I admit that I have sent several emails that if they would have gotten into the wrong hands could have caused me or someone else a lot of trouble. We have all heard that sending email was insecure, but why? I am going to address some of the insecurity problems in this post and several subsequent blog post.
The first important fact to know is that email in its native format is sent in plain text. Plain text or clear text is exactly that, plain and clear. Anyone can view it or read it using simple text readers. There is no decryption software needed or passwords that protect it. For most computer users plain text email comes as no surprise. But what may come as a surprise is that your plain text email messages resides on thousands of ISP’s outgoing mail servers or SMTP servers around the country and even around the world.
Think about it this way. If you mail a letter from your house to a utility company it doesn’t go directly from my mailbox to theirs. No, it goes from my mailbox to the mailman, to my post office, to a plane to another post office and to another mailman. There could be 10 different people that handle my mail before it actually arrives at its location. That is if it ever arrives at it’s location.
Email is no different. Even if you are emailing a person that is directly across the street from your physical location your email passes through several mail servers before it arrives in their inbox.
I ran a simple Trace Route from my mail server to mail.yahoo.com and it passed through 13 different mail servers before it was delivered. That means 13 companies that I do not know have access to a plain text message that might have my account, credit card or social security number in it.
We will talk about some simple ways to mitigate these risk in a later post. More to come.