Comments on: Is Email Secure?

By: Rich Menga

Rich Menga — Tue, 12 May 2009 23:52:27 +0000

This: http://office.microsoft.com/en-us/marketplace/EY010504841033.aspx

By: MartYn

MartYn — Tue, 12 May 2009 22:58:17 +0000

What does “Clicking “Get Digital ID” brings you to Microsoft Offline Online” mean?

By: Rich Menga

Rich Menga — Tue, 12 May 2009 17:15:29 +0000

The WinPT method, while not exactly elegant (grin), does at least overcome being strapped to a client or a particular mail service. Good call.

By: Doctor Gonzo

Doctor Gonzo — Tue, 12 May 2009 13:36:25 +0000

I’ve used Enigmail with Thunderbird, but since I don’t use an email client anymore that option is no longer available. However, there is a solution: a combination of GnuPG and Windows Privacy Tray (WinPT). With this combo, you can copy your email text to the clipboard, then encrypt/sign it by just clicking on an icon in the system tray (or using hotkeys). It’s not as hassle-free as Enigmail, but it’s still pretty easy to use.

By: SAP

SAP — Tue, 12 May 2009 12:50:22 +0000

Traceroute shows the path taken by ICMP packets from source to target host.

This is unlikely to be exactly the same as the route taken by mail, which is sent using a store and forward mechanism. Each mail server is supposed to add a header showing when it received the e-mail and where it sent it; these can be seen by looking at the raw mail message.

I think you would need to use a traceroute for each segment of the chain in order to see all the servers that the mail travelled through, but even that will not be 100% accurate as the routing changes dynamically.

Also, digital signatures do not prevent e-mail contents from being read, they only provide some assurance that the e-mail contents has not been altered. This assumes that the recipient is able to check the signed e-mail against the sender’s key, and that the recipient can independently establish the validity of the sender’s key.