Home

Who wants to read my e-mail?

How can I snoop on somebody's e-mail?

How can I protect myself?

IT Security News

Copyright
   
 

Eva-Marie Andersson
 

Latest Updated:
3 December 2001

Who reads my e-mail?

E-mail is the most popular form of communication today. The number of e-mail users is probably well over 400 million across the planet, and enjoying a steady increase of some 2 million new addicts per week.

That is all well and fine, but the problem is that you never know who reads your e-mail, or which motives they have those who can or would like to read your mail.

Somebody once said that to send an e-mail is as secure as sending a postcard. That is plain wrong - it is much worse from a security standpoint. On the one hand you can fill an e-mail with so much more info, and on the other it is much easier to systematically scan the Net compared to regular mail.

This page will explain why you should never send e-mail across the Net without protecting it with encryption. This goes not only for companies, but for authorities, and private folks as well. The page ends with a summary description of how you can protect yourself.


Who wants to read my e-mail?

"I have nothing to hide and it doesn't bother me that someone reads my mail", is the most common view on this. If you are of this opinion you assume that all people are good. Unfortunately this is wrong. If you think of all the e-mails you have sent, you will soon realize that you have put yourself and others at risk time and time again.


Criminals

The quickening pace of development on the Internet holds for competence and imagination within the criminal field as well, especially organized crime. Many criminals use the Internet to varying degrees, not in the least the small-time crooks.

In many larger cities across Europe wealthy people have been subjected to heinous crimes and burglaries, all related to Internet usage. Several homes have been burglarized in a seemingly organized fashion. No one knows anything about the perpetrators, but they seem to be extremely well informed. It looks as if they have employed e-mail scanning, extensive snooping and then have proceeded to act. The police, which recently learnt how to use a mouse, are powerless against this new type of electronic burglary.

The criminal purposes vary but include the following:

Background information prior to burglary. To find out when you are not home. In practice the burglar would scan your inbox for the words "vacation", "holiday", etc. and find out when you are out of the country.

Blackmail. To blackmail someone becomes substantially easier with knowledge reaped from the Net. It can be related to anything from a new job, family events or extra-marital affairs.

The sale of stolen information. Information has value. The right information can have immense value for the right buyer.
Mapping. Many criminals map and collect information on scores of people. This information can be used for racist crimes, and other crimes where the subject can be used / abused. Journalists are a special target for this type of crime.

Deceit. Where knowledge taken from e-mails can be used to deceive people in any number of ways.

Theft. Business plans, inventions, drawings, names, manuscripts, and many many other things can easily be stolen. A patent application can be submitted by an impostor, etc.

Very few of these cases of e-mail snooping ever get noticed - so the figures of affected people are hard to come by. All that can be said is that the usage of the Internet as a planning OR operative tool in burglary and theft will continue to rise.


Fun and games

Knowledge of how to access other people's mailboxes is widely spread. In many cases it is merely young hackers or crackers that give it a go, without any malicious intent. However, the ensuing damages can be devastating and the subject does not always find it funny that unknown people are messing with one's Inbox.


Mistakes

It is easy, and very quick to send e-mail. Everyone has made a mistake sometime and sent the wrong mail to the wrong people. Similarly, technical glitches can cause mail to take strange turns - and sometimes your confidential info ends up in the oddest places.


Corporate Espionage

Some types of corporate espionage is allowed, and other types are not. Where you draw the line varies according to the company, and the country, in question.

All companies and executives should assume that other companies will do whatever it takes to access their information. What value a certain piece of information has to a competitor can best be vauled by the host company. Information of this type is sometimes traded on information markets or bourses run by criminal interests.

To send e-mail without protecting your information with strong encryption can be compared to allowing competitors into your offices with acces to everything including computers, archives, etc.

Think about what would happen if your competitor found out EVERYTHING about your person and your company?

Correspondence with clients
Business Development
Recruitment
Economic Information
Sales Leads
Etc

A company which is the target of e-mail espiionage very seldom notices it. Even government offices and military orgnaisations have been the targets without even knowing. How many companies are under constant surveillance?


National Government Agencies

Every modern nation has policies directing how it handles surveillance. In most nations a court order is a necessary requirement to wire-tap someone, and this order is in itself restricted material. In practice these court orders are usually issued after the wiretap has taken place, the purpose of which is to collect evidence and discover crime.

