Email Security and Anonymity

When we are talking about protecting email privacy and anonymity we consider that it can be compromised by message interception or an email message contains information that the sender was not intending to pass to the recipient. In this article we will try to explain how email system works, what information can be extracted from regular email message, and how email privacy can be protected.

1. Email privacy – how can it be compromised?

Before we continue with topics on how to protect email privacy, we should understand how the email system works and what are the issues related to email privacy.

How the email system works.

Most common way of sending email is using the ISP (Internet Service Provider) or company mail server. When you click on “send” button, your email software will establish an SMTP (SMTP stands for Simple Mail Transfer Protocol) connection to your email server. Server will attempt to deliver a message directly to your recipient ISP mail server, but in case this server is not accessible at the moment it will deliver the message to the intermediate email server known as MX relay host. After traveling through the MX hosts, message will be delivered to recipient mailbox on his/her ISP mail server. It will be stored there until your recipient retrieves the message using POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) protocol. This is how your email message travels through the Internet from the sender’s computer to the recipient’s computer. The same way web mail service work, but instead of email software you would need to use web interface to compose or read emails.

How can an email message be intercepted?

Where it can be intercepted? It can be intercepted at each step along the way. Email message is stored on two servers on its way at least: on sender ISP mail server and on recipient ISP mail server. When traveling through the MX hosts, message is stored on each of MX hosts. When your mail is addressed to the bank, investment company, business partners, it can attract attention of IT staff that perform mail server monitoring. And there is nothing that can prevent unscrupulous IT staff with access to the mail server to open and read that message. Other problem is that unauthorized personnel or hackers can have access to the mail server where physical access security and network security are weak.

There is another way to intercept email messages: network traffic interception. In most cases network traffic monitoring is performed by government agencies at ISP level. Email traffic can be rated according to keywords to “suspicious” and stored for later review by government agencies staff – this is how US Carnivore system works. You can read more on network traffic monitoring and how it can be prevented on our “Data interception” page.

Email Security and Anonymity

Email headers anonymity.

When analyzing email message we can get lot of information about its sender. Computer IP address, geographic location, time zone, language preferences, computer LAN name, email software used etc., – all this information can be found in email message. And an important point is that all this info is being passed without sender’s knowing about it. Well, what is bad about it, you can ask. This will depend on the way this information can be used. For example, you may not wish your recipient to know that your operating system uses Dutch language as default (e.g. your native language is Dutch), or that you are in Australia now and use one of the local ISPs services. All this information can be easily extracted from the email message headers.

Every email message consists of two parts: message header and message body. Header part can be compared to a letter envelope. It contains message subject, sender’s and recipient’s email addresses, date and time message was sent and arrived, lists the points your message went through on its way to recipient. Message headers also contain service information about sender’s email software. This information is used to deliver message, and allow tech staff to debug email problems when they occur.

Here is an example message headers:

Return-Path: <customer@somedomain.com>
Received: from [192.168.157.3] by web5203.mail.foobar.com; Sat, 21 Nov 2003 12:42:20 –0800 PST
Message-ID: <2003114546184545.45639.qmail@foobar.com >
Date: Sat, 21 Nov 2003 12:42:20 -0800 (PST)
From: “Peter J. Smith” <customer@somedomain.com>
Subject: My Private Message
To: example@yahooo.com
MIME-Version: 1.0
Content-Type: text/html;charset=”GB2312″
X-Mailer: Microsoft Outlook Express 5.00.2615.2000

And here is the information we can extract from the headers (using it to draw a picture of the sender):
Sender IP address: [192.168.157.3] points to the sender’s computer. Anyone can get further details about ISP (address, phone, fax, email) running a search through the WHOIS databases.

Sender ISP: “web5203.mail.foobar.com” and “@foobar.com” – message was sent using web interface from foobar.com (further details available at the website)Senders email software: Microsoft Outlook Express 5.00.2615.2000 (this version’s known bugs could be used for sending a troyan to the computer)
Senders local time zone: -0800 (PST) US Pacific coast (points to the geographic location of the computer)
Senders native language: charset=”GB2312″ – Chinese char set (the user’s probably a member of the local Chinese community)

It should be noted, that only three lines in the message headers were explicitly supplied by the sender: “from” address, “to” address and “subject” line. All other data was inserted by email software and intermediate servers. Usually users have no control over these headers, but these headers are the most dangerous for email privacy and contain lot of information about the sender. There is no problem to track the message sender using headers data. You may learn more on how this information can be used on our “Internet Privacy” page.

Secure email software

Using right email software is an important point for email security. If you are using buggy email software you are open to hacker attacks since email message contains your email software vendor and version number. There will be enough info to write a specially formatted (to use your email software security vulnerabilities) message to hung your computer or infect it by Trojan. If somebody suspects you to store confidential information on your computer he/she can try to hack in to get it. All the attacker needs to start is your IP address from email message header. Using security holes in your computer software (new Windows vulnerabilities are published almost daily) attacker can gain full access to your computer and in worst case obtain all your email passwords, banking and investment account data, private correspondence, business data etc. All this horror scenarios are not a myth but today’s reality, just search on Google on companies offering spying over the Internet. If your competitors can afford spending hundred dollars to know your secrets you are in danger.

Web bugs

How can be web browsing related to emailing you may ask? It’s simple. Most of email applications are capable to display HTML formatted email messages. This is not different from viewing a regular web page, but the web page is displayed in your email software window, not in a browser. When viewing web pages in your email window you are taking the same risk as when browsing, e.g. you have to deal with cookies, Java Scripts, Java, ActiveX controls, etc. IP anonymity and data interception issues should be taken into consideration as well. Please read more on web browsing security and browsing anonymity at our “Anonymous Surfing” page.
There is one popular spying technique: web bugs. To illustrate how they work let us imagine that you are running some online business and have received an email message (possibly business related) form some unknown person:

From: someuser@yahoo.com
To: customer@foobar.com
Subject: Hello!

Hello!
How are you?
I’m fine.
David.

To attract your attention your full name or your company name can be written in “Subject” line. You have opened this message, and after reading it and considering it to be spam you through it away. But you have not noticed that the message was HTML formatted, and it contained an image. Dot symbol after the word “fine” was replaced by a small image, and that image was automatically downloaded from some website by your email software when you had opened the message. Now, the email sender after analyzing web server logs can get some information on you: date and time you have read this email, your IP address, operating system, etc.

All this means that your email privacy can be compromised when you simply open an email message, even without replying to it.

2. How to protect your email privacy

Even if you have nothing to hide it is a good idea to take care of your email privacy. We have developed recommendations on how to make emailing secure and private as much as possible.

2.1 Use encryption to protect your email messages. The only way to protect email messages from the interception is to encrypt them. There are few techniques to do so.

  • PGP and S\MIME encryption. Both PGP and S\MIME encryption are used to encrypt message body only, leaving message headers unprotected. PGP and S\MIME can be used if you require end-to-end encryption. Using those methods requires prior agreement between parties, and “public key” exchange should be done before emailing securely.
  • SSL encrypted connection to mail server. SSL can be successfully used to encrypt email traffic in the whole. SSL encrypted transport prevents from message headers and message body interception on the way to/from the mail server while sending/receiving email. SSL can be used to effectively protect from intercepting your email traffic by ISP or government agencies.

Please note, PGP and S\MIME do not provide anonymity. Even if you encrypt email messages with PGP or S/MIME the message headers still remain open, and will be transferred in clear text through the Internet. You have to understand that unencrypted “To:”, “From:”, “Subject:”, etc. fields may disclose your identity and can contain confidential information. In addition to PGP or S/MIME, SSL connection encryption should be used to protect email message while in transit.

