Most of the time, we as the email service users are worried if the emails are being read by someone else. When the email itself contains the confidential data or attached documentations, we might start wondering if there's other more secured email service provider available.
General Facts:
Yes, it's possible that your emails can be read by system administrator at the company which is hosting your email.
Odd of occurrence:
Nearly impossible. Apparently the emails are routed on the servers which are owned by many government and private sector organizations. The numbers can be thousands or more. Let's say if a system administrator would like to capture a particular email and read it. Consider more than 2 million emails are sent every second, and thousands of paths available for email to move through randomly, it could be difficult and unpredictable.
What if someone hit the Jackpot:
Yes, no matter how low the chances, there's always 0.000000001% (amazing or wonderful occurrence) a.k.a Miracle.
Here's the good practices:
If you're sending highly confidential data via emails, make sure your attachments are encrypted. So does your message bodies. And try not to be explicit on your email title, as long as the sender and the receiver understand each other.
If it's for the company or bank or government, the best practice is to use their provided online email or forms. It's because the message is encrypted between your machine and their server through the internet (Make sure it's a https://)
Last Word
Be extremely cautious in the cyber world, things might get really HOT if you lost your focus.
Add-On
commandrine said...
Though HTTPS offers point-to-point encryption, I want to highlight the following:
- Not all webmail providers offer complete HTTPS sessions. Most webmail (eg. Hotmail, Yahoo) only encrypt your webmail login with Gmail the only exception where the whole session (from login to logout) is encrypted.
- MITM attack is still possible with HTTPS. Most users might encounter a pop-up warning them that the digital certificate is suspicious and studies show that they automatically accept the suspicious cert without reading the warning.
Besides encrypting attachments, you might even explore encrypting the email text as well.
- Not all webmail providers offer complete HTTPS sessions. Most webmail (eg. Hotmail, Yahoo) only encrypt your webmail login with Gmail the only exception where the whole session (from login to logout) is encrypted.
- MITM attack is still possible with HTTPS. Most users might encounter a pop-up warning them that the digital certificate is suspicious and studies show that they automatically accept the suspicious cert without reading the warning.
Besides encrypting attachments, you might even explore encrypting the email text as well.
spicynfury.blogspot.com
2 comments:
Though HTTPS offers point-to-point encryption, I want to highlight the following:
- Not all webmail providers offer complete HTTPS sessions. Most webmail (eg. Hotmail, Yahoo) only encrypt your webmail login with Gmail the only exception where the whole session (from login to logout) is encrypted.
- MITM attack is still possible with HTTPS. Most users might encounter a pop-up warning them that the digital certificate is suspicious and studies show that they automatically accept the suspicious cert without reading the warning.
Besides encrypting attachments, you might even explore encrypting the email text as well.
Not all companies provide "Online forms" for user communication. Even if you send a request via the online form, the reply from these companies will still be SMTP email back to user.
To protect the email communication, PGP can be an answer.
Post a Comment