Secure Email & How-Tos

By | May 16, 2018

What I consider to be the largest myth of all in the area of Internet communications is that people believe an email is secure.

Sending an email is similar to talking in a crowded room.  You see, unless your email is encrypted, then it can be intercepted and read by just about anyone in the know.

Emails are sent in clear text through out the ethernet.  Once it leaves your computer it is out there.  There are programs called "sniffers" that will "listen" to the traffic and can reassemble TCP/IP packets (that's the little "bits" that make up your email) into a human legible format.

How do we secure our email?

The answer to this question depends on the product you use to check your email:

If you use Microsoft Outlook see this guide:  Encrypt email messages. For Mozilla Thunderbird see here:  Digitally Signing and Encrypting Messages. Linux.com has How to Enable PGP Encryption in Evolution. Even the web-based client of Gmail have the ability to send secure email.

Sadly, I could not find a method of encrypting emails using office.com or yahoo.com.  It doesn't mean there aren't ways of sending encrypting emails.  It just means if you are using these services, then you will have increased difficulty in sending and receiving encrypted emails.

How does sending and receiving encrypted emails work?

One common method of encrypting emails is by using the Public/Private key pair.  This is a method created by Phillip Zimmerman back in the 90s and has been in use and improved upon by those in the know for the almost 3 decades.  I am amazed that after 3 decades, encrypted emails are still not the norm.

One of the problems with encrypted emails is that you must have the "Public" key of the person that you are sending the email to, and they must have yours.  I commonly send my "Public Key" in my signature on my emails.  This can be collected and then the other person, or people can use your "Public Key" combine it with their "Private Key" and then send you and email that only you and/or he/she can decrypt and read.  This work eventually became know as PGP -- Pretty Good Privacy.  The stronger the encryption key, the better.  Nowadays, it is possible for a private citizen to encrypt their emails with military-grade encryption.

I find that pretty incredible.  What's crazy is that the cost of setting up encryption and sending encrypted emails is $0.  Yes, it is free.  The greatest method of securing our information and it is free.  Stop and think about all the photos, addresses and personal information that you have sent out into cyberspace.  All that was free for the taking and you could have made it impossible for anyone to read for free.

In my very humble opinion, encrypting emails should be the default behavior of anyone that is using email.  However, I know of one person that will exchange encrypted emails with me.  I can't say that many emails are encrypted anywhere other than the military and research facilities.

This is the biggest contradiction of all in Internet Security practices.  We complain about people stealing our identities.  However, we are giving it away for free every time we send an email that is not encrypted.

Here's the list of the "How-tos" from above.  Enjoy your reading.

Thanks for reading,

Jay C. "Jazzy_J" Theriot