Email Security and Anonymity
Tools & Resources
When we are talking about protecting email privacy and anonymity
we consider that it can be compromised by message interception or an email
message contains information that the sender was not intending to pass
to the recipient. In this article we will try to explain how email system
works, what information can be extracted from regular email message, and
how email privacy can be protected.
1. Email privacy - how can it be compromised?
Before we continue with topics on how to protect email privacy, we should
understand how the email system works and what are the issues related
to email privacy.
How the email system works.
Most common way of sending email is using the ISP (Internet Service Provider)
or company mail server. When you click on “send” button, your email software
will establish an SMTP (SMTP stands for Simple Mail Transfer Protocol)
connection to your email server. Server will attempt to deliver a message
directly to your recipient ISP mail server, but in case this server is
not accessible at the moment it will deliver the message to the intermediate
email server known as MX relay host. After traveling through the MX hosts,
message will be delivered to recipient mailbox on his/her ISP mail server.
It will be stored there until your recipient retrieves the message using
POP (Post Office Protocol) or IMAP (Internet Message Access Protocol)
protocol. This is how your email message travels through the Internet
from the sender’s computer to the recipient’s computer. The same way web
mail service work, but instead of email software you would need to use
web interface to compose or read emails.
How can an email message be intercepted?
Where it can be intercepted? It can be intercepted at each step along
the way. Email message is stored on two servers on its way at least: on
sender ISP mail server and on recipient ISP mail server. When traveling
through the MX hosts, message is stored on each of MX hosts. When your
mail is addressed to the bank, investment company, business partners,
it can attract attention of IT staff that perform mail server monitoring.
And there is nothing that can prevent unscrupulous IT staff with access
to the mail server to open and read that message. Other problem is that
unauthorized personnel or hackers can have access to the mail server where
physical access security and network security are weak.
There is another way to intercept email messages: network traffic interception.
In most cases network traffic monitoring is performed by government agencies
at ISP level. Email traffic can be rated according to keywords to “suspicious”
and stored for later review by government agencies staff – this is how
US Carnivore system works. You can read more on network traffic monitoring
and how it can be prevented on our "Data interception" page.
Email headers anonymity.
When analyzing email message we can get lot of information about its sender.
Computer IP address, geographic location, time zone, language preferences,
computer LAN name, email software used etc., – all this information can
be found in email message. And an important point is that all this info
is being passed without sender’s knowing about it. Well, what is bad about
it, you can ask. This will depend on the way this information can be used.
For example, you may not wish your recipient to know that your operating
system uses Dutch language as default (e.g. your native language is Dutch),
or that you are in Australia now and use one of the local ISPs services.
All this information can be easily extracted from the email message headers.
Every email message consists of two parts: message header and message
Header part can be compared to a letter envelope. It contains message
subject, sender’s and recipient’s email addresses, date and time message
was sent and arrived, lists the points your message went through on its
way to recipient. Message headers also contain service information about
sender’s email software. This information is used to deliver message,
and allow tech staff to debug email problems when they occur.
Here is an example message headers:
Received: from [192.168.157.3] by web5203.mail.foobar.com;
Sat, 21 Nov 2003 12:42:20 –0800 PST
Date: Sat, 21 Nov 2003 12:42:20 -0800 (PST)
From: "Peter J. Smith" <firstname.lastname@example.org>
Subject: My Private Message
X-Mailer: Microsoft Outlook Express 5.00.2615.2000
And here is the information we can extract from the headers (using
it to draw a picture of the sender):
Sender IP address: [192.168.157.3] points
to the sender’s computer. Anyone can get further details about ISP (address,
phone, fax, email) running a search through the WHOIS databases.
Sender ISP: “web5203.mail.foobar.com” and
“@foobar.com” – message was sent using web
interface from foobar.com (further details available at the website)
Senders email software: Microsoft Outlook Express
5.00.2615.2000 (this version’s known bugs could be used for sending
a troyan to the computer)
Senders local time zone: -0800 (PST) US Pacific
coast (points to the geographic location of the computer)
Senders native language: charset="GB2312"
– Chinese char set (the user’s probably a member of the local Chinese
It should be noted, that only three lines in the message headers were
explicitly supplied by the sender: “from” address, “to” address and “subject”
line. All other data was inserted by email software and intermediate servers.
