3

In spite of much searching on the internet, I can't really get an adequate understanding of this topic, perhaps because it combines multiple elements. As a result, I'm really worried about the state of my e-mail security.

The website/mail server is hosted on a shared Apache server. E-mail is POP3 and secured only by password. I access my e-mails through Thunderbird, which first time round warned me that I have an insecure mail server and that e-mails sent are wide open to prying eyes etc.

The question is: Can I do anything or should I avoid using that e-mail address?

How does encryption (e.g. via Enigmail) work? Will it protect me in this set-up? Does it only work if the recipient also has encryption software?

It strikes me that there are perhaps two different but related concerns: 1. Security of the shared hosting mail server. 2. Security of e-mails sent via the mail server. While I should surely be concerned about number 1, my main priority right now is number 2.

AviD
  • 72,138
  • 22
  • 136
  • 218
John Smith
  • 31
  • 2

3 Answers3

1

Assuming the server supports SSL/TLS (i.e. it has a valid certificate), it is possible to protect the email communications between the server and the user with SSL/TLS. This is especially important for the password - without this the password will be sent in the clear. But that won't protect the email communication between your server and other servers (assuming you send emails to other people that don't use the same server you use) or between the other servers and their users. For more details see Can I expect my e-mail to be routed securely?.

For this you need some form of email encryption. For email encryption to work both the sender and the receivers of the email must use compatible email encryption software and must share public keys. I believe Enigmail is OpenPGP compatible and should be compatible with any other OpenPGP compatible software.

As you note another concern is the security of the emails at rest - i.e. on the server. This is a greater risk in that an attacker who breaches the server will have access to all emails that are on the server including historical emails. An attacker who can read the communications between a user and the server can only read current emails. For the same reason it is most critical to protect the password than to protect the emails in transit - an attacker with the password can read all of your emails, including your future emails. Details on how to protect an Apache server can be found here.

For a great analysis and recommendations on how to secure emails, please see the NIST Guidelines on Electronic Mail Security.

Community
  • 1
David Wachtfogel
  • 5,512
  • 21
  • 35
1

There appears to be two security issues in your post. The first is the security of your connection to the web server i.e. the security of your password/credentials. The second is the security of messages you send.

I suspect the warning you saw from thunderbird was about your credential security. If your POP and/or SMTP server require passwords and they are not using SSL/TLS, then those passwords are being sent to the server in clear text and could potentially be intercepted by someone else, giving them your password. If your service provider is unable to provide encrypted channels, I would change service provider. There are plenty out there which do. If you must use that provider, I would make sure that the password you use is unique to that service and not one you also use for other services.

The second issue concerning the security of the messages you send - bottom line, email is inherently insecure. You can encrypt your messages, but then people you send mail to must have the software to decrypt it and must have your decryption key (i.e. public key). Encryption of mail messages is supported by many mail clients these days and much easier than it use to be, but it requires additional effort for both the sender and recipient. You need to manage private and public keys and your recipients must be prepared to and able to retrieve your public keys and have a setup configured to use them.

There are no absolutes here. You need to consider both the risks and convenience aspects of email. What is the value of your messages to others and how difficult do you need to make it for unauthorised people to see your message so that the cost of doing so exceeds the value such action would bring. Encrypting your birthday greeting to your grandmother is probably overkill. There is unlikely to be any real value for anyone else and the inconvenience to her will likely be greater than the value of your message (not to imply she doesn't value your birthday wishes of course!). On the other hand, the email you sent to your accountant containing all your banking details has a lot more potential value to an unauthorised reader, so encryption would probably make more sense. Likewise, your accountat is also more likely to have support for accessing encrypted messages if this is their preferred means of communication (though I would personally still prefer a more secure channel for providing such information).

Tim

Tim X
  • 3,242
  • 13
  • 13
0

First let me say, there is some truth in both answers from Tim X and David Wachtvogel. I'd still like to correct some of the statements of both of them.

