeting or Dear John email,
every complaint, rant or verbal purge we may have sent
to our employers, credit companies, congressman or
customer service rep is subject to delivery errors or
outright interception.
How can this be? To answer that
we need to understand how email works. For the vast
majority of email users today, the email system they use
consists of two servers providing incoming and outgoing
services, SMTP and POP3.
The SMTP (Simple Mail Transfer
Protocol) server handles the outgoing email. SMTP was
designed years ago when plain ascii text was all there
was to send via email. So, when you push the
"Send" button in your email client, the SMTP
server at your ISP (Internet Service Provider) connects
with the incoming POP3 (Post Office Protocol ver. 3)
server where you are sending the email. The servers have
a short "chat" verifying that the email
address you are trying to send to exists on the incoming
POP3 server. Then the SMTP server passes the message to
the POP3 server and the POP3 server puts the message
into the recipient's email box. At no time during the
process is your email encrypted to protect your privacy.
The message could be intercepted at anytime during the
process and read by anyone.
On occasion, email sent to you
or by you may even be delivered to the wrong inbox and
your private message is no longer private. a single
misdirected message could expose you to all kinds of
trouble depending upon it's content.
Well, no one wants to read your
email right? Wrong! Have you ever heard of Carnivore?
That's a system that the FBI uses to harvest all email
traffic going through a network. How does this affect
you? When the FBI hooks Carnivore up to your ISP's
network because they suspect someone of dealing drugs or
some other crime, Carnivore will filter through ALL
email looking for keywords that relate to the crime in
question. And because the search has to be intentionally
vague, you may be sending a request for information
about a prescription drug you take and Carnivore will
harvest your email to be read by a human agent.
Suddenly, the drugs you're taking are now public
knowledge. Spammers have also been known to harvest
email addresses via captured emails.
OK - so now that you know the
problem, what should you do about securing your privacy?
It was hinted at earlier on... encryption! Learn how to
use PGP (Pretty Good Privacy) to encrypt your email.
PGP uses a Public/Private key
method to encrypt email. First you create a
"Public" key. This is the key that others will
use to encrypt email sent to you. Send this key to
everyone you want to receive encrypted email from. Then
you create a "Private" key. This is the key
you use to decrypt any encrypted email sent to you.
Safeguard this key well. It is the only thing that can
decrypt your messages. If you tell someone what it is or
loose it, your privacy is again compromised.
For more information on PGP and
a free download visit: http://www.pgpi.org.
Next Time: Incorporating PGP into your email...
Keywords: PGP,
privacy, SMTP, POP3, email, spam
About the
Author
Michael Ameye, http://www.canyourspam.com
Michael Ameye has been developing web sites since 1995.
He started writing about online privacy issues to answer
questions from family friends and co-workers. Visit
http://www.canyourspam.com to see his latest work or
sign up for PSS Online - a privacy, safety, and security
ezine.
