Is Email Secure?
This is actually a very easy question to answer: No. And it never has been. But don’t freak out about it. More on that in a moment.
When I say that email isn’t secure, I’m not referring to the username/ password you use to access your account. That’s a local level of security. Email isn’t secure because the vast majority of it is transferred from sender to recipient using nothing but plain unencrypted text. It’s the transport method where the insecurity happens.
Any message sent across the internet unencrypted can be intercepted and read easily because there’s nothing to decode.
In addition, the routing process of each mail you send hops across so many servers that any number of people could intercept your mail.
Side note: If you want to examine exactly how many hops it takes to get from you to a particular server on the internet, this is done using the trace route function.
In Windows: Start / Run / type cmd / press Enter
If you want to know how many hops it takes to get to mail.yahoo.com, type tracert mail.yahoo.com and press Enter once at the command prompt. It will take a few seconds to go show all the hops.
Should you be concerned now, knowing that email is so insecure?
You have to remember that each email you send or receive is one of countless millions transferred every day on the internet. The likelihood of your mails being intercepted are extremely slim at best.
There have been those who have tried to make email more secure.
The only method of secure email that has had some limited success is the use of digital signatures.
Using the Microsoft way, Outlook Express and the newer Windows Live Mail can use what’s called a "Digital ID". In Windows Live Mail this is found via Tools / Safety Options / Security tab, then look under the heading "Secure Mail", like this:
Clicking "Get Digital ID" brings you to Microsoft Offline Online, because these IDs are tied to not only email but MS Office products as well.
Oh, and by the way, Digital IDs are not free.
On the Enigmail home page, it states under the "What do I need?" section:
You need a supported email client, the GNU Privacy Guard (GnuPG), and a little patience.
Even they know it’s a pain to set up. And yes, I can vouch for this because I actually tried it out once for a few weeks. Sure, it works fine once everything is set proper, but it certainly not a 1-2-3 easy process.
"Are you saying the mail has to be tied to an email client in order to use these secure features?"
No. There is Hushmail. Email from that particular system is encrypted and freely available. It is the only one I know of that has encryption, is web-based and free.
However you have to bear in mind that even though your mail is encrypted, your recipients are most likely still using plain text.
In the end, email is insecure no matter how much you try to make it secure. But don’t lose any sleep over it.