Skip to Content

Sponsored

Overview of Electronic Mail Protection Systems

April 26, 2013

Provided byProtection Technology Research

Everyone who uses e-mail sometimes wonders how well the transmitted information is protected from prying eyes. Indeed, a message to be transferred travels a long way between different computers and mobile devices before it reaches a recipient; the intentions of these devices’ owners are unknown. Besides, each device in the chain can run malware that stores transmitted messages. Another problem is that a mail recipient may not always use the information received in the way it is meant to be used.

Directors of information services have faced an urgent problem in situations where company employees have the option of using their own mobile devices for work purposes. This policy is called BYOD (“bring your own device”). If such a device is lost or stolen, the company and its partners could find their reputations at risk.

E-mail security systems that may be used on ordinary computers and mobile devices are designed to solve these problems.

E-mail Protection Methods

E-mail protection is aimed mainly at:

  1. Protecting e-mails from being intercepted, read, or counterfeited on their way to a recipient.
  2. Protecting e-mails from further distribution by a malicious recipient.

Protecting E-mails from Interception

Classical cryptographic techniques are used to secure messages from interception, and digital signature technologies provide protection against counterfeiting.

A mail client plug-in that provides automatic encryption and digital signing is usually used to implement the protection. If a Web interface is used to access a mailbox, encryption and digital signing is provided by a mail server or a script on the user side, which is more reliable. A dedicated website may be used to provide an initial key exchange.

Since cryptographic technologies are well developed, the level of protection against interception or counterfeiting can potentially be very high. However, the following vulnerabilities may arise:

  1. Weak cryptographic algorithms may be required by law to make it possible for government services to crack the algorithm when necessary.
  2. Mistakes may be made in implementing cryptographic algorithms and protocols.
  3. A malicious developer of an e-mail security system may embed features that make it possible to overcome protective features.
  4. Malware can make it possible to intercept a decrypted message or install keys directly on a sender’s or receiver’s computer.

Protecting E-mails from Distribution by a Malicious Mail Recipient

A proprietary message viewer may be used to ensure that a mail recipient can read a message but cannot do anything else with it.

These systems cannot provide complete security; a recipient can make a screenshot of information shown on a computer monitor and generate a document from the photos. Another disadvantage is that a proprietary viewer or browser can conflict with many hardware and software platforms and document formats. However, systems for protecting e-mail from undesired distribution cope with the task of limiting information leakage well enough. Their effectiveness depends on how well they defend against automatic methods of extracting information from a message, such as:

  1. Cracking a secure message viewer to take an unprotected document from it automatically.
  2. Making screenshots of a document and using them to automatically regenerate it.

Comparison Table of Security Systems

The following table includes some of the existing e-mail security systems and their main features. All systems protect messages from interception by means of encryption, and some systems also provide protection from unauthorized distribution. As a rule, the greater the degree of protection from unauthorized distribution,  the fewer types of mobile devices are supported. The reason is that this type of protection relies on client applications that are difficult to create for a large number of different mobile platforms.

Name (in alphabetic order) and developer’s website

Is it suitable for mobile devices?

Protection from distribution

Description

CopySafeMail
www.copysafe.net

No

Available

A user reads e-mail via a Web interface with additional security features (disabling of screenshot saving, optional disabling of copy & paste  or print functions, etc.). At present only a browser for Windows is available. One may send messages or check for new ones using a standard browser. The system also enables users to notify that a message has been read, delete a message after reading, link a secure browser to a certain computer, and set an expiration date for a message.

EgressSwitch
www.egress.com

Suitable for iOS, Blackberry; Android is planned

Partial

Encrypted e-mail service. It enables automatic setting of limitations depending on the content of the message.

 

E-mail Encryption
www.appriver.com

Yes (operates via Web)

No

Its features are almost the same as those of SecuredE-mail.

Evizone
www.evizone.com

No

Available

The system is similar to CopySafeMail. Messages are sent and read via a special client application. Windows and MacOS are supported.

JumbleMe
jumbleme.com

Yes (operates via Web)

Partial

The service makes it possible to encrypt part of a message by embedding special tags in a message body. Encryption is done automatically on the server. The system’s website or an Outlook plug-in is used to decrypt an encrypted fragment. Printing and forwarding can be disabled, and a message may be set so that it cannot be retrieved after a certain period or can only be previewed a limited number of times.

PDFPostman
www.encryptomatic.com

Yes (operates via programs for PDF and ZIP)

None

A set of plug-ins for Outlook make it possible to convert a message to a PDF file or ZIP archive with a password before sending. Then the file is sent as an attachment and may be unpacked using any PDF viewer or ZIP archive program. Embedded features of PDF and ZIP are applied for encryption.

SecuredE-mail
www.cryptzone.com

Yes (operates via Web)

None

The system consists of a plug-in for an e-mail client or a specialized viewer. When a message is sent, it is encrypted and transmitted as an attachment to an ordinary message with instructions on how to read it. If a recipient has the plug-in, a secured message is transparently decrypted.

S-Mail
s-mail.com

Partially (it needs Java support)

None

Messages are encrypted and decrypted directly in a browser by means of the Java applet. Standard e-mail clients may also be used (in which case encryption is done by a local proxy server).

StarForce E-mail
www.star-force.com

No (At present the development for Android is carried out)

Available

Protection special viewer is used to protect messages from unauthorized distribution Messages are linked to the computer on which they were opened and cannot be read on another computer.

Conclusions

If one understands which kinds of e-mail need to be protected, which threats they need to be protected from and why, and how strong the protection needs to be, choosing an e-mail protection system becomes a straightforward task.

Keep Reading

Most Popular

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

This baby with a head camera helped teach an AI how kids learn language

A neural network trained on the experiences of a single young child managed to learn one of the core components of language: how to match words to the objects they represent.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.