2.2 Use anonymous email services. Your email privacy will depend on your email service provider. Here is a short list of requirements your email services provider should meet:

  • IP anonymity. Providers mail server should not add the header containing the sender’s IP address. The significance of the IP address for locating of the sender has been dealt with above.
  • Encryption. Look for email service provider allowing SSL encrypted connection to the server. This will eliminate intermediate snooping. Service should be compatible with PGP and S\MIME message encryption as well.
  • Email provider mail servers location. Email provider mail servers should be located in a country where electronic privacy is protected by law. Remember, that in jurisdiction where data interception is used by government agencies “anonymous” email services are monitored in a first place.
  • Anonymous payment options. Anonymous payment options should be present if service is not free.
  • Read email provider Privacy Policy. Real anonymous email service provider should not collect and record any information about clients, i.e. you. This should be clearly stated in their Privacy Policy. Only two things are essential for signing up for a new email account: a login (used as a part of your email address) and password (to access the account). Other details should be optional.

Do not use your ISP or company email accounts for confidential emails. The most common way of sending email messages is doing so via your ISP (Internet Services Provider). This is, probably, the surest way of letting the world know all intimate details about yourself, like who you are and where you live. No ISP ever cares about clients’ privacy. Most of the big and small companies have their own email privacy policy, allowing authorized staff to review email messages sent and received through company mail servers.

Do not use free web mail. Using free web mail provides only the illusion of email privacy. Here are five reasons why you should not use free web mail providers:

  • Great majority of web mail providers, even those claiming to offer anonymous services, will expose your IP address to the recipient should the recipient wish to check the headers of the message to see it. Free webmail servers insert sender IP address into message headers, compromising sender’s anonymity. In spite of the common opinion FREE WEB MAIL IS NOT ANONYMOUS.
  • Most of free webmail servers do not use SSL encryption to protect customer connection to the web mail interface. In some cases “log in” process can be SSL encrypted, to prevent hackers from snooping your email account password. But all the emails you read or compose online can be intercepted easily, since no encryption is used to protect data transfers.
  • Message content may be stored uncontrolled in a local browser cache on your HD (hard drive), or in your ISP proxy cache.
  • You have little or no control on displaying HTML formatted messages.
  • You will not be able to use PGP or S\MIME encryption to protect confidential data.

And the last but not the least, web mail just is not convenient for business correspondence. Anyone using it knows that.

2.3 Use right email software. Probably the most popular email software is Microsoft Outlook. At the same time, it is the most buggy email software. Most if not all mail viruses that are activated by opening a message (without clicking on attachments) are written to exploit Outlook bugs, and do not affect other email software. There is one more reason to avoid using Outlook: Outlook inserts “Message-ID” headers into an email message that shows the computer network name or ISP domain. In case your computer name contains personal information and cannot be changed (by company network policy for example) you should not use Outlook for private correspondence. Fortunately, there are many powerful email applications on the market to choose from. Please visit our “Privacy Tools and Resources” page for the list of recommended email software.

2.4 Take care of your local computer security. Anti Virus software should be used to protect your computer from viruses sent by email. Email is the main source of virus infections, and ignoring anti virus protection can cause serious damage to the data stored on your computer. Please read more on how to choose anti virus software at our “Computer Security” page.

2.5 Configuring email software properly.
Misconfigured email software can cause serious problems. Here is a small list to check before you start using it:

  • Disable “return receipts” feature in your email software. Most of email applications have default settings to send receipts.
  • Always clean “Trash” folders. Messages you thought you had deleted are simply moved to the “Trash” folder by email software, and will remain on your hard drive.
  • Make sure you have set email software to delete downloaded messages from mail server. If not configured, messages are only marked as “deleted”, but not physically deleted from the server.
  • Disable displaying HTML content in email window. Disabling it will protect from web bugs. Unfortunately it is inconvenient to disable displaying HTML content, since it is widely used in personal emails and mailing lists. You may use web anonymity tools to protect yourself from web bugs. Read our “Anonymous Surfing” page for more details on web anonymity.
  • Adjust your computer clock if time zone in message headers is pointing to your location.
  • Always have in bookmarks support page for your email software and check it for security patches and upgrades from time to time. All security problems with email software should be solved immediately: as practice shows viruses exploiting new bug will be released on the second day the bug report became public.

