We at Solia Media have been receiving questions from our clients regarding email security. We see a bit of confusion between two concepts: secure access to our email servers via encrypted channels and actual encrypted email. We will try to explain the difference in plain terms.
When you send an email message, you initiate a connection from your computer to your mail server over the Internet. Upon negotiating the link an authenticating with a username and password, you can send an email and attachments to your mail server. Your mail server then finds the recipient’s mail server, transmits that message to the recipient’s mail server, to be retrieved by the recipient.
If you use the and SSL, or even better, the TSL protocol to send and receive an email, you are using secure access to the server. In such a case, the channels through which the message travels are encrypted. You can think of the message being carried in some sort of opaque tube when the pathway is free from prying eyes. However, normally the message itself – the data being transmitted through those opaque tubes – is not normally encrypted. Thus, if someone knows the user and password of the intended recipient and retrieves the message, they could read it.
That’s where actual encryption is useful. Encryption of the message itself is possible by the use of reciprocal security certificates, whereby the sender and receiver of an email (each possessing a digital ID) have first given each other their “public keys.” So, a person sending to a business associate can scramble the message with a certain key, which can be used by the recipient to essentially unscramble, or unlock the message with the key in their possession and installed only on the intended recipient’s computer. A hacker who has the user and password of the recipient cannot view the content of the message, because the also need the key.
So maximum security is achieved by TLS connections and end to end encryption of the email itself. Solia Media can implement these solutions for its clients.