|
The Technical Zone... The Geeky forum... Use this forum to discuss technical aspects of email, from authentication protocols to encryption. |
|
Thread Tools |
3 Apr 2018, 09:10 AM | #1 |
The "e" in e-mail
Join Date: Nov 2005
Location: San Francisco
Posts: 2,281
|
Encryption at rest on email servers - Important?
General questions for discussion:
I assumed that having email data encrypted at rest on my email service providers' machines would help to prevent someone from stealing my data by hacking. Of course, encryption would not prevent theft of data if the hacker were using my login credentials. Is the security benefit of encryption at rest limited to preventing someone from accessing data when a physical drive is stolen? I'm pretty sure that Google encrypts Gmail data a rest. Microsoft encrypts its business accounts. I'm not sure about free Outlook.com. And of course the paid email services that advertise a high level of security such as LuxSci encrypt data at rest. |
4 Apr 2018, 06:54 AM | #2 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,722
|
Not sure really, since I think the largest danger is giving up your login information via a phishing attack or other malware. Once they have your credentials and can unencrypt your emails anyway, what does it matter? I suppose there is some vulnerability at certain email providers that your emails can be read by staff or access given via some backdoor, and then if they are encrypted nobody should be able to read them. With smaller providers there is really nothing other than trust that they won't read your email.
|
10 May 2018, 06:18 PM | #3 |
Essential Contributor
Join Date: May 2009
Posts: 263
Representative of:
EmailQuestions.com |
> What security risks does email encryption at rest mitigate?
It prevents plain text emails from being readable if someone physically steals the hard drive from the email service providers server. It also protects plain text from being readable if the service provider retires the drive without sanitizing it before dumping it in the trash, leaving it out on a desk, or sending it to a computer recycling company that doesn't properly destroy it. Any example where an unauthorized person gets physical access to the drive fits here. > Once they have your credentials and can unencrypt your emails anyway, what does it matter? Different things, having your username and password doesn't mean a bad guy can decrypt an encrypted hard drive. |
10 May 2018, 07:10 PM | #4 | |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,722
|
Quote:
|
|