It is assumed that the reader of this text is an active e‑mail user. It is further assumed that he or she has a basic understanding of the following:
Personal computer (hardware, operating systems, application software).
Email (overview).
Email privacy.
Email tracking.
Malware.
Internet Communication Security.
N.B.: This text does not address the use of e‑mail on common mobile devices (i.e., tablets and cellular telephones running Apple iOS or Google Android operating systems). The level of security on such devices is so low that they should not be used to store or transmit any data that requires even a modest level of confidentiality).
E‑mail is sometimes called "the Cockroach of the Internet": a primitive, dirty, slow and ugly creature - but one that infinitely adaptable and impossible to exterminate.
This is an apt metaphor. There is no shortage of Internet communication systems that are faster, visually more appealing, that claim to be more secure and less mistake-prone. Yet e‑mail endures for one simple reason: its universality. For two parties to communicate, they need nothing in common: no previous agreement on the specific application program, Internet connection type and speed, operating system or application program, hardware device or peripherals. Those that wish to communicate need to agree on only one thing: the other party's e‑mail address.
E‑mail is insecure by design. When the e‑mail message format and transportation protocol was first designed and implemented, no consideration whatsoever was paid to either confidentiality or the authenticity of an e‑mail message. Over the decades of the e‑mail system evolution various proposals were made, some adopted and some not, some used and then abandoned, all in order to address those two problems. However, the security of the system is yet to be substantially improved.
There is no method by which a recipient of an e‑mail message can examine only the content and the "headers" of a message and be sure that the message was sent by the person that owns the e‑mail address that appears in the incoming message "From" header; the e‑mail system simply does not include such functionality. The only way to ensure authenticity of an e‑mail message is to digitally sign a message; this however requires an a-priory agreement on the mechanism and exchange of the credentials between the sender and the recipient. (see below, under "e‑mail encryption and signing"). Two more things are worth noting: in practice, the message authentication is not nearly as common requirement as is the message confidentiality, and there are instances when message signing might actually result in undesirable consequences to its creator.
The confidentiality of e‑mail is best discussed in three separate units: for POP mail, for web‑mail and finally for their hybrid: IMAP mail.
In order to make the trip from mail-client program running on the sender's computer to the same on the recipient's one, the message is first transferred to sender's internet service provider (ISP). Many ISP's do not operate SMTP relays, not even for their paid subscribers; in which case the message is transferred to the operator of the SMTP "entry node" that the mail client program is configured to use. Once there, the message is again transferred, to the server of recipients mail service provider. The message is stored on that computer for a period of time, until the recipient's mail client program is activated and instructed to "pull" the message from the server to the recipient's computer disk drive.
While the message data is usually encrypted as it flows between servers, it is freely readable while resident on each "mail relay" - i.e., the computer in the mail transport chain. While the message is on a relay server, the headers must be inspected, and the content may need to be backed up and may be archived. The set of relays that the message will travel through depends on the conditions of the network traffic and can not be predicted in advance. Relays may (or may not) add headers that will tell the recipient that the message travelled via the relay, and there is neither technical nor legal obligation to add such header, or record the fact that the relay kept a copy of the message.
Any organization that operates any one in the chain of the mail relays can provide message copies to the Internet surveillance agencies (typically in response to legal coercion), while any individual with operational access to the relay can be corrupted into providing message copies to the organized criminals (in exchange for money or as barter). Both of these conditions are more of a rule than an exception.
The volume of e‑mail traffic passing the relays is large. This might mislead an individual into thinking that his particular message is safe, "hidden in the multitude". However, the traffic analysis and content inspection is not performed by humans looking at the text of an individual message, it is performed by specialized computer software that is hidden from the public view, with capabilities to correlate data scooped from e‑mail traffic with other, private and public information sources.
Unlike the POP mail, in web‑mail at least one (and possibly both) message transport legs is not performed via a series of mail relay servers, but is instead travelling directly from user's computer to the web‑mail service operator via an encrypted "tunnel", using Internet communication protocol (TLS, "transport layer security") that will, if possible, encrypt the data flowing between the two computers.
TLS provides much better security than the transfer of e‑mail messages via a series of mail relays. However, TLS security "strength" is by design sufficient only for relatively low-value Internet commerce, it is inadequate for either high-value monetary transactions or for the protection of personal information of "high-value" targets.
An even weaker link of web‑mail is authentication of user connecting to his account on the web‑mail service computer. This can be caused by weak passwords, or by passwords captured and reported to the adversary by the malware or rouge applications on the recipient's computer.
As a response to the above, web‑mail services are promoting something called 2FA (two factor authentication). In practice, this is almost universally implemented as an ad-hoc generated one-time numeric code, sent over mobile telephony network to the user's cell-phone. This code must be used in addition to the password to log in the web‑mail account. The method is inconvenient (i.e, the user is locked out of his e‑mail communication if he is for any reason unable to receive mobile telephony text messages). Worse, security of mobile telephony text messaging is entirely dependent on the technical infrastructure and legal obligations of mobile telephony operators: neither of which is likely to be any better, and is is probably much worse than that of the mail relay Internet server operators.
Unless both correspondents are using the same web‑mail service, the traffic between the web‑mail services of message sender and the receiver uses the chain of relays, as described under POP‑mail above. The same applies if one of the users is a web‑mail user, while the other uses POP/SMTP mail.
Finally, all web‑mail services scan the content of the un-encrypted mail for commercial purposes. How is this information stored and protected is not completely disclosed to the user; neither is the identity of all "partners" that the web‑mail operator is sharing the collected information with.
A note on "off-label" web‑mail service use: when the web‑mail services (such as gmail.com or yandex.com) provide POP/SMTP access (typically as a little-advertised, tolerated but discouraged alternative to browser-based access) and if both communicating parties use POP/SMTP with e‑mail encryption (as described below in this text), web‑mail services might actually provide a high degree of e‑mail security.
IMAP can be described as a combination of POP/SMTP mail (for transfer of message headers) and web‑mail (for transfer of message content and attachments). Thus its insecurity is the cumulative combination of insecurity of both POP/SMTP and web‑mail.
Estimate of personal computer malware infection rates vary, but it is safe to assume that the fraction of personal computers "infected" by some variant of malware is (depending on the country and source of statistics) between 20% and 40%.
The malware on personal computers falls into two categories: the first (and the most common one) can be described ss "opportunistic" malware. It is created and deployed not onto some specific user's computer, but rather to any Internet connected computer. Its purpose is not to inflict harm to the computer owner, but rather to provide the malware creator with a free and untraceable Internet-connected device. Such device may be used to perform crypto-currency "mining", for attacks on corporate or government Internet servers, for distribution of boot-legged software and copyrighted entertainment content, for collection of e‑mail addresses and credentials used to inject spam and "phishing" e‑mails into the system and so on.
Malware targeting not any Internet-connected computer, but the computer that belongs to a specific owner/user is less common, but of much greater concern. Such malware is usually designed, constructed and deployed by highly skilled professionals. Mass-market "virus protection" software and subscription services - that may offer some small level of protection against opportunistic malware - offer no protection against it.
In extreme cases such malware is injected into the victim's computer with the help of the operating system vendor, communication service provider, employer or similar actor that enjoys the trust of the victim.
Short of using an Internet-connected computer for communication and exchange of encrypted data and then transferring that data, still in encrypted form using a method known to be capable of conveying only the data, and not the executable computer code to a second computer, never connected to the Internet, there is no fail-safe method of protection from the user-targeting malware. On the other hand, the usual methods of personal computer "hygiene and prophylactics" (specifically, frequent re-installation of operating system that includes the re-formatting of system disk partition, using separate computer for all non-essential applications (computer games, streaming of entertainment content and reading and viewing of Internet publications) and minimizing the number of programs of any kind installed on the computer) can frustrate the efforts of any adversary, regardless of his technical competence level or of his ability to obtain the cooperation of software vendors and service providers.
Targeted attacks often require a fair bit of effort and can significantly harm the attacker if his actions are discovered, demonstrated and made public. The probability that a targeted attack will be mounted against a particular e‑mail user ultimately depends on the balance of the technical difficulty and the cost of executing the attack on the one side, and on the value of data the attacker hopes to obtain on the other; it will therefore vary widely from case to case.
The most common method of encryption and digital signatures as an add-on to the e‑mail communication has first been introduced as aerly as 1991. The most secure manner in which e‑mail encryption is used is often called "e2ee", short for "end-to-end-encryption". This means that message is encrypted on sender's computer and decrypted on recipients, and that the decryption key is both generated and kept only on the recipient's computer.
Despite the fact that the message body (and attachments) are never exposed to Internet service providers, mail relay servers or mail service operators, e2ee mail encryption is used for only a minuscule fraction of all current e‑mail communication. There are good reasons for this:
Detailed discussion of e2ee mail encryption is beyond the scope of this text. The reader is instead directed to two sources that might give him enough knowledge to decide if encrypting and, optionally, signing of messages is the solution for his e‑mail security problems. The first one explains the mechanics of public key cryptography, while the second one provides a practical guide to e‑mail encryption using the most popular POP/SMTP e‑mail client program, Thunderbird.
This discussion of e‑mail encryption will conclude with a word of caution: there is a significant difference between e‑mail encryption use by either "techno-enthusiasts" or those that simply value their privacy, and the same use by those that can suffer serious harm if the content of their communication is exposed to the adversary. Most - if not all - of the Internet tutorials on e‑mail encryption implicitly assume the former.