Encryption of mail bodies
Nowadays it seems to be a must to encrypt one’s communication, in the light of the intransparent and uncontrolled spying of US-american and british secret services upon innocent people. S/MIME and PGP, i.e. PGP/INLINE and PGP/MIME, are common methods which enable users to encrypt their email messages.
However, the encryption of emails usually doesn’t involve encryption of the email headers. The sensitivity of email headers is often underestimated. It deserves more attention, as headers contain metadata with potentially sensitive information, which allow for automated profiling e.g. of a person’s habits and used software.
Sender and Recipient headers
Several headers accompany mail delivery, among them From,To,CC,BCC,Received,Envelope-to and Return-path. Understandably it is not possible to have them end-to-end encrypted without a change in mailing infrastructure. However in general some if not all of them could be end-to-end encrypted between servers. E.g. for the delivery over a mail provider only the domain name of the receiving server is required, as the receiving host handles the assorting of messages into it’s local mailboxes itself. The complete sender address and the user part of the recipient address could be encrypted using a public key, which the receiving but no other host can decrypt. The DKIM key jumps to mind.
Another example of a sensitive email header is the Subject line. It’s purpose is to summarize the content of the message body. Therefore it naturally is often written in a way that gives away the main statement of the message, rendering an encryption of the message partially useless. At the very least the content of the Subject header allows an attacker to focus it’s cracking effort on messages with a particularly interesting Subject. Furthermore it allows to track message topics, replies and forwardings and provides input to categorize interests and activity of a person. Subject headers should therefore be encrypted end-to-end, which they are usually not, even when message encryption is used.
It is sometimes argued, that mail systems must be designed in a way that spam and virus filtering are possible on the mail server, as it is realized e.g. in „De-Mail“. This idea however stands in direct contradiction with the idea of end-to-end encryption, as this sort of message filtering requires access to the plaintext message by a third party.
Ladar Levision and others are currently working on a specification for DMTP (as opposed to the current mail transfer protocol SMTP), which shall provide for a maximum of privacy through several layers of encryption, where every computer involved in the relay of a message is only able to decrypt the information absolutely necessary for successfull mail delivery.
Read more about Dark Mail: