We’ve all heard that email is not secure.  But how and why is email insecure? 

Email is typically sent like this; the sender’s email client (e.g. Outlook) sends an email to the sender’s email server using SMTP protocol.  Then sender’s server sends the email to the recipient’s server, also using SMTP.  Then the recipient downloads the email from the recipient’s server.  

Why this isn’t secure?

When the sender’s server communicates with the receiver’s server, the communication goes through many other servers (the internet).  It is possible that someone operating one of these servers, or someone who has ‘hacked’ one of these servers, wants to read your email.    Since SMTP sends the email unencrypted (unencrypted = in a format that anyone can read), your files (such as patients’ health information, clients’ tax return) would be sitting on so many servers that any number of people could intercept your file. Another danger is that because your email message is not encrypted, it can be intercepted during data transmission.

A packet sniffer is usually used by network or system administrator to monitor and troubleshoot network traffic.  However, by placing a packet sniffer on a network in promiscuous mode, a malicious intruder can capture all of the network traffic.  Also, detecting packet sniffers on your network is very hard. That means even if your email message is stolen, you wouldn’t even know.