Electronic mail, abbreviated e-mail or email, is a method of composing, sending, and receiving messages over electronic communication systems. The term e-mail applies both to the Internet e-mail system based on the Simple Mail Transfer Protocol (SMTP) and to workgroup collaboration systems allowing users within one company or organization to send messages to each other. Often workgroup collaboration systems natively use non-standard protocols but have some form of gateway to allow them to send and receive internet e-mail. Some organizations may use the internet protocols for internal e-mail service.
E-mail privacy, without some security precautions, can be compromised because e-mail messages are generally not encrypted; e-mail messages have to go through intermediate computers before reaching their destination, meaning it is relatively easy for others to intercept and read messages; many Internet Service Providers (ISP) store copies of your email messages on their mail servers before they are delivered. The backups of these can remain up to several months on their server, even if you delete them in your mailbox.
There are cryptography applications that can serve as a remedy to the above, such as Virtual Private Networks, message encryption using PGP or the GNU Privacy Guard, encrypted communications with the e-mail servers using Transport Layer Security and Secure Sockets Layer, and/or encrypted authentication schemes such as Simple Authentication and Security Layer.
The Internet is a expansive network of computers, much of which is unprotected against malicious attacks. From the time it's composed to when it's read, e-mail travels along this unprotected Internet, perpetually exposed to electronic dangers.
Many users believe that e-mail privacy is inherent and guaranteed, psychologically equating it with postal mail. While e-mail is indeed conventionally secured by a password system, the one layer of protection is not secure, and generally insufficient to guarantee appreciable security.
Businesses are increasingly relying on electronic mail to correspond with clients and colleagues. As more sensitive information is transferred online, the need for e-mail privacy becomes more pressing.
To provide a reasonable level of privacy, all routers in the e-mail pathway, and all connections between them, must be secured. This is done through data encryption, which translates the e-mail's contents into incomprehensible text that, if designed correctly, can only be decrypted by the recipient. An industry-wide push toward regular encryption of e-mail correspondence is slow in the making. However, there are certain standards that are already in place which some services have begun to employ.
There are two basic techniques for providing such secure connections. The first involves encrypting the message directly using a secure encryption standard such as OpenPGP. This is typically a user-level responsibility. Even if such email is intercepted and accessed, its contents are meaningless without the encryption key. This technique requires users to exchange encryption keys ahead of time and can be administratively complex.
The second approach is to send an open message to the recipient which contains no sensitive content but which announces that recipient has a message waiting on the sender's secure mail facility. The recipient then follows a link to the sender's secure website where the recipient must log in with a username and password before being allowed to view the message.
At the ISP level, a further level of protection can be implemented by encrypting the communication between servers themselves, usually employing an ecryption standard called Transport Layer Security (TLS). It is coupled with Simple Authentication and Security Layer (SASL), which confirms the target router's identity. This ensures that unintended servers don't end up with a copy of the e-mail, which happens frequently in the course of normal correspondence.
Although many ISPs have implemented secure sending methods, users have been slow to adopt the habit, citing the esoteric nature of the encryption process. Without user participation, e-mail is only protected intermittently from intrusion.