Technical Recommendations for Improving Security of Email Communications

With billions of emails exchanged worldwide on a daily basis, email is nowadays considered to be one of the most widespread forms of digital communications. The massive deployment of this technology is certainly due to its ease of use and interoperability. This advantageous ubiquity of email communications comes nonetheless at the cost of security, which is often side-lined in favour of maintaining backwards compatibility with older versions of the protocols and considering security features as optional to ensure compatibility between providers. As a consequence, email communications often fall short of protecting the privacy and the authenticity of the information exchanged. Taking into account the fact that email is used to exchange private and personal information, the latter risks become extremely prominent. We review here the outstanding privacy and security risks in worldwide email communications and we describe a set of practical countermeasures, based on combinations of existing standards, which are capable of effectively mitigating the identified risks. Based on this analysis we provide a set of technical recommendations to be followed by email providers in order to enhance security, whilst preserving compatibility in the ecosystem.

MALATRAS Apostolos;  COISEL Iwen;  SANCHEZ MARTIN Jose Ignacio; 

2017-01-09

IEEE

JRC101443

978-953-233-086-1,   

http://ieeexplore.ieee.org/document/7522355/,    https://publications.jrc.ec.europa.eu/repository/handle/JRC101443,   

10.1109/MIPRO.2016.7522355,