email-not-secret-therefore-4

E-mail privacy, without some security precautions, can be compromised because:

• e-mail messages are generally not encrypted;
• e-mail messages have to go through intermediate computers before
  reaching their destination, meaning it is relatively easy for others to
  intercept and read messages;
• many Internet Service Providers (ISP) store copies of your e-mail
  messages on their mail servers before they are delivered. The backups
  of these can remain up to several months on their server, even if you
  delete them in your mailbox;
• the Received: headers and other information in the e-mail can often identify the sender, preventing anonymous communication.

There are cryptography applications that can serve as a remedy to one or more of the above. For example, Virtual Private Networks or the Tor anonymity network can be used to encrypt traffic from the user machine to a safer network while GPG, PGP, or S/MIME can be used for end-to-end message encryption, and SMTP STARTTLS or SMTP over Transport Layer Security/Secure Sockets Layer can be used to encrypt communications for a single mail hop between the SMTP client and the SMTP server.

Additionally, many mail user agents do not protect logins and passwords, making them easy to intercept by an attacker. Encrypted authentication schemes such as SASL prevent this.

Finally, attached files share many of the same hazards as those found in peer-to-peer filesharing. Attached files may contain trojans or viruses.
On Fast Track
with
Dr. Ashok Koparday