The access and possibilities that a national government has to wiretap (e.g. e-mail) someone are enormous. The laws and regulations surrounding this are very nebulous and in for example the UK ALL e-mail traffic passes thru a few computers. Read more: http://www.csmonitor.com/durable/2000/05/05/p1s1.htm

http://www.nandotimes.com/technology/story/
0,1643,500233045-500338944-501940229-0,00.html

In the US the FBI uses Carnivore, which is a black steel box that is placed in all the ISPs facilities. Thru this box the Feds can scan all e-mail passing through this ISP. This practice has been tried in court and the court found that the ISP cannot deny the FBI the right to scan mail.

In conclusion - you have absolutely no guarantee that national government agencies act according to their statutes. On the contrary - you should assume and prepare for that agencies or people within agencies misuse their capabilities.


Foreign government agencies and embassies

Governments and foreign embassies conduct larges scale organized and unorganised wire-tapping. Officially this is to combat terrorism, fight crime and to ensure the safety of the nation. In practice a lot of it can be described as corporate espionage.

The state-of-the-art system is the "Echelon" system run by the National Security Agency (NSA) of the US. NSA is fittingly called the "computer-CIA" and they can - on an hitherto unprecedented scale scan ALL e-mail, faxes and phone-calls, of ALL countries. This high-tech espionage operation is rumoured to employ close to 40,000 people and most of what they are up to is shrouded in secrecy. As of late, Echelon has been very much in the news thanks to enquiries conducted by the European Parliament. The EP is worried that the system infringes on civil liberties and that it conducts high-level industrial espionage. See www.europarl.eu.int/committees/echelon_home.htm for more information.

In 1992 the NSA admiral Studeman informed a committee that commercial espionage has become the second leg of the NSA. The US companies that seek advice turn to the Office of Executive Support, while in the UK companies would turn to GCHQ:s K-division. There is a wealth of information on the Echelon system to be found on www.echelonwatch.org which is an NGO devoted to monitoring this collossus of information gathering. What's true about all this? How powerful is really this Echelon system? No one knows, but the evidence is gathering momentum and - according to the European Parliament - it is definitely worth worrying about. They recently issued a recommendation to ALL European companies to encrypt their information.

Worldwide the picture is even more gloomy for e-mail security. Japanese have a wonderful knack for reading the internal memory of faxes sold by Japanese companies and the Russian government is very proficient at wiretapping e-mail. A curious detail is that the Global Incident Analysis Center recently discovered that a Trojan Horse (a program that sneaks into your computer and runs it from the inside) was sending information to an IP-address in Russia (194.87.6.X). GIAC recommended internet users to block traffic to this IP.

More info can be found at the Sans Institute. http://www.sans.org.
So we cannot know if governments track our mail. Maybe we are under constant surveillance because we got the wrong mail from the wrong person. Maybe your invention is already at some US company even before you have had time to patent it. There are no guarantees and everything is shrouded in secrecy.

 


How can I snoop on somebody's e-mail?

The exact technique will not be divulged, but to understand the risks a few methods will be described - from the simple to the sophisticated. What needs to be transmitted is that it is SO easy to snoop on e-mail and that everyone need to protect themselves or not use e-mail.

Background E-mail addresses are very public information. In most cases a persons e-mail address will give information about exactly which server a person is using according to the domain name. The header information divulges information about which IP number was used, thus revealing the server's number, address and proprietor. This makes it easy to use any number of techniques to snoop on somebody's e-mail.
A short listing of the techniques used:


Insider

The employees at the Internet Service Providers have all the possibilities in the world to snoop. Either they enter your account using your password and login or they simply take a copy of your whole inbox.

Either the insider does this on his own initiative, either as a result of bribes or pressure, or he does it on direct order from his bosses. It can also be the case that the insider is just carrying out instructions, and not knowing what he is doing.

Every day the information that passes through the ISP is backed up for security reasons, but the list of who can access this information is not public. The suffering party will often not even notice that someone has compromised their mail.

The insider can be everything from an ISP employee through police, military or intelligence agent, but a common form of insider is the normal computer service personell. Most people give these service workers their passwords without thinking twice. Other examples of insider intrusions include normal company networks (so called Local Area Networks, LANs), which are often used in apartment blocks equipped with broadband too. Every computer hooked onto the LAN can access mail sent to and from other computers, scan other peoples web-surfing, etc. There are several free programs on the Web to do this, most notably WebSpy.

