You’ve got mail! – The history of e-mail and its consequences

You’ve got mail! – The history of e-mail and its consequences
09 Aug 2018

No longer writing down messages in ink and dropping them in the mailbox but rather being able to transmit them digitally within seconds: That was a milestone of the digital revolution, dramatically affecting our world on many levels. Below, we’ll take a brief look at the success story of e-mail, from its beginnings, right down to the security issues of today – assessments by XiTrust security expert Wolfgang Bauer.

The legendary IT guru, Ray Tomlinson, actually had a different assignment. The U.S. Air Force had hired him and other colleagues from the technology company, Bolt Beranek and Newman (BBN), to build up Arpanet, the precursor of today’s Internet. The beginning of the project dated back to the year 1968 when telephone receivers weighed as much as barbells. Tomlinson quickly grasped the opportunities of information and communication technology, and in the course of the project, he became more and more heavily involved in communication from computer to computer. In 1971, Tomlinson sent the first e-mail in history. It was the year in which John Lennon came out with the song “Imagine”.

At that time, no one could have imagined the significance of this development. Today, up to 300 billion e-mails are sent worldwide each day. The @ sign that Tomlinson introduced for e-mails has long since become an integral part of the universal language of pop culture. The sign was originally used by merchants to designate the unit price of a product. Today, the e-mail is by far the most widely distributed means of communication.

Whereas at the onset of widespread use of e-mail technology, people were mainly excited that it worked at all, other aspects have since moved into focus. Who is the real sender of the e-mail? Has the content of the e-mail been altered? Issues that are not always given the highest priority when it comes to private e-mails become all the more important for business emails, as in this realm, legal aspects are almost always involved. They key issue is the validity of an e-mail. Standard e-mails are not any more secure than postcards. Both can be easily read and their content can even be altered by others.

A short digression
It is interesting to consider how the universal term “e-mail” is handled grammatically in other languages, e.g. in German, where all nouns take a definite article of “der, die or das”, depending upon whether the noun is masculine, feminine, or neuter. On this point of grammar, many German speakers haven’t fully made up their minds, sometimes referring to “das e-mail” and sometimes opting for “die e-mail”, i.e. declining it as a neuter or feminine noun.
In fact, both forms are correct, at least according to the German grammar authority, “Duden”. In daily usage, either form may prevail depending upon regional preferences. So anyone learning German needn’t worry any longer about which form is “more correct”. One possible solution: If we consider the fact that the word e-mail is derived from “electronic mail”, in German “elektronische Post”, which is declined as a feminine noun, it would seem logical to also favor use of the feminine form over the neuter form; so the correct form in German would be “die E-Mail” (phonetic pronunciation in German: “DEE EE-MAIL”).

Low Security Awareness

There is still only a rudimentary awareness for professional e-mail security among private users. Data protection scandals are frequently followed by mere lip service to the necessary innovations in terms of security. A phenomenon that does not come as a surprise to Wolfgang Bauer, Head of Product Development at XiTrust Secure Technologies: “The response pattern is always the same: Following an initial outrage over the data abuse, things calm down and everyone goes back to business as usual. I would tend to doubt whether we can expect fundamental changes anytime soon on that score. In the business field, there is definitely a stronger awareness for e-mail security than among private users!” An awareness, however, that is often informed again and again by painful financial losses. The dramatic consequences that can result from communicating via standard e-mail are manifested by recent fraud cases, in which cybercriminals with fake sender addresses made off with millions. Even Internet giants such as Facebook and Google are among the victims of non-secured data transmission.

There is a professional answer to all e-mail security questions: the XiTrust Mailing System (XMS). When the company became heavily involved in e-mail security 15 years ago, the time was not yet ripe for solutions and products like XMS. Things have now changed. According to security expert Bauer: “Today there is a much stronger awareness for secure e-mail exchange. The insight that professional security solutions must be standard operating procedure, however, is still taking some time.” The contents of a normal e-mail are not confidential at all – a fact that tends to be easily ignored amid the billions of business e-mails in circulation. “Just because it says the sender is Wolfgang Bauer does not necessarily mean you can assume it is from me – nor can you be sure that the contents have not been altered”, says Bauer. “The more important the e-mail is, the higher the risk of abuse and potential loss!”

