As someone who has read plenty of discussions about email security (some of them in this very community), including all kind of stuff (from the company groupie to tinfoil-hat conspiracy theories), I have decided to put too many hours some time to discuss the different threat models for email setups, including the basic most people have, the “secure email provider” one (e.g., Protonmail) and the “I use arch PGP manually BTW”.

Jokes aside, I hope that it provides an overview comprehensive and - I don’t want to say objective, but at least rational - enough so that everyone can draw their own conclusion, while also showing how certain “radical” arguments that I have seen in the past are relatively shortsighted.

The tl;dr is that email is generally not a great solution when talking about security. Depending on your risk profile, using a secure email provider may be the best compromise between realistic security and usability, while if you really have serious security needs, you probably shouldn’t use emails, but if you do then a custom setup is your best choice.

Cheers

  • hades
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    1
    ·
    2 months ago

    Nice article!

    You seem to be missing the word “by” in the table introducing threat T04. Also, the threat summary table uses ✅ and ❌ in a way that was counterintuitive to me: initially I thought ✅ meant the encryption approach protects against the threat.

    A bigger issue IMO is how you describe email encryption in transit as a matter of fact, but according to Google transparency report[1] there are still domains that do not support in transit encryption, and, what’s worse, when you send an email you can’t tell if it will be encrypted or not.

    [1] https://transparencyreport.google.com/safer-email/overview?hl=en

    • loudwhisper@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Thanks, I will go and double check, I am sure there are more typos!

      I honestly didn’t think at all about the use of checkmarks/crosses and the fact that it can be misinterpreted, I will add a disclaimer.

      A bigger issue IMO is how you describe email encryption in transit as a matter of fact, but according to Google transparency report[1] there are still domains that do not support in transit encryption, and, what’s worse, when you send an email you can’t tell if it will be encrypted or not.

      you are right. The reason why I took that for granted is because I assumed the scenario in which people use the “mainstream” providers. I was looking at data and I think Outlook and Gmail alone make up more than 50% of the market share. I made an assumption which I considered fair, as 99%+ of the users do not need to worry about this at all. However, this is interesting data and I might add a note about it as well, so thanks!