Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Email Encryption and Signing: False Sense of Security

Recently, I received information on an email gateway designed for "security" that had features I immediately thought were stupid. I will not name the product, I did not test it, and the same comments would apply to any product with the same features.

Automatic Digital Signing of Outgoing emails: The gateway will digitally sign outgoing emails that match a rule set by the administrator. The attraction is that it could allow a company to start using digital signatures when the responsible staff (e.g., the computer-illiterate CEO) does not understand the technology. The flaw is that, as an SMTP gateway, the product depends on the SMTP headers to determine the identity of the sender - there is no authentication. Thus, every email matching the administrator's rules is a legal document signed by the company. So, a rogue employee could commit the company to a disadvantageous contract - a cleaner could forge an email from the CEO. Alternatively, a new, mass-mailer virus could enter the company and send itself (from the CEO) to the company's business partners. Apart from being embarrassing, a business partner who was damaged by the virus could use it as legal proof of the source, and claim damages.

Automatic Self-decrypting messages: The administrator defines passwords for recipients, and email to them is automatically encrypted by the gateway. Recipients decrypt the messages by double-clicking the attachment and entering the password. The attachments must be executables, so this goes against anti-virus Safe Hex guidelines. The administrator has the burden of managing passwords for many recipients; recipients are probably receiving messages from several sources, and therefore have to remember multiple passwords.

Scanning encrypted messages: The product will use third-party anti-virus products to scan the encrypted messages. So, the messages are decrypted at the gateway. Breaking into the gateway gives the attacker access to all the encrypted communications of the company.

Overall, the product tries to bring security buzzwords to SMTP email without changing the user's behaviour, but fails to address the problems that make this difficult. If you want digitally-signed messages that really authenticate the sender, then the sender must have control over their private key and the signing process, and understand what this means. If you want secure, encrypted messages to many parties, PKI is the simplest. If you want end-to-end confidentiality, you cannot block viruses at the gateway. Shortcuts might be attractive, but they will not provide real security.