E-mail travels on the web so they are exposed to the intruders. So, privacy of emails may be compromised b/w sender’s and receiver’s side without giving any warning.
In today’s electronic world, E-mails are becoming the backbone of the organization’s daily operation. Since the frequency of Emails usage has increased so the need for Email’s security, therefore organizations will need to invest wisely in any approach and all solutions that guarantee Emails security.
The services provided by the business emailing application, storage and management can be divided into a number of components like Emails flow, Emails storage, how do we exchange public keys, how do we assign trust and how user access the emails. These issues are a part of the total security agenda.
How to secure an email ?
Now-a-days Emails are the most convenient way of communication for all users. E-Mails are public and can be seen by everyone at every point of communication between two users. Hence, because of their exposed nature we can’t write sensitive information in ordinary e-mails. We can differentiate between the regular mails and E-mails as the postal system handles the regular mails and nobody can look inside the letter, this is called by law. We expect high privacy with regular mails but ordinary E-Mails are not private, they are exposed to everyone.
Threats to E-mail:
There are so many threats to electronic-mail such as:
- Message confidentiality
- Message blocked delivery
- Message content and origin modification
- Message content and origin forgery by outsider or recipient.
- Denial of message transmission
- Message interception and subsequent
What are the requirements and the solution for email security??
For protection from data forgery and maintaining the confidentiality, we create a list of requirements and solutions. This list includes all the security and protection requirments for securing any email.
i. Message Integrity
ii. Message Confidentiality
iii. Message Authenticity
iv. Non-repudiation
Malicious e-mails (Spamming, Phishing, Spoofing)
In this electronic world, it is very important for everyone to be familiar with three things i.e. spamming, spoofing, phishing. These three terms seem to denote the same thing but they are different from each other and you should be aware. So let us take a look at their definitions.
Spam
Spam is junk e-mails also known as unsolicited bulk e-mail message or we can say unwanted messages. It is when organizations send the same email to thousands of users, such as a news letter. Mostly we found that spam has also to be compromised of ads for products and services of questionable legality. Spam is annoying but it’s not really dangerous. Sometimes, spam e-mail spamming is combined with the spoofing so it is very difficult to find out the actual originating email address of the sender. Some e-mail systems like outlook express have ability to block the e-mail with specified address. But because of changing email address frequently, it is very difficult to prevent some spam from reaching to your inbox. There are two types of spam:
- Intentional spam: it comes from spammers who are fraud or solicited products.
- Unintentional spam: it originates from computer systems that are infected with the virus. Virus or worms send bulk message from the infected system without the knowledge of the computer owner.
Phishing
Phishing is a type of spam in which sender requests your personal account information (banking data) for the purpose of breaking your account and stealing your data for fraud-ness. Phishers can enhance the credibility by spoofing to convince source address. For example, you receive a false e-mail and this e-mail appears to come from a legitimate company like eBay, Yahoo, government universities etc. messages ask you to update your records by entering your Date of Birth, bank account number and PIN etc. These sites collect your personal data in order to steal your money or identity etc.
You just keep in mind that legitimate companies or organization already have your personal data, so they will never ask you to give all this kind of information. Whenever you think that any e-mail is suspicious then don’t reply or better delete it.
Spoofing
When an email appears like it is coming from a legitimate source while it actually comes from an imposter/ fraud. Basically, it is the forgery of email header so that it seems original. It is done by spammers often and it can be accomplished by changing the “FROM:” mail address.
E-mail spoofing can be executed in different forms but all have same result. Either spreading virus or gain the user confidence to release sensitive information like password, account no. or PIN no. of any account. Mostly email spammers use spoofing so that receiver can get sender’s address or possibly respond.
There is no way of prevention from receiving the spoofed e-mail. If you get message from any source that ask for something personal or confidential information then you want to know if it is really from the person it says it’s from you can look at the Internet Header. It shows that from where the email actually originated.
If your email address is spoofed so that doesn’t mean that spammer or spoofer has access your mailbox.
CONCLUSION
To secure e-mail there are some steps, in short:
- Generate an Identity
- Configure secure e-mail software
- Get public keys for software
- Get public keys for recipients
- Start sending secured messages
There are some tips so that you can save your e-mails:
- First of all, backup your keys
- Trusting on a key after the suitable verification with the owner
- Revoke certificates from time-to-time or revoke PGP keys if compromised
- Always save your sensitive information elsewhere.
Now-a-days, as all of us have taken e-mails granted as the most common way of exchanging information in almost every business and organization, none of us should neglect that the days of pure and safe internet are far away. So, there is no excuse for shortcuts when it comes to security.
