When using SSL in an email client, do email attachments travel through an encrypted tunnel?
All traffic that travels over an SSL connection is encrypted, whether it's a Web page, a file or, in this case, an email attachment traveling between a mail client and a SMTP (Simple Mail Transfer Protocol) or IMAP server. Over an SSL connection, the email message and attachment both use SMTP and may travel between several machines before ending up in the recipient's email inbox. This works differently than a protocol like FTP, where the file is transferred directly between two machines.
When you send an email and an attachment via SSL, it travels from the PC to the office email server. Once the recipient collects the email, the message and attachment travels again via SSL to their PC. However, if an email is sent to someone outside the organization, the email is likely to be sent in plaintext. Despite this limitation, it is certainly better to use SSL for all SMTP connections that cross the Internet and other public networks.
To use SSL, you must install a digital certificate on your mail server and encrypt both mail collection as well as mail delivery. Encrypting only the SMTP protocol protects just the mail that's delivered to a Microsoft Exchange server, and not, for example, the POP3 or the IMAP4 mail collection. It's also important to remember that your message, even when sent over an SSL connection, is only encrypted during transit. The message will appear in plaintext while at rest on the mail server or the recipient's PC and on any backup media.
Therefore, to ensure email messages and attachments are secure, it is wise to encrypt them before they are sent. Using file encryption not only protects the attachment while in transit, but also protects the file as it is stored on a PC, while it passes through any mail servers and when it arrives at the recipient's machine. I also recommend signing any important messages. However, never blind carbon copy (bcc) someone an encrypted email because most email clients make it easy for the recipient to see who was bcc'd!
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Michael Cobb
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking ... Continue Reading
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.