4

I have an application that would send sensitive data through email to specific users. I have setup a google business account which provides email addresses on my business domain. I will be sending email through Nodejs nodemailer over smtp protocol with TSL. The way I understand it, the data being transferred between my server and gmail server and the data then delivered to the user's email address will be sent through secure encrypted channel. I am mainly worried about the security of data being sent from my server to the gmail server. Will this be secure or should I set up my own email server?

Hassaan
  • 143
  • 4
  • 1
    As long as the configuration requires TLS, the data in transit will be secure. – Neil Smithline Mar 21 '16 at 18:06
  • 3
    Am I correct that you are not concerned about rogue Google employees and law enforcement agencies spying on your data? – Neil Smithline Mar 21 '16 at 18:22
  • Even if you don't concerned, you better start concerned... Any adversary, is an adversary right? – ferit Mar 21 '16 at 18:28
  • 1
    @NeilSmithline The level of blind-faith people put in unelected entities answerable only to their shareholders never ceases to disappoint me. Any company capable of providing targetted advertising is an intelligence agency in my book - much like PayPal is a bank. – Phil Lello Mar 21 '16 at 19:20
  • @NeilSmithline yes I am not concerned with that, all the users to whom the email would be sent will be part of the system and accounts can only be added by trusted admins. My concern is/was only that any man-in-the-middle type attacks or anything that would allow anyone to intercept the email being sent to gmail server through nodemailer would be possible. I am assuming that won't happen using TLS correct? – Hassaan Mar 22 '16 at 07:44
  • @Saibot Google would not in any way benefit from that information, If we were concerned about that we would have set up our own email service from the start. I understand your concerns, but my scenario is not really concerned with that. – Hassaan Mar 22 '16 at 07:51
  • @Hassaan Well, do not assume, if you use TLS correct. Your heart would bleed... https://en.wikipedia.org/wiki/Heartbleed – ferit Mar 22 '16 at 08:14
  • @Saibot wasn't that bug patched up 2 years ago, especially in the case of Gmail since they were among the first people to patch it up? won't that also mean that Gmail would be more secure than setting up my own email server? Note though, my purpose is only sending emails, not receiving them. – Hassaan Mar 22 '16 at 08:33
  • @Hassaan It's patched, but I mean, you can't be sure that there isn't another 0-day, I'm saying just in case. If you set up your e-mail server properly, gmail is not more secure than your server. Plus, you will know that you are the only one who reads your emails. – ferit Mar 22 '16 at 08:37

2 Answers2

2

If you are worried about the confidentiality of the data you're sending:

Use end to end encryption and make it mandatory.

The two (more or less popular) alternatives that will both serve the purpose are

  • S/MIME
  • PGP/GPG

If you are only worried about the transfer to the google servers, as long as you are making sure using SMTP with TLS, the transport way is secure.

Note:

While the end-to-end encryption only encrypts the message body, the message headers (as well as the message, if you are not using end-to-end encryption) are transmitted over the secure connection between the SMTP server and your server, thus only accessable for those parties, as far as your question goes.

Keep in mind that this is only true as long as the user does check his/her mails over a secure connection, which you have no control over.

At a minimum, if you soley rely on SMTP with TLS, all hops of your email must be trusted by you to exclusively use TLS and to respect the privacy of the user.

Those are, at least:

  • Your server,
  • Google,
  • The user's email provider,
    • Potentially many of those, depending on the forwarding the user has configured,
  • The user.

Bottom line being, as you cannot establish that trust:

Make either S/MIME or PGP/GPG mandatory to protect the sensitive user data on transit.

Tobi Nary
  • 14,302
  • 8
  • 43
  • 58
0

You should use end-to-end encryption, if you send sensitive data. And do not use gmail, it is not secure (they don't respect privacy).

I'm currently using an e-mail service from https://www.autistici.org, which is a volunteer organization. You may want to check.

Keep in mind, even if you use end-to-end encryption, you can't encrypt e-mail headers (title, from, to etc.)

And actually there is a new mailing protocol under development, called DarkMail, to create a secure e-mailing protocol. But, not ready yet.

ferit
  • 459
  • 3
  • 13
  • 2
    Can you back up your statement that Google doesn't respect the privacy of its business users' emails? Google [claims otherwise](https://support.google.com/work/answer/6056650). Note that the question is about a business account and not a standard end-user account. – Neil Smithline Mar 21 '16 at 18:04
  • Also, the OP says "I am mainly worried about the security of data being sent from my server to the gmail server.", a point that you didn't address in your answer. – Neil Smithline Mar 21 '16 at 18:07
  • 1
    Yes, I can. But before that, as a principle, any black box system should be considered as violation of privacy. Because you can't confirm "We respect your privacy" claims. – ferit Mar 21 '16 at 18:07
  • @NeilSmithline Best way to deliver a message from somewhere to another , it doesn't make difference if it's a gmail server or not, to encrypt it end-to-end, if you need privacy really(as he said that he is sending sensitive data) – ferit Mar 21 '16 at 18:08
  • @NeilSmithline this is a place to start reading: http://security.stackexchange.com/a/97066/37136 But you can find tons of info about these, if you search the web. No mainstream e-mail service is safe now, and gmail is one of them. – ferit Mar 21 '16 at 18:14
  • Also don't miss Lavabit and Edward Snowden case. – ferit Mar 21 '16 at 18:14
  • 1
    You seem to be arguing for a security model that, at least IMO, isn't required by the OP. I'm willing to assume that nothing's NSA proof and that, without end-to-end encryption, any service (even the one you mention) is subject to warrants. But the OP isn't doesn't seem to have indicated a need to worry about that. – Neil Smithline Mar 21 '16 at 18:17
  • @NeilSmithline I'm not sure about my service, but Lavabit was not able to read e-mails, even if the admin wants to read it. The service doesn't exist now, because of the FBI. Btw, no way for me to recommend a US based mainstream e-mail provider, they are just delivering user data to government. (There is a law for this) – ferit Mar 21 '16 at 18:27