Can I expect my e-mail to be routed securely?

Question

If I connect to my e-mail server via SSL (SMTP/SSL) and the recipient also only checks his e-mail via SSL (web/https or IMAP/SSL), does this - generally speaking - increase the security for the message content in any way?

That is, will the communication between my providers e-mail server and the recipients e-mail server be "secure"(*), or will the e-mail be delivered plain text between the servers?

_{(*) Secure in the context of: encrypted throughout it's transit. Not secure in the sense that I'd put any really sensitive info in there.}

Answer 1

The SMTP servers may (probably will) still transfer the email as plain text. Sometimes SSL is used, but you cannot count on this being the case unless you specifically know the configuration of the specific servers on both ends. This means that in your scenario, an adversary capable of monitoring Internet backbone traffic could intercept the email. (Generally adversaries with this level of capability are state actors.)

SSL is still important on both ends to protect account credentials, and it will protect you against adversaries monitoring the traffic on your local network. Many attacks are going to be at this level - someone on the same wireless network as you, for instance, or who has compromised a local server on your LAN. However, SSL will do nothing to protect you against a compromised SMTP server. Message-level encryption is required if you want to avoid any transmission of the message in plaintext, and importantly means that the message will not be stored in plaintext on either server. For non-state adversaries this is the biggest attack vector - just compromise the SMTP server on either end and you can read all the plaintext mail even if every transmission along the way used SSL.

S/MIME and PGP (GnuPG) are the two standards for doing this. Even then, the message envelope will be visible. You cannot prevent an adversary who can sniff the traffic between the SMTP servers from reading the envelope, so they would know things such as the to, from, and subject line.

To directly answer your question, both parties using SSL to send and retrieve their email does improve your security - and it improves your security versus non-state adversaries a lot - but to secure the message content as much as possible you should use message-level encryption to fully encrypt the message body, and accept that the email headers will still be transmitted in the clear. An adversary capable of seeing the traffic between the SMTP servers would still be able to tell who you were emailing and what the subject line was - there's no way around that besides "don't use email" - but they would not be able to read the body of the message.

Answer 2

Also, bear in mind that as email is store-and-forward even if the network link is encrypted in some way, each server in the delivery chain could potentially have stored a copy of the message which would potentially be readable to an administrator. Whether this is likely or not depends entirely on who manages those servers... it might be a small risk in some cases and a huge one in others

Answer 3

The secure connection on both ends just confirm secure transitions on network channel between User's end and the Mail Server connected to.

End-to-End security also involves security practices adopted by organization for their internal channel.

What I'd suggest is to confirm your mail-level security start using GnuPG or similar utility, where you can send an encrypted mail to user's using their Public Key.

Similar Usage Help Link: https://web.archive.org/web/20120618011126/http://people.via.ecp.fr/~clem/nist/gpg-enigmail-howto

~~~~~

If your concern is just the integrity of your e-mail content and not the confidentiality, you could just restrain the task to digitally signing the e-mails

Similar Usage Help Link: http://www.cs.washington.edu/lab/services/email/EmailSigningHowTo/