Usually users have no control over these headers, but these headers are
the most dangerous for email privacy and contain lot of information about
the sender. There is no problem to track the message sender using headers
data. You may learn more on how this information can be used on our "Internet Privacy" page.
Secure email software.
Using right email software is an important point for email security. If
you are using buggy email software you are open to hacker attacks since
email message contains your email software vendor and version number.
There will be enough info to write a specially formatted (to use your
email software security vulnerabilities) message to hung your computer
or infect it by Trojan. If somebody suspects you to store confidential
information on your computer he/she can try to hack in to get it. All
the attacker needs to start is your IP address from email message header.
Using security holes in your computer software (new Windows vulnerabilities
are published almost daily) attacker can gain full access to your computer
and in worst case obtain all your email passwords, banking and investment
account data, private correspondence, business data etc. All this horror
scenarios are not a myth but today’s reality, just search on Google on
companies offering spying over the Internet. If your competitors can afford
spending hundred dollars to know your secrets you are in danger.
How can be web browsing related to emailing you may ask? It’s simple.
Most of email applications are capable to display HTML formatted email
messages. This is not different from viewing a regular web page, but the
web page is displayed in your email software window, not in a browser.
When viewing web pages in your email window you are taking the same risk
as when browsing, e.g. you have to deal with cookies, Java Scripts, Java,
ActiveX controls, etc. IP anonymity and data interception issues should
be taken into consideration as well. Please read more on web browsing
security and browsing anonymity at our "Anonymous Surfing" page.
There is one popular spying technique: web bugs. To illustrate how they
work let us imagine that you are running some online business and have
received an email message (possibly business related) form some unknown
How are you?
To attract your attention your full name or your company name can be
written in “Subject” line. You have opened this message, and after reading
it and considering it to be spam you through it away. But you have not
noticed that the message was HTML formatted, and it contained an image.
Dot symbol after the word “fine” was replaced by a small image, and that
image was automatically downloaded from some website by your email software
when you had opened the message. Now, the email sender after analyzing
web server logs can get some information on you: date and time you have
read this email, your IP address, operating system, etc.
All this means that your email privacy can be compromised when you simply
open an email message, even without replying to it.
2. How to protect your email privacy.
Even if you have nothing to hide it is a good idea to take care of your
email privacy. We have developed recommendations on how to make emailing
secure and private as much as possible.
2.1 Use encryption to protect your email messages. The
only way to protect email messages from the interception is to encrypt
them. There are few techniques to do so.
- PGP and S\MIME encryption. Both PGP and S\MIME encryption
are used to encrypt message body only, leaving message headers unprotected.
PGP and S\MIME can be used if you require end-to-end encryption. Using
those methods requires prior agreement between parties, and “public
key” exchange should be done before emailing securely.
- SSL encrypted connection to mail server. SSL can
be successfully used to encrypt email traffic in the whole. SSL encrypted
transport prevents from message headers and message body interception
on the way to/from the mail server while sending/receiving email. SSL
can be used to effectively protect from intercepting your email traffic
by ISP or government agencies.
Please note, PGP and S\MIME do not provide anonymity. Even if you encrypt
email messages with PGP or S/MIME the message headers still remain open,
and will be transferred in clear text through the Internet. You have to
understand that unencrypted "To:", "From:", "Subject:",
etc. fields may disclose your identity and can contain confidential information.
In addition to PGP or S/MIME, SSL connection encryption should be used
to protect email message while in transit.
2.2 Use anonymous email services. Your email privacy
will depend on your email service provider. Here is a short list of requirements
your email services provider should meet:
- IP anonymity. Providers mail server should not add
the header containing the sender’s IP address. The significance of the
IP address for locating of the sender has been dealt with above.
