Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 11-24-2017, 10:51 AM   #1
Baseband Member
Join Date: May 2012
Location: Canada
Posts: 78
Default the security of sending emails


Our project manager has asked us to answer some security question for a few prospective clients. One ofthe questions is: If the client provides data via email, what security considerations should be made?

Consider the 'data' to be an attachment.

The main question on my mind is: is it possible for third parties to 'spy' on emails in transit? So if I send an email with an attachment, under what conditions would it be possible for a third party to see that email, and the attachment, and can they copy the attachment for themselves?

Are there any other security issues to be considered when sending emails with attachments?

gib88 is offline   Reply With Quote
Old 11-24-2017, 08:07 PM   #2
Fully Optimized
crazyman143's Avatar
Join Date: May 2004
Location: USA
Posts: 2,963
Default Re: the security of sending emails

most email servers use 'opportunistic' encryption meaning that if the servers on both the sending and receiving end support encryption, it'll be used. But if not, the email gets transmitted in plain text. In such cases the email and any attachements could be seen my third parties on the internet.

Generally emails are also stored on servers (user's mailboxes) in unencrypted format. So if that server is comprimised, the emails can be seen by others.

Thats why email isn't really considered a secure form of communication. There are methods of sending secured email such as PGP but that's complicated. For some added security, you could add your attachments to password protected zip files and then send those. 7-zip will encrypt a zip file and require a password.

crazyman143 is offline   Reply With Quote
Old 11-25-2017, 08:52 PM   #3
The Candyman
~mr mixx~'s Avatar
Join Date: Jun 2004
Location: USA
Posts: 11,355
Default Re: the security of sending emails

That's what I was going to say Crazyman.....just add the attatchment into a zip file and add a password.
" Let the music move you "
~mr mixx~ is offline   Reply With Quote
Old 11-26-2017, 11:15 PM   #4
Site Team
iPwn's Avatar
Join Date: May 2010
Location: USA
Posts: 3,926
Default Re: the security of sending emails

If overly concerned about security, download and install AxCrypt (1.7!! I would stay away from the 2.0 update). Encrypt the file and ask the client to download and install the old version too. Whatever you encrypt the file with, send the key via some other means, e.g. text message, fax, snail mail.
Me: You'd think as the dominant species we wouldn't be so effing stupid.
J: We're just intelligent enough to be completely effing stupid.
iPwn is offline   Reply With Quote
Old 11-27-2017, 11:15 AM   #5
Site Team
root's Avatar
Join Date: Mar 2004
Posts: 8,107
Default Re: the security of sending emails

hmmm... this is for your work.
get a consultant it, a proper company that is accredited to setup secure systems...

I often find (as I work in IT) that when a company starts talking about "security", what comes soon after is a tightening of that, (i.e enforcing that security or failing to transmit.) auditing that security, testing that security, updating that security etc...

when you talk about emails, what starts as mails with password protection quickly escalates to secure/encrypted, with offsite backups and non-repudiation software in place.

to know if the server you have even supports encryption you will want to know what the name and version of your email server is. (or what service you have, and what tier of service you have.)
I didn’t fight my way to the top of the food chain to be a vegetarian…
Im sick of people saying 'dont waste paper'. If trees wanted to live, they'd all carry guns.
"The inherent vice of capitalism is the unequal sharing of blessings; The inherent vice of socialism is the equal sharing of miseries."
root is offline   Reply With Quote
Old 11-28-2017, 02:44 PM   #6
Baseband Member
Join Date: May 2012
Location: Canada
Posts: 78
Default Re: the security of sending emails

Thanks for the feedback everyone.
gib88 is offline   Reply With Quote
Old 11-29-2017, 04:12 AM   #7
Fully Optimized
joedaman633's Avatar
Join Date: Apr 2012
Location: England, Birmingham
Posts: 1,826
Default Re: the security of sending emails

Having a password protected zip is a good start, but I'd personally shy away from sending confidential data over email, and use a secure FTP server of some kind with controlled access.

If you must use email, it's better if each sender has their own unique certificate. This goes some way to ensure not that the data is secure, but at least you can be confident in the recipient and the sender (ie, you're not being sent false data by somebody pretending to be someone else)

Athlon II x4 645 || 1TB 7200rpm HDD || EVGA GTX 650Ti OC || 8GB DDR3 RAM || Windows 7 Home x64

i5 4210M || 500GB Samsung EVO 850 SSD || GeForce 825M || 16GB DDR3 RAM || Windows 10 x64
joedaman633 is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 04:42 AM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0