1

When I did my degree ~20 years ago, the contents of an email were described as being "as secure as a postcard".

Since then, HTTPs has become standard for web browsing and the absence of security is noteworthy; have equivalent changes occurred with email, or is email as bad as it ever was?

(Target level for answers: I have a software engineering degree, but minimal experience of security issues).

BenRW
  • 111
  • 4
  • Does this answer your question? [How (in)secure is POP/IMAP/SMTP](https://security.stackexchange.com/questions/51552/how-insecure-is-pop-imap-smtp), [How secure is e-mail landscape right now?](https://security.stackexchange.com/questions/186070/how-secure-is-e-mail-landscape-right-now). In short: not much better. The basic architecture is the same and mainly transport between the hops is protected. But unless end-to-end encryption like PGP or S/MIME is used the mail is visible in plain on each hop and also on the final mail server. And end-to-end encryption is usually not used. – Steffen Ullrich Nov 17 '20 at 12:33
  • Given how rapidly tech changes? No, not really. A lot can happen in 6.75 years, or even in 2.5 years, and the more recent answer shows fairly rapid change in statistics from one year to the next. – BenRW Nov 17 '20 at 14:26
  • 1
    The basic problems with mail are still the same. Every hop in the delivery can read what is on the mail, no matter if TLS is used to protect communication between the hops. The sender can still be easily spoofed in many cases since DMARC is only marginally deployed and enforced and there are also other ways to spoof the sender. That's still very similar to the security of a postcard. – Steffen Ullrich Nov 17 '20 at 14:49
  • 1
    Tech changes rapidly, but email infrastructure tech has changed very little. It's not like somebody came out with a new transfer mechanism that ensures encryption; we're still limping along with SMTP and the various bolted-on TLS pieces. So those old answers are still pretty applicable. Adoption rates shift, but nothing game-changing has happened. – gowenfawr Nov 17 '20 at 17:25

0 Answers0