First, the impact

Usually on a POP3 server, the messages are deleted after you download them. If a hacker would get your password he cannot get past messages. This is sometimes configurable, but by default it should still delete messages when your clients downloads them.

IMAP on the other side is designed to keep your messages on the email server, so you can download it from multiple clients, or re-download it, if your local client is lost (for example you deleted your email account).

The email provider can most often read your email password in plaintext regardless of how you protect yourself, so you should always use a dedicated password (only used for ONE provider).

In essence there are three things that could protect your email and one of them would protect your password.

Let's start from the bottom.

1. The storage

If your email is hosted on a 'shared server' it is usually accessible without any hurdles by whoever has access to that server. This includes a technician of your hosting provider, who has access to the physical device, a hacker, who has access to your operating system as well as any user that has access to your credentials. As mentioned above, in the case of POP3 this is usually limited to "new" mail, but in the case of IMAP, it is not limited at all.

Usually you cannot do anything against this type of attack, but also usually big providers can be trusted to not look into your emails, as long as no government agency is involved. Some exception apply as some providers (google, microsoft, possibly others) do automated analysis on the contents of your email to present ads to you. This can only be prevented by point 3.

2. The transport

The second part to protect is if you sent an email to your provider or receive an email from them. This usually uses TLS/SSL protections (the same as with secure websites, starting with 'https://'). An attacker cannot read what is inside the emails. An attacker can also not read what is inside your authentication. This is the only way to keep people from stealing your password. Still, the Email-provider could log your password in most cases. This will keep your emails and your password secure from 3rd party people listening in on your connection.

If the sender and recipient of the message are on the same provider and you would trust the provider, it would be considered relatively secure. This most often applies to company mail servers, for sending emails between your colleagues.

As Tim X mentioned, the warning may be because your mail provider may not support encryption, your client may not support (that) encryption OR

the certificate used by your mail provider may not be trusted by your client. This may sound dangerous, but actually in most of the cases it is not. If the certificate is issued by an authority your client does not trust, it would still be secure, as long as the certificate is correct. There are multiple ways to confirm it, but in general it is pretty rare that somebody would intercept your connection, just as you are setting it up for the first time.

3. The Encryption

If you really want to be sure that only the desired recipient of the message should be able to read it, you should be using any form of email encryption (and maybe signing). This way, you can be sure only one person is allowed to read your email and nothing in between can disturb this. You might need some additional program or plug-in, though. There's currently S/MIME and PGP available and what to use primarily depends on your peers and your needs. Both should deliver a sufficient level of cryptography.

The biggest drawback: Both parties need to use the same solution. In advance. In contrast to what Tim X said, the people you send to must not have your public key, but you will have to have THEIR public key at the time you write the message. You will encrypt it with their public key, so they can only decrypt it with THEIR secret private key. This is called end-to-end encryption and is the most secure of it all.

4. Bonus

If you do not use end-to-end encryption as explained in point 3, your email is only secured as you send it to your own mail provider. If the recipient is on another provider (say, you send an email from yahoo to hotmail/bing), there is a big possibility that the transfer in-between the two providers is unencrypted. In this example, yahoo will receive your email encrypted from you, maybe store it safely, but then open a channel to hotmail and forward the unencrypted text. The only chance to mitigate against this is to use end-to-end encryption as in point 3. It should be noted though, that more and more providers today start to use encrypted connections even between servers, but this is not yet mandatory.

Conclusion

  • If you want to send birthday greetings to your grandma: Use at least point 2, so your password is not stolen. This especially applies if you sometimes send emails from public hotspots. The Wifi is not encrypted and if your email connection is not, everybody can read your password and your email.

  • If you want to send confidential data to a friend: Use at least points 2 and maybe 4 to have very few attack vectors.

  • If you want to protect against the government spying on you, use at least point 2 and 4 (or 3 alternatively).

  • If you're paranoid use point 2, 3 and 4

To mitigate the impact of 1, either choose a good hosting provider or host yourself on a root server with hard disk encryption enabled.

Community
  • 1
Spacy
  • 336
  • 1
  • 4