Email Security – Why is the Human Element Failing?
Abstract: When email over the Simple Mail Transfer Protocol (SMTP) was first introduced in 2001, it was never meant to be a secure protocol. “Real mail security lies only in end-to-end methods involving the message bodies, such as those which use digital signatures,” states RFC2821, the original design document for SMTP. SMTP’s inherent security weaknesses stem from its reliance on transport-level security, limited authentication mechanisms, and susceptibility to vulnerabilities in the trust environment and transport system. It lacks the robustness of end-to-end security mechanisms using digitally signed messages to ensure message integrity and authenticity. |
Author:
|