Spam and email security

Spam and email security

Spam is a general term used to describe electronic ‘junk mail’ – unwanted messages sent to your email account. These messages vary, but are essentially commercial and often annoying in their sheer volume. They may try to persuade you to buy a product or service, or visit a website where you can make purchases; or they may attempt to trick you.

See more on Anti Spam services.

Email security
Standard email software offers very poor security.

Emails are easy to intercept. Sending an unsecured email message is like sending a postcard – anyone can read it along the way. Email messages passing between mail servers can be viewed or even modified by unauthorised people before the message is forwarded to the next server. Unsecured email makes it easy for outsiders to obtain confidential information about your operations. In a legal context, an email that has been tampered with during transmission may still be accepted as legally binding.

However, for electronic mail within your organisation or simple communications with clients and members, secure electronic mail may not be necessary.

But if you deal regularly with confidential documents such as client referrals or want to take orders for memberships or services via email, then you should consider introducing a secure email system.

Secure email versus postal mail
Using the analogy of a paper-based transaction, secure email systems provide the following advantages:

a secure ‘envelope’ for you to seal your document so no-one except the intended recipients can open it. Each recipient can even put the contents back inside the secure envelope for long-term storage if they want to make sure no-one can read the contents from their PC
inside the envelope is a signed, authenticated document that can be archived along with the signature for non-repudiation. Any attachments are also signed and authenticated.

How can I send emails securely?
Today, there are many more emails sent than letters posted. Even the smallest nonprofit organisation is likely to use email to keep in touch with members, clients and volunteers. Whether you use a Web-based email service (such as Hotmail or Yahoo) or an email package (such as Outlook, Eudora or Notes), you need to know about secure email and encryption.

Email security products solve the problems associated with standard email by ‘encrypting’ the mail so it cannot be read by anyone other than the intended recipient. Cryptography is the process of putting messages into a ‘secret code’ so they can't be read if they're intercepted. Most email security products use a variant on public key cryptography.

There are numerous off-the-shelf and downloadable products available to do this. Secure email services can also be accessed online, and some web-based services are available free of charge for basic functions.

In most cases, secure email services will only work if both the sender and the recipient are using the same software. For this reason, it will generally be impossible to secure all your email transactions. However, you should be able to agree on a standard approach with key partners and for your own staff.

Email can be digitally signed to verify the integrity of the message content and the sender’s identity. Although the email is not encrypted which means that anyone can read it, you know that it hasn’t been tampered with and it did really come from the person who says they sent it. This is an easier, cheaper option than full encryption.

Secure Web email
For organisations that require only occasional access to secure email, a free web-based service is a sensible choice. Such a service is offered with any Email solution offered by Mitsol. Remember that this service will not guarantee the security of emails sent to non-users of the service.

Dedicated email encryption
Encryption-based email software packages use a technique known as public key cryptography to scramble messages so that only the authorised recipient can read them. In some cases, security ‘plug-ins’ can be added to your existing email software.

Email software packages using public key cryptography are very secure and relatively simple to use, especially as there is now a defined security standard (S/MIME) for all email software developers to use. The main difficulty with public-key systems is that you need to know the recipient's public key to encrypt a message from them. Some software packages and common operating systems such as Microsoft Windows now include facilities to manage public key information.

Within your organisation, it is important that everyone's email system is set up to meet the security standards you require.

Secure email gateways
Some organisations find that it is more appropriate and efficient for emails to remain unsecured within their own environment and then be secured when they pass out into the internet. In other words, internal mail is not secure, but external mail is. To meet this requirement, email gateway security products are available. These capture outgoing email and ensure that it is sent securely.