Certainty about the sender

Those who treat data and information responsibly know: With normal e-mails, it is impossible to hermetically protect the secrecy of letters. With the XiTrust Mailing System, XiTrust Secure Technologies has found a convincing way to guarantee the secrecy of letters in the traditional meaning of the word per e-mail, thus enabling companies to exercise control over their own messaging flow at all times. The cornerstones of this new security culture are intactness of original data, data integrity and the certainty of who the sender is, data authenticity – that is precisely the crux of the digital age: How do we know for sure that the person on the other end is who he or she claims to be? Now there is a way to be sure.

Today there are numerous high-quality methods of protecting e-mail content via encryption and signature, e.g. the gateway certificate. In this, e-mails are assigned a certificate in a centralized place. The recipient can be certain of the integrity of the content and the authenticity of the sender. The sender for gateway certificates is never an individual but rather the sending company. In this case, the sender works with a single certificate for everyone.

This method only provides for satisfactory results as long as there is a manageable volume of e-mails and thus of their recipients. That is why for smaller companies, the gateway certificate can be considered a practical solution.

Limits to the gateway certificate

The topic of e-mail security becomes more complex as soon a high number of e-mails are to be sent every day. For larger companies, this can easily be several thousand. Here, there is an increasing probability that so-called “mismatches” will occur. Many servers on the recipient side initially comb through the certificate in search of the sender’s name. It is not found in the gateway certificate, however. That solution only contains the sender’s company name. The normally out-of-date server refuses to accept the e-mail because it lacks this matching feature – even though it is encrypted and signed. This leads to delays until the matter is cleared up – including possible competitive disadvantages.

This is precisely where XMS comes in. As with a gateway certificate, XMS works with encryption and signature. The initial difference consists in the makeup of the certificate. Because XMS offers the option of using personalized individual certificates. Each sender can be personally associated with the e-mail, thus mismatches are eliminated.

Here is how the XiTrust Mailing System (XMS) works

The question remains as to the method by which companies issue certificates to their employees. Of course they can take handle the roll-out of individual certificates themselves. For larger companies with a multitude of senders, however, this requires considerable administrative overhead. The e-mail clients must each be individual equipped with a certificate. In practice, this involves additional overhead for employee training, which still does not take into account the required acceptance of the procedure by employees.

Personalized individual certificates

XMS handles the whole process on its own, relieving administrators of the handling overhead. The system is centrally integrated into the existing e-mail architecture and runs in front of the e-mail system like a firewall. The installation overhead for the customer remains minimal.
Personal individual certificates are issued by XMS automatically and centrally. For each outgoing e-mail marked confidential, XMS examines: Does the sender already have a personal certificate? If this is not yet stored, it is automatically issued by an eIDAS-compliant certified trust center, in this case the XiTrust partner company A-Trust. Thus, all employees sending out confidential e-mails receive their personal individual certificate without any additional overhead. Equipped with an attached personal certificate, the e-mail is sent signed and encrypted to the receiver who can be certain as to the person from whom the message originated and that the content has remained intact. In this, XMS automatically manages the company-wide roll-out with S/MIME individual certificates in any quantity. All internationally recognized standards for the signature and encryption of e-mails – such as S/MIME or PGP – are supported by XMS.

When Ray Tomlinson sent the very first e-mail in 1971, these technological innovations surrounding electronic mail were dreams of the future even for him. He really would not have needed XMS yet at that time: The pioneer, who passed away in 2016 at age 74, was often asked about the actual contents of the first e-mail. Tomlinson could no longer recall exactly. He guessed, however, that it could have been some gibberish along the lines of “QWERTYUIOP”…