Photo by Brett Jordan on Unsplash

Why — After 40 Years — Are We Still Using Unencrypted and Unverified Email?

--

Email was the killer app that made the Internet and which was closely followed by the Web. And so port 25 (SMTP — Simple Mail Transport Protocol) and port 80 (HTTP) built the Internet. But, while the Web has become more secure and trusted (with a move to HTTPs), we still blindly send unsecured and unverified emails. Overall, the use of email it is still the major cause for security weaknesses, as users can easily be tricked into clicking on untrusted links in emails, and in incorrectly replying to emails. Basically there’s almost zero trust in many of our email systems.

To improve security, we thus need to increasingly encrypt email and also digitally sign it. So let’s look at a more secure method of sending an email.

The classic RFC … 822

In 1982, a classic RFC was drafted [here]:

It defined a way to represent header fields in message requests and responses within Internet messages. This scaled to many of the classic protocols, suc as HTTP, SMTP and FTP, and allowed us to create a header for the transmitted data. For email messages, we have the following…

--

--

Prof Bill Buchanan OBE FRSE
ASecuritySite: When Bob Met Alice

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.