The risk that someone would find the insider is small - the insider knows he is a potential target. It is very often a person with low pay whose services it is easy to buy.


Connecting thru a phone station

The phone system is very vulnerable to snoops. Voice and data traffic go thru phone stations which are often located out of the way in discreet places. If someone gains access to a station, which can be very small and located on a pole high up in the air - then it is very very easy to tap all traffic passing thru such as phone, fax and e-mail. The snoopers need not be in the vicinity, they can just place a transmitter to transmit the information through radio or the telephone network itself.


Access to the phonelines

A person with the right equipment can scan right off the phone lines. With really good tools a person can simply climb up a pole, hook on to the line itself and listen in on all information - and even place calls. Nowadays cables are most often in the ground, but phone companies are more than service minded when it comes to divulging info on EXACTLY where these cables are buried - since they are worried that someone is accidently going to cut them off while digging.


Forced entry into server

All servers have special entries for service, so called service ports. Sometimes they are not protected, but if they are it is with some simple password. ("Admin" is the most popular…) Forced entries can be done via anonymous servers and whoever manages to enter can access ALL information located on that server.

Even if you receive guarantees that your server has good firewalls and other forms of protection, the fact of the matter is that the ISP cannot guarantee the security of other servers that your mail will pass through. A mail will typically pass through at least ten servers on its way from client to client. ( See http://www.vitalsigns.com/products/nm/) Your protection is only as strong as the weakest link of this chain. That security is not good enough.


Stolen user identities or passwords acquired thru scanning

Every time you send and receive e-mail you send, completely open, your UserID and your password. It islike as if the department store chief would call out on the PA system the codes to the safe when he locks away the cash for the night. It is entirely possible to scan the IP numbers your ISP uses and copy all thrugoing traffic and then automatically search for passwords. Some scanners are on-line all the time with automated searches looking for vulnerabilities and passwords and some only do random searches.


Stealing e-mail by scanning

It is possible to steal copies of e-mail passing thru cyberspace. If you have honed in your search and you are scanning a precise server you can get exactly the mails you want. Or, you could use software "robots" which either scan the WHOLE net ALL the time or can carry out precise searches looking for words, phrases or names.


Broadband (fiberoptics)

Broadband has been marketed as the safer alternative. It is not. There are two ways to copy traffic from broadband, one is to physically bend the cable and remove the cover - will result in information leaking out that can be copied. The other method is to physically break the cable, mount a small device and then connect the cable thru the device. No one will notice if a criminal organisation or foreign elements perpetrate this sort of operation in some rural area where the cable passes thru.

There is also said to be a special kind of radar technique for tapping broadband, where simple proximity to the cable is enough to scan the info.


Aerial Phone and Data traffic

All traffic that passes tru the air can be accessed by anyone with reception equipment. Today there are local wireless Internet-nets in cities, and phone traffic goes via satellite. Most often this type of traffic has someform of encryption but usually too weak and the keys are with the wrong people.

Cell phone networks are of course weak in the same way. NMT, GSM 900-1800, AMPS och ETACS, US systems, etc. were said to be very secure. It shows the encryption used can be cracked in less than one second.


Web E-Mail

Web-based e-mail have very low security. During a famous breach of security during the autumn of 1999 Hotmail accidently allowed anyone to access any account. Without passwords. Passwords are often stored in the computer (cookies) used to access the hotmail account so very often the next user can easily access your account.

There are also special viruses that send an e-mail to the web-mail account. The virus reads the cookie-file and sends the stolen passwords back to another e-mail account. The user will not notice anything.

There is another very widespread method which is pure scam. A false copy of the login page for a web-mail is published. The only function it fills is to fool people to leave their passwords and then the page informs the user that there is a "temporary problem accessing" the mailboxes. The user will not understand what happened.

The LogIn function of any web-mail is a java script application that can be downloaded to your home computer. You can then conduct so called brute force attacks on the password of any LogIn name, most often these are easy and crackable. A program that does this in a few seconds is Munga Bunga.

Many web e-mail providers have a forwarding service so you can "POP" your mail. To activate this function you must often enter your UserID and password which are then stored at Hotmail. Not recommended, for obvious reasons.

On top of these specific risks, web mail have all the normal risks associated with them too.