Anonymous Surfing

Before we go to practical recommendations on how to secure your browsing let us explain browsing process flow and define the potential risks.

Browsing process flow

When you enter website address (www.someweb.com for example) in the browser “Address” field and click “Go”, your browser performs the following steps:

  1. Browser will try to resolve the domain name into IP address. To do so, it will send the following request to Domain Name Server (DNS): “give me IP address for the host www.someweb.com ”. DNS will reply something like this: “IP address for the host www.someweb.com is 192.168.3.1”
  2. Browser will try to establish TCP connection to the www.someweb.com web server IP address 192.168.3.1.
  3. Server will accept connection, and store your IP address, i.e. the address from which the request was sent, in logs.
  4. After the connection has been established, browser will send the following query to the server: “GET /”. With this request browser will send some additional details, like his capabilities (browser software type and version, accepted file types, your preferred language, your operating system) and some additional info: referrer website address (in case you have followed this link from some website) and cookies (if any). It has to be noted that all this information will be stored in server logs as well.
  5. Server will reply with some header data (which can contain cookies) and page text in HTML format and close the TCP connection.
  6. Browser will format the HTML and show it to you in the window.

Let us sum this up. Making a click in your browser window you have advised the server owner the following details: your IP address, browser software type and version, file types your browser will accept, your preferred language, your operating system, what site or web page you have visited before. Additionally, you have passed cookies intended for this site and accepted cookies from this site. Later in this article we will explain how safe or unsafe was to pass all this data.

Anonymous Surfing

Some potential risks associated with browsing

1. IP address anonymity

Web browsing, as any other Internet activity, will give away your IP address to the web site owner. Giving the IP address is the same as to give your home address, and if privacy is important for you, you should avoid passing the IP to webmasters. There are various techniques to hide IP address: web redirectors, proxy, socks, VPN tunneling. Unfortunately, not all of them are safe and reliable. The most common and most dangerous way to hide your IP is using free proxy service. To learn more about IP address anonymity and about how important it is to hide IP address please read our “Internet Privacy”. In the “Data interception” article we have compared the IP anonymity and data protection technologies used.

2. Data interception.

As we explained in “Data interception” chapter, when accessing non-encrypted pages all the data your browser and web server exchange (i.e. website visited, data passed to that site) can be easily intercepted. In some cases even SSL encrypted connection can be intercepted and monitored. We can refer to the well known “man-in-the-middle” attack against some poor SSL implementations (see article http://www.pcworld.com/news/article/0,aid,103892,00.asp). You can avoid data interception only by using third party services. There are two methods to encrypt your traffic: using proxy through the SSH, or using VPN tunneling service. You may read more on pros and cons of using the above methods in our “Data interception” page.

3. Java, JavaScripts, ActiveX controls, plug-ins

All the features above allow to make the web page dynamic by executing the downloaded code on your computer. It is very unsafe to allow running the code downloaded from not trusted/unknown sites. Since most of the modern websites use JavaScripts, Flash animation, simply disabling the Java will make it impossible to browse all of them. Fortunately, Internet Explorer has powerful security options allowing controlling browser behavior.

To configure your browser security settings, start Internet Explorer, choose “Internet Options…” from “Tools” menu and select “Security” tab. Here you will be able to assign websites to zones and tweak security settings for these zones.
For example, you use yahoo.com for mailing, trade on eBay.com and shop on amazon.com. You can add yahoo.com, ebay.com and amazon.com to the “Trusted sites”, and set “High” security level for any other sites, e.g. for the “Internet” zone. Default security settings for the zones are reasonable, but if you need more control click on “Custom level” button to configure security level details for the chosen zone.
Click “OK” to exit “Internet Options” menu.

