If you are like me, I never blinked when sending an email. Yet, in today’s world, every piece of digital information you send can be hacked, monetized, or profiled. This is especially true if you use any of the many cloud-based email providers. Can we honestly say that email is secure? Can we really trust email anymore? To answer these questions, we must first look at the history of email. Where it came from, and who is behind the technology. The answer might surprise you.
The concept behind the email products we used came from the United States Government through DARPA, the Defense Advanced Research Projects Agency, and part of the Department of Defense.
In 1971, Ray Tomlinson, a DARPA computer programmer came up with an idea to send messages between different computers across ARPANET, a wide-area network started in 1969 to transmit information between multiple locations, including universities. During Ray’s time working on the Arpanet, he developed a private address methodology with an ‘@’ symbol to identify a target address on certain machines. He also created the ‘To’ and ‘From’ formats as well. This successful way of ‘messaging’ computer to computer on a private network paved the way for later efforts that would become what we know as email.
Moving to the late 70’s Eric Schmidt, who would later become Google’s CEO, created the Berkeley Network, an early intranet service that provided messaging over serial connections. The Berkeley Network was never fully commercialized. It was more of a thesis project.
In 1978, a New Jersey developer, Shiva Ayyadurai, who 14 at the time, wrote a program he called affectionately ‘EMAIL’ for the University of Medicine and Dentistry of New Jersey. The program allowed the University to send messages within the school network, emulating the interoffice mail system. Shiva would copyright the term “EMAIL” in 1982. Arguably, he was the ultimate creator of email but without the work of Ray Tomlinson and Eric Schmidt email would not be what it is today.
As the PC boom began in the 1980s, larger software companies entered the scene. Microsoft, launched Microsoft Mail for Mac OS, allowing AppleTalk Networks to communicate between users. Then in 1991, Microsoft released a DOS and Windows version of email which was the precursor to Outlook and Exchange.
As email turns 50 years old, we should give the product a good going over and see why it needs to adapt to meet today’s threats from hackers, phishers, and other bad actors. As I survey the current email landscape, I do not find any email provider that can protect their users from malicious activity.
To understand the vulnerabilities of email, we need to look at its protocols and security vulnerabilities. Email is made up of 3 protocols that are SMTP (Simple Mail Transfer Protocol), POP3 and IMAP. These protocols are assigned to port numbers on your computer and the most common are SMTP – port 25, POP3 – port 110 and IMAP – port 143. Sent emails use the SMTP protocol and POP3 or IMAP for the receipt protocol. The difference between POP3 and IMAP is that POP3 stores your messages on your device and IMAP stores your emails on a server, where whoever controls that service can view your email. Most webmail applications use IMAP, storing messages cloud-based or from webmail severs. Most Office365 users today are using IMAP so email can be viewed across many different devices, -like laptops, desktops, phones & tablets. So, these messages are only as safe as the security protocols that prevent hackers from accessing your data.
Let us now discuss email infrastructure. Email infrastructure consists of two parts. The first is the intra-domain interactions. For example, if you have a Protonmail account, you are interacting with Protonmail.com address when you use this service. The second interaction is between your email server and other email servers. These handoffs are known as MTA (Message Transfer Agent) to MTA. Any interaction between Gmail to Yahoo or Gmail to Outlook are intra-domain transactions. The interactions use SMTP through port 25. This protocol is very, very old and well known to hackers. Additionally, all the traffic sent by MTA must be sent in plain text so it can be read by recipients.
Why is this an issue? To be clear, any MTA-to-MTA traffic on Port 25 must be unencrypted and in plain text for the protocol to work. If you are a skilled hacker and gain access to a network, you can easily intercept traffic from port 25. Since all data is unencrypted through Port 25, a hacker can very easily access the email. A common FREE tool hacker can use to do this is Wireshark. It can sniff the traffic on a network, and then hackers can intercept and access the traffic data.
Even if you think that the body of the email is secured, you may also not realize that there is a trail in email called an ‘email header’ that contains Meta Data. Meta Data contains your IP address, the subject of the email, machine name, timestamps, and email addresses of senders and receivers. So, Email Headers = Meta Data! So, there is a very, very high likelihood that most if not all your meta data in your email is in the wild and probably on the dark web.
The unspoken secret in the tech world is the unsecure nature of email. The IRS doesn’t allow you to email them attachments and your doctor will not transfer any patient data via email. The reason is that email is simply not secure. Nobody talks about this, but ‘ALL’ SMTP port 25 traffic is basically NOT SECURE!
How does Secured2 solve the email security problem and how does Secured2 provided an end-to-end secure communication method for not only the email itself but also the attachments? Our add-in fits directly into the Microsoft client for simplicity and ease. Our add-in grabs your binary data (your message and attachment data). We run the binary data through our algorithm that ‘shrinks, shreds, secures’ your data. We add a compression layer to your data that reduces its size by up to 90%, we break your data into 5K segments, we randomize the segments and we add a layer of AES encryption to each segment to ensure we meet today’s ‘encryption’ standards for data at rest and in transit. We also leverage TLS by sending the message along with our proprietary non-sequential packet delivery. So, if there are packet sniffers, they may capture the randomized, compressed, encrypted and unreadable segments, but they get nothing because they do not know how to reassemble the segments. Then, each segment is sent at least to three or more physically separated sever locations. For instance, you can shred into multiple VM’s at Microsoft Azure or into multiple VM’s in your own network. We also allow you to send segments into multiple physically separated locations such as Google, AWS, Azure. All data at rest is physically separated at the binary level and so secure, not even the cloud provider or hackers can access your information. And since you hold the keys through authentication, not even Secured2 can access your data. We are secure inherently by the function of what our algorithm does to the email data.
How do you install Secured2 Beyond Encryption Email and how do you use it? To install it’s literally as easy as logging into your Office365 or Outlook.com account and going out to the Microsoft Appsource store and clicking the ‘Get it Now’ button. Microsoft will do the install for you and it takes literally 2 minutes to fully install our email security app. Once installed simply compose a message and click our lock icon in the ribbon area to launch our app. Protecting an email is as simple as clicking a button! To install our app, visit Microsoft Appsource here.
We just added to our application a simple 1-time code for your email recipients. Any recipient gets sent confirming they are who they say they are, and they can click a single button to unlock a secure email. It is two simple steps and no special accounts to setup.
However, if you need an even higher level of access, we can integrate much tighter security controls such as MFA solutions. We also can support specific verification methods for your company that you trust to ensure maximum security.
Secured2 is the next generation of email security and the world’s first quantum safe & beyond encryption email solution. I just talked about some the current vulnerabilities, and I truly believe that Secured2 has the only solution in the market today that can secure email for anyone. Most importantly – we are so confident in our solution that we offer an industry first cyber indemnification warranty that covers you with up to $1M per user of cyber liability coverage backed by Lloyd’s of London. Can you email solution say that?