Unauthorized Access to another computer

Access to your computer can be gained physically or thru network access. Many apartment buildings have LAN-like networks with access to the Internet. If someone gains access to your computer, then your LogIn and password can easily be found - in an encrypted file. Those who know how can decrypt this in no time.

With increasing speed new programs reach the market with new security challenges. Napster, a program for sharing MP3 files gives others access to your hard disc. With some small modifications it is the perfect spy-ware. Napster, which is only one of many peer-to-peer programs, today has 20 million users and projections point to 70 million before the end of the year. Many people connect to similar file sharing systems from their office computers, thus giving access for other Net users to their whole corporate networks.

Other programs such as Outlook, ICQ, etc. are very susceptible to small strings of code that will function that e-mailer robots sending out ALL your communications to an undisclosed recipient. The source code for this particularly ugly piece of spy-ware can be found at Underground Security Research (USSR) http://www.ussrback.com


Virus Trojans

There are virus programs which work according to the same principles as "Happy99" and "I Love You". The only difference is that the recipient wil not notice anything, since the only thing the virus does is to send your UserIDs and passwords to a preprogrammed mailing address. Other interesting pieces of Trojan software are Netbus and Backdoor / BackOrifice. By using these programs an external actor can simply take control over your computer and do what he or she pleases.


Software for eavesdropping

There is a plethora of programs for snooping, where many were designed simply to monitor net traffic but can be used for many other purposes. Some can be targeted at specific IP addresses and some have "Echelon" capabilities allowing them to scan / search for certain key words. Prices vary from a few dollars to tens of thousands and there are demo versions available.

Sniffer pro
http://www.nai.com Different version cost from 1,000 USD to 20,000 USD depending on the version. The program is marketed by Network Associates, which can seem strange seeing as how they are the market leaders in the protection field with products such as PGP and McAffee. It is a realtime program and one of the most advanced for the consumer market.

CyberSnoop
http://www.pearlsoftware.com Costs around 50 USD
The program logs FTP and chat activities. Install on the computer to be logged but cannot handle realtime.

Message Inspector
http://www.elron.com Costs around 20 USD 200 thru Dataconstruction. The program is designed to monitor networks and can also write reports - excellent for apartment buildings.

Intraspy
http://business.fortunecity.com/all/164/products/intraspy/ Costs 25 USD. Install on the computer you want to monitor. Can check everything, including keystrokes.

Webspy
http://www.webspy.com Costs around 300 USD (30 day demo available)
Livingstone Group has gone thru a name-change. WebSpy can monitor ALL traffic, very user friendly software, extremely effective.

Whatsup
http://www.ipswitch.com Costs 900 USD. The program is designed to analyze which computers are hooked on to a network, so the snooper would first use this program and then another one in this "Snoop-Suite" of programs.

 


How can I protect myself?

To protect yourself you should encrypt all your information and communication. The downside with encryption is that those with whom you are communicating must also have the exact same equipment. You would then encrypt and they would decrypt.

If you think this is over-kill then you could use an anonymous e-mail account. This level of protection will hopefully lead an attacker to attack someone else.

If you have important information to protect you should consider the fact that crypto cracking capabilities develop extremely fast - in conjunction with the extreme speed increase in computing power that was estimated to have taken 50 years. There are available today extremely powerful computers that anybody with the right amount of money can buy freely that are capable of 12,300,000,000,000 calculations per second (IBM ASCI White).

A couple of years ago it was considered extremely good with 1,000,000 calculations per second. In the security business there is an estimate called MIPS years, that represents how many years it would take for a brute force attack to crack an encryption. With today's computing power what formerly took a year now takes 0.3 seconds, and NSA and others probably have vastly more powerful computers. 0.3 seconds means that you do 12,000 years worth of brute force calculations in under an hour.

This means that symmetric keys need to be at least 2-300 bits or more to withstand a brute force attack. First a reduction would take place (prior knowledge about parts of the contents) then through trial and error different theoretical alternatives would be tested. A BlowFish algorithm of 256 bits can be reduced to around 40-60 bits and then brute force attacked on the remaining 1099511627776 - 1152921504606846976 combinations.


RSA

RSA does not only sound like NSA, but th three founders are former NSA employees. RSA is the big giant in the security world - and their algorithm, the RSA algorithm is the most frequently used, now present in over 90-95% of all encryption protections. Within the crypto world it is said that the RSA algorithm can be cracked with a simple PC program. NSA among others is said to be in possession of this program. RSA has never publicly denied that it cannot be cracked and it is therefore objectionable that they continue to release new algorithms.