- Encryption. Look for email service provider allowing
SSL encrypted connection to the server. This will eliminate intermediate
snooping. Service should be compatible with PGP and S\MIME message encryption
- Email provider mail servers location. Email provider
mail servers should be located in a country where electronic privacy
is protected by law. Remember, that in jurisdiction where data interception
is used by government agencies “anonymous” email services are monitored
in a first place.
- Anonymous payment options. Anonymous payment options
should be present if service is not free.
email service provider should not collect and record any information
about clients, i.e. you. This should be clearly stated in their Privacy
Policy. Only two things are essential for signing up for a new email
account: a login (used as a part of your email address) and password
(to access the account). Other details should be optional.
Do not use your ISP or company email accounts for confidential
emails. The most common way of sending email messages is doing
so via your ISP (Internet Services Provider). This is, probably, the surest
way of letting the world know all intimate details about yourself, like
who you are and where you live. No ISP ever cares about clients’ privacy.
allowing authorized staff to review email messages sent and received through
company mail servers.
Do not use free web mail. Using free web mail provides
only the illusion of email privacy. Here are five reasons why you should
not use free web mail providers:
- Great majority of web mail providers, even those claiming to offer
anonymous services, will expose your IP address to the recipient should
the recipient wish to check the headers of the message to see it. Free
webmail servers insert sender IP address into message headers, compromising
sender’s anonymity. In spite of the common opinion FREE WEB MAIL IS
- Most of free webmail servers do not use SSL encryption to protect
customer connection to the web mail interface. In some cases “log in”
process can be SSL encrypted, to prevent hackers from snooping your
email account password. But all the emails you read or compose online
can be intercepted easily, since no encryption is used to protect data
- Message content may be stored uncontrolled in a local browser cache
on your HD (hard drive), or in your ISP proxy cache.
- You have little or no control on displaying HTML formatted messages.
- You will not be able to use PGP or S\MIME encryption to protect confidential
And the last but not the least, web mail just is not convenient for business
correspondence. Anyone using it knows that.
2.3 Use right email software. Probably the most popular
email software is Microsoft Outlook. At the same time, it is the most
buggy email software. Most if not all mail viruses that are activated
by opening a message (without clicking on attachments) are written to
exploit Outlook bugs, and do not affect other email software. There is
one more reason to avoid using Outlook: Outlook inserts "Message-ID"
headers into an email message that shows the computer network name or
ISP domain. In case your computer name contains personal information and
cannot be changed (by company network policy for example) you should not
use Outlook for private correspondence. Fortunately, there are many powerful
email applications on the market to choose from. Please visit our "Privacy Tools and Resources"
page for the list of recommended email software.
2.4 Take care of your local computer security. Anti
Virus software should be used to protect your computer from viruses sent
by email. Email is the main source of virus infections, and ignoring anti
virus protection can cause serious damage to the data stored on your computer.
Please read more on how to choose anti virus software at our "Computer Security"
2.5 Configuring email software properly.
Misconfigured email software can cause serious problems. Here is a small
list to check before you start using it:
- Disable “return receipts” feature in your email software. Most of
email applications have default settings to send receipts.
- Always clean “Trash” folders. Messages you thought you had deleted
are simply moved to the “Trash” folder by email software, and will remain
on your hard drive.
- Make sure you have set email software to delete downloaded messages
from mail server. If not configured, messages are only marked as “deleted”,
but not physically deleted from the server.
- Disable displaying HTML content in email window. Disabling it will
protect from web bugs. Unfortunately it is inconvenient to disable displaying
HTML content, since it is widely used in personal emails and mailing
lists. You may use web anonymity tools to protect yourself from web
bugs. Read our "Anonymous Surfing" page for more details on web anonymity.
- Adjust your computer clock if time zone in message headers is pointing
to your location.
- Always have in bookmarks support page for your email software and
check it for security patches and upgrades from time to time. All security
problems with email software should be solved immediately: as practice
shows viruses exploiting new bug will be released on the second day
the bug report became public.