To say that an email is generally insecure is clearly an understatement because of the number of proven threats and invasive practices that have transpired mainly due to violation of its original intent. Email messages have their intended recipients and when some other party gets to eavesdrop, certain risks arise. These include identity theft, invasion of privacy, modification of messages, false messages, repudiation, replay of messages, and unprotected back-ups.
An email is sent through the “Simple Mail Transport Protocol” or SMTP. It uses the “Hyper Text Transfer Protocol” or HTTP language to send a message through the SMTP server in order to reach the recipient. When the recipient’s actual SMTP server cannot be contacted, the sender’s server will try to contact back-up servers when available. It will try to contact the intended recipient’s server for a number of days before it finally gives up. The message becomes available for reading once it is received by the recipient’s server. The amount of time wherein an email message travels from the sender to the recipient varies depending on the servers’ traffic load.
The travel time of an email is the most critical phase of the process in terms of exposure to risks. Potential risks can be lessened through the use of encryption. One way is through symmetric encryption wherein the sender and recipient share a secret key. Plain text is converted into cyphertext which would appear meaningless to anyone who does not have the secret key. The message needs to be decrypted before it is understood. Asymmetric encryption requires the use of a private and public key. The private key is expected to be kept secret by its holder for the asymmetric encryption to retain its security. Most email messages are made more secure through the Secure Socket Layer (SSL).