The maths and the logic behind the RSA-algorithm is that if you have the sum of two large prime numbers (extremely large), you cannot just by knowing this arrive at the two prime numbers. P * Q = N where P and Q are two prime numbers. If you have N you cannot calculate P and Q (maybe not?). It is said that prime numbers of 4096 bits can be calculated with less than 25 million calculations, by starting with the last number as a prime and then using about 40 connections and probabilities - start to build up the prime number with the last prime number first then the second to last…etc. If these assumptions hold then such an encryption can be cracked in less than one second.

There are reasons to take this rumour seriously. The link between RSA and the NSA and the fact that it is American might make for a good case to choose another encryption algorithm. Another thing is that US crypto export has been extremely strongly regulated until December 1999, whereafter it has been freed for certified products. If you are just a little bit suspicious you can assume that it is free to export those products which NSA has the capabilities to read.

In conclusion it is safe to say that care should be taken when using american made products.


Hushmail

http://www.hushmail.com

This company was first on the market with encrypted web e-mail. The good thing is that it is free, easy to get started, easy to use and better than no protection at all. The not so good things are that the security offered is really no good at all. You're your computer to their server you are only protected by SSL encryption which is normally used for credit card protection, the service is s.l.o.w. and you cannot mail everything you want. And, as per usual when it comes to encryption, both parties must have get a new e-mail address.


PGP

http://www.pgp.com

This may be the most commonly used program for e-mail encryption, much due to the fact that it is free for private use and costing 40 USD / license for corporate usage. The program works with asymmetric encryption, which in principle always is more insecure than a symmetric solution since there are more known parameters. In principle the data mass to be protected is encrypted with a random key. This key is sent together with the message but encrypted asymmetrically with the public key of the recipient. In this way the protection is asymmetric.

The program exists in many versions and is american. Mr. Zimmerman who developed the program was sued by the US government but this was recalled 3 years later. How the agreement between Mr. Z and the US govt looks is classified material. Zimmerman later sold PGP to Network Associates, which markets the virus software McAffee and the snooping program Sniffer. PGP supports many algorithms and exists in many versions. This is a problem since the user knows very little about the version used and how the code looks. It is impossible to know if there are backdoors in the version one is using. To add to the problem there are millions of places where you can download PGP - if it is safer or not to load it from the US www.pgp.com ….no one knows.

If you have a good version of PGP it can be considered safe. Where PGP has been breached it has most often been related to faults committed by the user. A correct version, correctly installed and used - should be safe.

Info about bugs and risks in PGP
http://www.cert.org/advisories/CA-2000-09.html
http://www.pgpi.org/doc/bugs/win
http://www.csl.sri.com/neumann/insiderisks.html

A new serious bug was recently discovered and made public in August 2000. The bug is so serious that encrypted messages can be decrypted by others, even without brute force. In PGP from ver 5.0 there is a function called ADK (Additional Decryption key). The function is supposed to facilitate protection in corporate environments and has been criticized since it has meant serious risks concerning the safety of the keys. More discussions on this can be found at http://www.cdt.org/crypto/risks98/ ADK can place itself within an unencrypted area in the key. This smells like a backdoor and the manufacturer has announced a possible bug fix. The German who discovered the problem can be found on http://senderdek.de/securtity/key-experiments.html

The major logical security fault with PGP is that it is the recipient and not you that sets the level of security. Let us say that you are an expert and you have the most advanced PGP version, you have checked the source code, chosen the longest key lengths and everything else to make your PGP usage as secure as possible. When you are about to send a document to someone it is your counterparts chosen security level which sets the level and not yours. If your counterpart has a short key, a compromised program, and stolen keys…then the security will be accordingly. You must therefore not only check your own security but your counterparts as well, AND his security management!!!
Most people find PGP extremely difficult to use. A good report on this can be found at http://www.cs.cmu.edu/~alma/johnny.pdf


SafeIT (recommended)

http://www.SafeIT.com

This is a really good and user-friendly protection for your e-mails. It is fast and easy to get started and it is simple to use. The user mails just as usual usin g his normal e-mail program. Many people use SafeIT simply because it is so simple to use and also to tell customers to use it. Softnet Security, the company behind the product is from Sweden. They were recently given the first global export license for strong encryption of 480 bits.
http://194.22.106.5/en/media/pressreleases/010123.html

The security level is extremely high compared to other products and the establishment of secure contacts thru the usage of a 2048 bit asymmetric start using the Diffie-Hellman key exchange system. Thereafter the communication will be carried out with symmetric encryption. The keys used are discarded after each message is eschanged - which is a feature they are alone in the whole market with. You can choose between the symmetric algorithms Blowfish, Twofish, Rijndael/AES and the proprietary SafeIT algorithm.

