A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Email Privacy Tools

Software using encryption, digital signatures and other methods to prevent compromise of information in emails.

Email use is widespread today. Along with the benefits of email come downsides, such as the annoyance of spam and the potential security and privacy infringements of phishing.

Users should make sure they understand the risks involved and take adequate countermeasures. Many standalone programs, like PGP  and GnuPG , provide encryption of email and digital signatures. These programs work with already-installed email clients. The recipient also needs to install corresponding tools to decrypt the emails, but if this is an obstacle, options are available that automatically self-decrypt in the user’s mailbox.

A few webmail providers like Fastmail  and Hushmail  provide encryption by default. It is possible to use these products as plugins to encrypt and sign emails, even within other webmail providers that do not provide encryption.

To keep out spam and help identify phishing emails, most webmail and email clients have built-in filters. The user chooses to either configure the filters manually, by providing a list of keywords associated with spam or by providing email addresses of known spam senders. Users also choose to let the filters automatically identify spam or phishing emails.

Filters have a “learning” capability, meaning that the user can review emails and tell the filter which emails should be flagged. For example, if the user specifies the pattern “make money fast” as spam-related, an email from the user’s investment broker with the subject line of “your stock x is performing really well and making money fast” will also be classified as spam. The user can then manually intervene and classify this email as “not spam”. The filter factors in this new information, so future emails with the pattern match continue to be addressed as spam except from known email addresses. Filters perform better over time as the user inputs more information.

Email clients like Outlook  and Thunderbird  provide visual clues to identify messages as spam or phishing email by displaying icons like the hazard sign and popping up a small window that notifies the user of the email’s nature.

References

Links

My home page