Encryption and MAIL concerns wth SMTPs

Somebody read my GPG post from earlier, and sent me a private email on why we should use  PGP/GPG for mail vrs using SMTPs.  They had concerns on how secured their mail system really was.

SMTPs, mean Simple Mail Transport Protocol ( Secured )  & it's secured via  SSL/TLS and similar to how  HTTPs works.

Will I  giving you some pros on why PGP encryption of your mail & by the sender/recipient is way better. But let's look at this digrams and it should be clear.

VRS

Okay as you can clearly see, with PGP and encryption of  the mail body ( content ) we can ensure security from  end-2-end from  the 2 graphical images.

Other advantages;

•           no dependencies on Mail Gateways or any mail-hops that might not use security

•           you control the level of encryption 

•           Established level of security for each message between sender +recipient 

                    ( i.e you could use different  keys and encryption  per message or recipient )

•           data is secured while in transient or even  at rest

•           mail-storage  or archival and mail is still fully secured 

                                ( no risk for orgs that archive for multiple years )

•           easy to apply digital signature to ensure data integrity and no tampering

So the bottom line; relying purely on SMTPs , and it's transparent means of encryption,  is  no means to ensure  100% security  within a mail delivery system.

This message is endorse my Ken Felix

Ken Felix
Freelance Network/Security Engineer
kfelix    ----at---- hyperfeed ---dot----com