Articles and Books,  Business,  Consulting,  Kerio,  Mac Security,  Microsoft Exchange Server

Email Privacy

I originally posted this at http://www.318.com/TechJournal

Ever get an email from yourself that you didn’t send? Ever get spam from someone that you can’t reply to? Using the settings of an email program, it is possible to pretend to be anyone that you would like. If you want to send email from bill.gates@microsoft.com then that is entirely possible. Finding the address of who actually sent email is easy, but ensuring the identity of the sender is not part of standard email.

This is where the protocols for PGP, Pretty Good Privacy, and GPG, or GNU Privacy Guard, come into play. GPG and PGP are Open Source suites of applications allowing senders to digitally sign outgoing emails in such a way that it is highly unlikely that anyone else could have sent the message. In order to use their digital signature senders are required to enter a password to send the message.

It is also possible to use GPG to encrypt email using a shared password. This allows for forcing a password to both send and receive the message. Encrypting messages ensures both the identity of the sender and the identity of the receiver. Anyone that intercepts a message in transit or finds the message on either system at a later date can open the message without the password to do so.

GPG and PGP provide strong encryption measures to ensure privacy over public mediums of messaging. Email is not the only use for this. GPG can also be used to encrypt a file before using transferring it using other methods such as FTP or the web. The commercial version of PGP can also be set up to encrypt certain instant messaging traffic and an entire hard disk.