End-To-End Encryption & Email Security

Is E2EE the armour email needs?

It’s tempting to assume that any information sent via email will only be read by the people we list as recipients, but this isn’t always the case. As the Wikileaks and phone-hacking sagas have demonstrated, private messages can be hacked into and read by third parties with disconcerting ease. Fully securing your emails involves more than simply careful password selection, or taking care not to inadvertently download spyware onto your laptop.

When an email is sent it travels through a number of nodes en route to its destination. These include the simple mail transfer protocol (SMTP) server on the sender’s device; the internet itself; a mail server hosted by the recipient’s email provider and finally the recipient’s computer or mobile device. Each of these platforms has its own vulnerabilities, presenting opportunities for spyware or hackers to intercept email content. The messages themselves are typically subdivided into header and footer files that surround the main payload data during sending, and these packet components are frequently sent down different routes to avoid data congestion, which further increases the risk that one packet could be intercepted along its journey.

To counteract this, a method of data transfer known as end-to-end encryption has been developed. Often abbreviated to E2EE, it ensures uninterrupted data protection during email transfer. Sender and recipient devices encrypt and decrypt all the data in a single stream, thus preventing ISPs or other third parties from being able to see any contents. Recipients can be confident that the email was sent by the person claiming to have sent it, and also that the data contained therein hasn’t been tampered with in any way. These processes are known as ‘message authentication’ and ‘integrity checking’, respectively.

To date, a number of end-to-end encryption solutions have entered the market. While established tools like Pretty Good Privacy (PGP) are highly technical, more recent packages offer straightforward encryption that doesn’t require a computing degree! Symantec’s Desktop Email Encryption encrypts email before it reaches gateways or mail servers for additional reassurance, while Cobweb’s Advanced Email Encryption provides detailed tracking information for each message sent. Like other E2EE packages, both are compatible with programs like Outlook and Office 365 as well as cloud-hosted email accounts.

However, it’s Gmail that appears to be pioneering end-to-end encryption as a  mainstream tool. In a blog post last June, Google announced an E2EE tool of its own for Chrome users. By last December, End-to-End was moved to GitHub so that developers could identify any flaws. In a rare example of rivals cooperating for the greater good of their customers, Yahoo is also collaborating  to the End-to-End project; meaning the finished extension will also be available for use by other web-based email providers.

End-to-End’s development is still ongoing at the time of writing, but it’s believed that Google will automatically register keys (unique identities) for individual usernames or email addresses. This should ensure that emails will be fully encrypted when they’re sent to another End-to-End user, without either party needing to understand the science behind crypto-associations or key management messages.

Being able to send secure encrypted emails doesn’t appear to be a high priority among the general public, largely because of the mundanity of the vast majority of email traffic. However as society becomes more digital and the confidentiality of information being emailed increases, demand for E2EE will grow steadily. In business, the digitisation of office and B2B communications has led to a vast amount of sensitive information being shared and discussed via email. That is why all businesses provide staff members with a ‘work’ email account, and are gradually introducing email policies. As these email addresses and the data they transfer are hosted on your server, the risk of internal communications being breached is isolated to the security of your hardware and its location.

When you register a domain name with UK2, we get you started by providing you with free email addresses as standard.