Tuesday, May 14, 2013

Encryption and MAIL concerns wth SMTPs

Somebody read my GPG post from earlier, and sent me a private email on why we should use  PGP/GPG for mail vrs using SMTPs.  They had concerns on how secured their mail system really was.

SMTPs, mean Simple Mail Transport Protocol ( Secured )  & it's secured via  SSL/TLS and similar to how  HTTPs works.

Will I  giving you some pros on why PGP encryption of your mail & by the sender/recipient is way better. But let's look at this digrams and it should be clear.


Okay as you can clearly see, with PGP and encryption of  the mail body ( content ) we can ensure security from  end-2-end from  the 2 graphical images.

Other advantages;

  •           no dependencies on Mail Gateways or any mail-hops that might not use security
  •           you control the level of encryption 
  •           Established level of security for each message between sender +recipient 
                    ( i.e you could use different  keys and encryption  per message or recipient )
  •           data is secured while in transient or even  at rest
  •           mail-storage  or archival and mail is still fully secured 
                                ( no risk for orgs that archive for multiple years )

  •           easy to apply digital signature to ensure data integrity and no tampering
So the bottom line; relying purely on SMTPs , and it's transparent means of encryption,  is  no means to ensure  100% security  within a mail delivery system.

This message is endorse my Ken Felix

Ken Felix
Freelance Network/Security Engineer
kfelix    ----at---- hyperfeed ---dot----com

No comments:

Post a Comment