Is my email private?

Posted on June 11, 2011 ยท Posted in Email, Security

Probably not. No, for most people their email is public.
“What! No” I hear you say.
“I sent an email to my friend and he deleted it. So I know that it is private. ”
Well…no, that isn’t how email works. Well, it can be, but most people don’t have it set up to be private, so therefore it is public. (In this blog article I mean private to be hidden and secure, and public to be out in the open)

When you send an email, your computer first sends your username and password (for your email account) to a special computer called an SMTP server. The SMTP server then checks your username and password to see if it matches a list that is stored on the SMTP server’s hard disk. If it matches, the SMTP server accepts your email and sends it on.
STOP.
Your username, password and email have been sent from your computer in PLAIN TEXT! If someone was monitoring or saving the communication between your computer and the SMTP server, they can read your username, password and the email. Suddenly they can read the email you sent, but worse have access to your email account!

Now, is this likely to happen? Ummm depends….If your email address is with your Internet Service Provider, then the risk is very low. This is because your computer is directly connected to your ISPs network via your phone or cable connection and the SMTP Server should be within your ISP’s network. But what if you are reading your email on your mobile phone, or your laptop in a free wifi area, or on your new tablet. Ahhhh, now the risk increases. You do not know how many servers or networks are between the keyboard you are typing into and the SMTP server in your ISP’s network.
Or maybe you are on your computer at home or in the office, but your email address is with a free email provider, or it is an email address that is part of a domain that you own for your business or company and the email and web hosting is done by someone else.
In this case, you still have increased risk as you do not know how many servers or networks are between you and the SMTP server you are trying to connect to.
Of course risk is a funny thing, that is it is difficult to measure and is more about perception.
Assuming of course the SMTP Server you are sending your email to correctly identifies your username and password. What happens next? Well, the SMTP Server will figure out where to send your email so that it gets to the person you sent the email to. It is at this point the email also is in PLAIN TEXT
You cannot do anything about keeping the email private once it leaves the first SMTP Server.

But you CAN do something about protecting your username, password and email before it gets to the first SMTP Server.
It is possible to encrypt the username, password and email between your computer, mobile phone or tablet and the first SMTP Server. The technology to do this is called SSL. It is supported in most email programs such as Outlook and Thunderbird and on Smart Phones. Some ISPs such as Internode support SSL email for their customers.
Naturally, like all security techniques and locks. If the bad guys really want to break in and read your things then SSL isn’t going to stop them. But if you are using SSL you reduce your risk as it is easier to target someone who isn’t using SSL.
If you would like to read more about how email and SSL work, you can here

Your ISP should provide online setup guides for setting up your email to make use of SSL. If you are using a web hosting comany that also provides email hosting, then ask them if they support SSL email. If your ISP doesn’t support SSL, change to one that does. If your web/email hosting company doesn’t, then consider finding one that does. Especially if you are using email for business.

If you need help configuring your email program to use SSL, and you are in our area, Computer Troubleshooters Croydon are available to help you to be more secure.

Creative Commons Licence
Is my email private? by Andrew Dent is licensed under a Creative Commons Attribution 3.0 Unported License.