The total security is superior to other products and seeing as how SafeIT is very much more user friendly than comparable products that makes it even more secure. If it is easy to use it means you will use it - if it is difficult you will not. SafeIT is wholly automatic and the user friendliness. You can use several e-mail accounts / addresses with the program. The negative aspects are that the program only supports PC users with WIN 95/98 NT, 2000 and XP. The program is free for normal users and can be upgraded for pros.

Awarded by Secure Computing Magazine:
http://www.westcoast.com/securecomputing/2001_08/testc/prod2.html#SafeIT


ZixMail

http://www.zixmail.com

Zixmail is a relatively new company listed on Nasdaq which has amassed tons of venture capital and is worth billions in stock market value. The product Zixmail is a new innovation that enables the sender to send encrypted e-mail to any recipient regardless of if the recipient has the program, a password or anything else. Fantastic. And free to boot. A closer look reveals the frightening truth that the security offered is nil, almost ridiculous.

A short brief of how it is supposed to work:

1.

Download the program. Works like an e-mail program.

2.

Create a special password.

3.

Send an e-mail to my counterpart that does not have the program.

4.

The e-mail will be delivered to the Zixmail server.

5.

The counterpart will get an e-mail from Zixmail informing him to connect to Zixmail and choosing a password.

6.

The counterpart will get a second e-mail, click on to the server - read mail.

Thus far it is all well and fine - except that it is a bit of a quirky process to send ONE e-mail. There are also certain flaws in the process such as the security clearance of the employees at ZixMail who can read the message in clear text and also that only SSL is used to protectthe messages. But when analysing further the security of the whole system you discover fatal flaws designed by the developer. If an eavesdropper where to catch the e-mail mid-flight then he can access the ZixMail server and register a new password. Not good.

In conclusion the product is dangerous in itself - since users can be led to believe they have protection when they have not. In most cases it is probably more safe to send an e-mail the normal way and hope for the best. By using the flawed security of ZixMail you basically mark information you want to protect as "secret" without making it a secret. Just like sending money in the mail, and marking the envelope "WARNING! CONTAINS LARGE SUMS OF MONEY".


Protecting Word and Zip-files with encryption (low security)

You can password protect Word, Excel, powerpoint, Publisher and Zip files. You can then send them as attachments. The security here is veeeery low. There are even publicly available brute force attackers which open these in no time - just look thru a search engine. On the one hand people use crappy passwords, and on the other the algorithms used are decidedly not state-of-the-art.


Certificates

Certificates are really an asymmetric algorithm where you have a public key which is your identity and is guaranteed by a third party. Messages to you can be encrypted with your public key/identity, but only decrypted by whoever has that identity's private decryption key. In Netscape and Outlook there are built-in certificate functions, which few choose to trust. During the fall of 1999 it was discovered that the Netscape certificate was only so much hot air, with no security.

Certificates are a much touted method, not least by governments who have even drafted laws implementing it. In security terms the method is not to be recommended, but has been backed by the possibility to make electronic signatures. There are many standards out there and the most common are RSA and S/MIME, then there are many certificators and many guarantors. The problem is that the standars and the differens certificate systems do not work well together.

Those who issue identities (the public and the private keys) give no real guarantees that the confidence will not be breached. To add to this incertainty the people at the certification authority are not neccesarily trustworthy. If someone can access the private key then they can getat the information. In many instances it can be much worse to live under the illusion that you ARE protected, than to know that you are not. All systems that build on guarantees from a third party carry other inherent risks, both with your own and others' management of your security.


Additional e-mail security programs

There are many. Most work according to the principle that you encrypt a file and attach it to an e-mail. The problem is that you must distribute your key in some way and only to the right recipient.

Some can be found here:
http://download.cnet.com/downloads/0-10000.html?tag=st.cn.10105-ron.sb.10000
http://www.pepsoft.com/
Emailsynaren in English Emailsynaren på svenska