Home  |   Web Site Hosting  |   Email Services  |   Domain Names  |   Support    
Knowledge Base
Knowledge Base Search:
Contact Us
Customer Service
Technical Support
Technical Specifications
Terms Of Service
Privacy Promise
Abuse Policy
My Account

 

 
Email Security
Two Methods of Securing Email

There are two methods of securing email communications, CommerceStreet.com's email systems support both.

The first is TLS / SSL connections, the second is Secure Email Certificates. There are distinct advantages and disadvantages to each.

This article's objective is to provide a general understanding of both methods, sufficient to enable the reader to determine which method best suits their particular needs. References are made to Microsoft Outlook throughout this article, since this is the most widely used email program. Comments apply to any S/MIME enabled email program.
 
TLS / SSL Connections

In Outlook, you can specify SSL and TLS connections to both your SMTP (outbound) and POP3 (inbound) mail servers. Both SSL and TLS connections provide encryption security between your mail program and the mail server. Messages are encrypted by the mail program and server when they are sent back and forth. If these encrypted messages are "sniffed" (intercepted up by someone monitoring the network connection) they cannot be easily read. These messages are automatically un-encrypted when they reach the mail program, even if they are routed to the wrong mail recipient for some reason.

TLS connections provide an additional layer of security in some circumstances. Messages sent using TLS are encrypted when being sent from one mail server to another, if both mail servers provide TLS connections. If one server does not provide TLS support, the message is sent anyway, not encrypted.

So, SSL connections provide "client / server" encryption, TLS provides both Client / Server encryption, and "Server / Server" encryption when available.

The advantage of this method is it's ease of use. Just check the boxes in Outlook, and you're using it. The disadvantage is, messages can become decrypted if every server and user in the process is not TLS enabled.

SSL is appropriate when you are downloading messages from a server that contain orders or form information from a web site. Since your web site will normally put the information into your mail box without having to go "on to the Internet", delivery to the mail box can be secured. Using SSL to access the mail box secures the information when you download it.

TLS is appropriate when you want to exchange messages with another user who is also using TSL, and where the servers between you and the other user are all TLS enabled. This can be as simple as other people on your own mail server. It is common for insurance companies, financial firms, etc., to specify routing between their mail mailers and those of customers and vendors to ensure TLS encryption of messages sent between the specified locations. This is a service that CommerceStreet.com provides.

Using TLS / SSL Email Security
 
Secure Email Certificates

A more secure but more difficult way of securing email communications is with Secure Email Certificates. An Secure Email Certificate:

  1. Verifies the identity of the email's sender.
  2. Encrypts the email message from "end to end".
  3. Allows only the intended recipient to decrypt the message, using a "private key"

We will describe how they are used to illustrate how they work.

  1. YOU get a secure email certificate for YOUR email address and install it in Outlook on YOUR computer.li>
  2. Then, you then send a "digitally signed" email message to a second party.
  3. That second party adds your digital signature to your entry in their Outlook address book.
  4. When that second party sends you an email, they can encrypt it with your digital signature, and the message can only be decrypted by you (using your private key which matches your digital signature).

So, YOU get a secure email certificate, and it allows OTHER PEOPLE to email encrypted email messages to YOU. In other words:

  • you get a digital signature and a matching private key.
  • You give out your digital signature which can be used to encrypt email messages sent to you.
  • Your private key can decrypt messages that were encrypted with your digital signature.
  • Outlook handles the encryption and decryption automatically.

If you want to email encrypted messages to other people, those other people have to get secure email certificates, install them on their machines, send you their digital signature. Then you can send them encrypted messages.

The encrypted messages can only be opened on a machine with a S/MIME enabled mail program, with your secure email certificate installed. This does not work with "web mail" systems. You can backup your certificate and reinstall it if your mail program has to be reinstalled for any reason. If you have to reinstall your mail program and do not have a backup of the certificate, you will not be able to open the encrypted messages you previously received. p>

Secure Email Certificates are appropriate when the highest level of security is warranted, and when all parties in the secure email have either sufficient technical competence or sufficient technical support. Secure Email Certificates are common where HIPPA compliance is required, in high security corporate email environments and with government agencies. It is also used to confirm the identity of email senders, where users have high technical competence or high levels of technical support.

Using Secure Email Certificates
 

 
   Home  |   Contact Us  |   Legal  |   Terms Of Service  |   Privacy Promise  |   Support

   © 2004 Commerce Street, Inc. All right reserved.