Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Everyone who uses e-mail sometimes wonders how well the transmitted information is protected from prying eyes. Indeed, a message to be transferred travels a long way between different computers and mobile devices before it reaches a recipient; the intentions of these devices’ owners are unknown. Besides, each device in the chain can run malware that stores transmitted messages. Another problem is that a mail recipient may not always use the information received in the way it is meant to be used.

Directors of information services have faced an urgent problem in situations where company employees have the option of using their own mobile devices for work purposes. This policy is called BYOD (“bring your own device”). If such a device is lost or stolen, the company and its partners could find their reputations at risk.

E-mail security systems that may be used on ordinary computers and mobile devices are designed to solve these problems.

 

E-mail Protection Methods

E-mail protection is aimed mainly at:

  1. Protecting e-mails from being intercepted, read, or counterfeited on their way to a recipient.
  2. Protecting e-mails from further distribution by a malicious recipient.

 

Protecting E-mails from Interception

Classical cryptographic techniques are used to secure messages from interception, and digital signature technologies provide protection against counterfeiting.

A mail client plug-in that provides automatic encryption and digital signing is usually used to implement the protection. If a Web interface is used to access a mailbox, encryption and digital signing is provided by a mail server or a script on the user side, which is more reliable. A dedicated website may be used to provide an initial key exchange.

Since cryptographic technologies are well developed, the level of protection against interception or counterfeiting can potentially be very high. However, the following vulnerabilities may arise:

  1. Weak cryptographic algorithms may be required by law to make it possible for government services to crack the algorithm when necessary.
  2. Mistakes may be made in implementing cryptographic algorithms and protocols.
  3. A malicious developer of an e-mail security system may embed features that make it possible to overcome protective features.
  4. Malware can make it possible to intercept a decrypted message or install keys directly on a sender’s or receiver’s computer.

 

Protecting E-mails from Distribution by a Malicious Mail Recipient

A proprietary message viewer may be used to ensure that a mail recipient can read a message but cannot do anything else with it.

These systems cannot provide complete security; a recipient can make a screenshot of information shown on a computer monitor and generate a document from the photos. Another disadvantage is that a proprietary viewer or browser can conflict with many hardware and software platforms and document formats. However, systems for protecting e-mail from undesired distribution cope with the task of limiting information leakage well enough. Their effectiveness depends on how well they defend against automatic methods of extracting information from a message, such as:

  1. Cracking a secure message viewer to take an unprotected document from it automatically.
  2. Making screenshots of a document and using them to automatically regenerate it.

 

Comparison Table of Security Systems

The following table includes some of the existing e-mail security systems and their main features. All systems protect messages from interception by means of encryption, and some systems also provide protection from unauthorized distribution. As a rule, the greater the degree of protection from unauthorized distribution,  the fewer types of mobile devices are supported. The reason is that this type of protection relies on client applications that are difficult to create for a large number of different mobile platforms.

Name (in alphabetic order) and developer’s website

Is it suitable for mobile devices?

Protection from distribution

Description

CopySafeMail
www.copysafe.net

No

Available

A user reads e-mail via a Web interface with additional security features (disabling of screenshot saving, optional disabling of copy & paste  or print functions, etc.). At present only a browser for Windows is available. One may send messages or check for new ones using a standard browser. The system also enables users to notify that a message has been read, delete a message after reading, link a secure browser to a certain computer, and set an expiration date for a message.

EgressSwitch
www.egress.com

Suitable for iOS, Blackberry; Android is planned

Partial

Encrypted e-mail service. It enables automatic setting of limitations depending on the content of the message.

 

E-mail Encryption
www.appriver.com

Yes (operates via Web)

No

Its features are almost the same as those of SecuredE-mail.

Evizone
www.evizone.com

No

Available

The system is similar to CopySafeMail. Messages are sent and read via a special client application. Windows and MacOS are supported.

JumbleMe
jumbleme.com

Yes (operates via Web)

Partial

The service makes it possible to encrypt part of a message by embedding special tags in a message body. Encryption is done automatically on the server. The system’s website or an Outlook plug-in is used to decrypt an encrypted fragment. Printing and forwarding can be disabled, and a message may be set so that it cannot be retrieved after a certain period or can only be previewed a limited number of times.

PDFPostman
www.encryptomatic.com

Yes (operates via programs for PDF and ZIP)

None

A set of plug-ins for Outlook make it possible to convert a message to a PDF file or ZIP archive with a password before sending. Then the file is sent as an attachment and may be unpacked using any PDF viewer or ZIP archive program. Embedded features of PDF and ZIP are applied for encryption.

SecuredE-mail
www.cryptzone.com

Yes (operates via Web)

None

The system consists of a plug-in for an e-mail client or a specialized viewer. When a message is sent, it is encrypted and transmitted as an attachment to an ordinary message with instructions on how to read it. If a recipient has the plug-in, a secured message is transparently decrypted.

S-Mail
s-mail.com

Partially (it needs Java support)

None

Messages are encrypted and decrypted directly in a browser by means of the Java applet. Standard e-mail clients may also be used (in which case encryption is done by a local proxy server).

StarForce E-mail
www.star-force.com

No (At present the development for Android is carried out)

Available

Protection special viewer is used to protect messages from unauthorized distribution Messages are linked to the computer on which they were opened and cannot be read on another computer.

Conclusions

If one understands which kinds of e-mail need to be protected, which threats they need to be protected from and why, and how strong the protection needs to be, choosing an e-mail protection system becomes a straightforward task.

1 comment. Share your thoughts »

Tagged: Computing, Communications, Web

Reprints and Permissions | Send feedback to the editor

close

Views from the Marketplace are paid for by our key partners. All Views from the Marketplace have been approved by our team.

More information »

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me
×

A Place of Inspiration

Understand the technologies that are changing business and driving the new global economy.

September 23-25, 2014
Register »