4. Cookies.

Now a few words about cookies. Cookies are the special strings sent by server to your browser and stored locally at your hard drive. Usually cookies are “addressed” to some website, e.g. cookie “www.someweb.com: HelloWorld” will instruct your browser to pass to the server the string “HelloWorld” when you visit www.someweb.com web site. Also, cookies have “time to live”, i.e. time they are stored in your system. Basically, there are two kinds of cookies:

  • Session cookies. Session cookies are addressed for one site only, with limited “time to live” value. They are used to keep the web session data, in web shops for example, and it is safe to use them. In many cases, you will not be able to use a web shop or a banking site if you have cookies disabled.
  • “First party” and “Third party” cookies. They are designed to keep data for the time longer then one web session. In most cases they can be disabled without loosing the web site functionality. “Third party” cookies are inserted by one web site to be passed to some another, and are the most privacy dangerous.

There is a simple method to deal with cookies. Internet Explorer and many other browsers like Mozilla or Opera can be configured to block cookies. Here we will explain how to configure Internet Explorer to block undesired cookies.

To configure cookies behavior, start Internet Explorer, choose “Internet Options…” from “Tools” menu and select “Privacy” tab. Using the slider you will be able to set cookies privacy options for websites in “Internet” zone. You may set “Block All Cookies” to block all cookies from all web sites. Please note, cookies from web sites in “Trusted sites” zone will be accepted.
To delete all the stored cookies select “General” tab and click “Delete Cookies…” button. New window will appear. Click “OK” to delete cookie files.
Click “OK” to save the changes. Click “OK” to exit “Internet Options” menu.

5. Other data passed by your browser

When passing the request for a web page, your browser will give some details on your operating system and browser capabilities to the web server. For example: “Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)”. Is this dangerous? We believe it is not. There are millions of Internet users who are using Windows XP operating system and almost all of them are using Internet Explorer for browsing. But this data can be used by malicious script code you have downloaded with a web page. To protect your computer, simply disable dangerous features for the not trusted web sites as described above. Among the operating system details, your language preferences are passed to the web server. If you are using German language as your operating system language, web server will be able to determine this. It is quite simple to change your language settings.

To change the language setting, start the Internet Explorer, choose “Internet Options…” from “Tools” menu, select “General” tab and click “Languages…” button. New window will appear. If you would like your browser to pass only “English” language preference, highlight all the “Language” values except “English” and press “Delete” button. Click “OK” to save the changes. Click “OK” to exit “Internet Options” menu. From now, the browser will pass only “English” as preferred language.

6. Temporary Internet Files

Browsers are storing the web pages you have viewed on computer hard drive in cache files. Anybody having physical access to your computer can examine your browser cache, browser history to find out what sites were accessed, what pages were viewed and when. Examining cookie files allow finding the data passed to the websites in many cases. Unfortunately it is not always possible to disable storing cookies and temporary Internet files. Even using special cleaning applications is not 100% safe: cleaning applications will not be able to delete the files during the system crush. The most effective method to protect temporary files is to encrypt data on your hard drive. On our “Computer Security” page in “Hard drive data protection” section we have described the most convenient methods to hide cached files from prying eyes.
If your security requirements are not too high, and you consider not to use hard drive encryption, all cached web pages and stored cookies can be easily deleted by yourself using built in Internet Explorer tools.

To delete all the stored cookies start Internet Explorer, choose “Internet Options…” from “Tools” menu, select “General” tab and click “Delete Cookies…” button. New window will appear. Click “OK” to delete cookie files.
To delete all the temporary (cached) files, click on “Delete Files…” button. New window will appear. Check the “Delete all offline content” check box and click “OK” button to delete cached files.
To delete browser history, click on “Clear History” button. New window will appear. Click “Yes” button to confirm. Click “OK” to exit “Internet Options” menu.

A few words about various services promising to “block all the dangerous content”. Most of the above services are using proxies, which allow filtering out dangerous content like Java, ActiveX, cookies. The problem is that code and cookies are filtered out for all the sites and customers cannot control this proxy behavior. If you filter out cookies and Java you will not be able to browse most of the web sites. Some web redirectors allow controlling cookies per site, but redirector service has other limitations that can make browsing process inconvenient (you may read more on web redirectors on our “Internet Security Solutions” page). In our opinion it is more convenient to control all the browsing aspects by using browser built in security options. This will allow making your browsing safe without loosing usability.