Message Encryption At Endpoints is Critical

A recent Ferris insight bulletin, "TLS Not Important for Privacy & Secure Messaging", argued that encryption between MTAs is not generally useful. This is correct: if you really want data confidentiality, end to end encryption using a technology such as S/MIME is best.

Usually, the closer an email is to its endpoint, the more vulnerable it is to interception. Monitoring email being sent over a LAN or a WiFi link is much easier than on an Internet backbone. In some situations, additional protection of this final link can be helpful, if handling email in a potentially hostile environment.   For this reason, use of TLS to provide confidentially for POP and IMAP (email access) or for use with SMTP for email submission can be a good idea - it is an easy way to protect content where it is most vulnerable.

Author: Steve Kille

Post a comment

You must be logged in to post a comment. To comment, first join our community.