echo ''

Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Curing Email Stupidity with Virtru

February 6, 2014

How many times have you opened an email only to mistakenly press the forward button on your phone? Oops. Then you realize that you CC’d the entire company on a private email about the latest office gossip. Never happened to you? Well, count yourself lucky.

Have you ever opened an email only to realize that you are not the intended recipient? When you realized the email wasn’t for you, I’m sure you stopped reading it…right? I’m sure you’ve never read an email intended for someone else.

Inadvertent forwards and unintended recipients are essential office entertainment. These stupid email mistakes become a part of office lore. “Do you remember that time the VP of Marketing sent a love letter to the entire department? That was fun.”

Back When Email Was New

Use email long enough and eventually it is going to make a fool out of you. In an age of instant messages, social networks, and search engines we still rely on the Simple Mail Transfer Protocol (SMTP). This protocol was invented in the early 1980s, way before the invention of the World Wide Web, at a time when “cutting edge” computers had unreliable networks. Back then it was an amazing feat to press a “send” button and see an email pop up on someone’s screen 20 minutes later.

SMTP was designed for computer networks that operated at 300 baud. They were designed as a “simple” or “stupid” way of making sure that your email would arrive at its destination after being relayed by a network of interconnected mail servers. There were no attachments back then, and people weren’t using email for a casual conversation about how embarrassingly drunk the CTO got at last night’s holiday party. In the beginning email wasn’t a particularly “personal” medium. At the dawn of this Simple Mail Transfer Protocol, people were sending emails like “Come Here – Mr. Watson!”

Back then no one thought about control. How do we give a user the ability to recall a message? Or is there a way that we can encrypt the email and put an expiration date on the contents of the message? No one was asking these questions because, at the time, it was a miracle to simply send a text message from one computer to another.

The S in SMTP Stands for Stupid… No, Really

Today we’re in an entirely different world. You can send videos and pictures as attachments in an email. Our emails are delivered almost instantly over networks that carry terabytes of data every second. The miracle of being able to send a simple message from one computer to another is now a commonplace part of our daily routine – so much so that people rarely stop to consider how an email is delivered. Well, how does it work?

When you write an email, your message is conveyed across the internet, unencrypted, via a series of third-party servers that you have no control over. So the email message that you just wrote with very personal details of your taxes or health records, that plain-text email was sent through some server sitting in someone’s data center. Anyone with access to these servers or the various networks your message was sent through can read it, and given the recent revelations about government surveillance it is very possible that your email was indexed and stored by any number of government or private actors.

You crafted an email in a client, maybe something like Outlook or Gmail, and when you did you specified a list of recipients both in the To and the CC fields; separate copies of this email are sent across the internet (again, in plain-text) and then stored on someone’s email server. Make a mistake that you want to correct? Too bad. When email was invented in the 1980s they didn’t add any mechanism for control. None. Are you sending something secure that you want to encrypt? Too bad. Basic SMTP offers no ability to protect information. You’ll either have to use something like PGP – a tool that requires a PhD in advanced cryptography – or you’ll have to use another medium altogether.

In those 30+ years no one has taken the time to reconsider this protocol – this Simple Mail Transfer Protocol. The servers that relay your email use the same methods they used in the 80s.  The message formats have changed little since the inception of email even though the use cases have changed dramatically. Instead of coming up with new protocols that have control and encryption built in, we’ve just stumbled along over the past few decades, growing ever more reliant on an email system that is uncontrollably insecure.

That’s why we’re lobbying international standard groups to change the S in SMTP from Simple to Stupid.

Secure Email Cures Email Stupidity

We’ve all seen the effects of using a 30-year-old protocol that offers no control to email senders. We’ve all seen what happens when a holiday party gone awry ends up plastered all over everyone’s inbox. We’ve all seen the details of a celebrity divorce on the front page of TMZ because someone forwarded a PDF to the wrong address. We’ve all see the “resignation notice” from the employee that has nothing to lose, and we’ve all seen what happens to careers and relationships when the wrong email shows up in the wrong person’s inbox at just the right time.

With Virtru you regain control.

When sending a secure email with Virtru, you can hit send, have second thoughts, and then recall a message without having to rely on half-measures. You can craft a message that is secured and encrypted so that any mail server your email is sent through can’t read its contents. You can prevent email providers from reading your private email messages simply to target you with ads. You can finally express yourself without having to worry about your recipient sending your email to everyone else.

Your email is your business. If you care about privacy and security you should give Virtru a try.