Secure e-mail is an internet solution designed to uphold privacy and eliminate security risks in the use of information technology. Its features enable organizations to prevent leakage of classified information; the circulation of delicate, repulsive or illicit materials to the public; ensuing legal liabilities; disclosure of internal network information and violations to existing security and privacy regulations (Wiechert, 2007). It also protects against spam, malicious codes, fraudulent e-mail and attacks such as DoS or DHA.
Secure e-mail ensures privacy in that the recipient is the sole person who reads the message and audit trails prove to the sender that the message is received by who it was intended for. The recipient can also establish whether the message has been modified in transit promoting data integrity. It provides authenticity by allowing recipients to validate the identity of the supposed sender and non-repudiation as well, or evidence that the sender indeed sent the message (Wiechert, 2007).
AT&T Encryption Services The AT&T Encryption Services is a product designed to support secure e-mail. Its features guarantee end-to-end e-mail confidentiality by prohibiting the access of unauthorized persons to key messages and attachments, allowing the authentication of the e-mail sender, non-repudiation and a confirmation of the veracity of the e-mail message assuring the recipient that no modification was conducted (Product News Network, 2008).
The Encrypted Mail feature, which is compatible with Outlook, Lotus Notes, Outlook Express, BlackBerry(R) and Webmail, encrypts e-mail messages and contents on the PC while the Encryption Gateway, an enterprise policy-management filter, transparently decides which e-mails should be encrypted and employs PKI, X. 509 and S/MIME as encryption standards (Product News Network, 2008).
AT&T Encryption Services also offers Encrypted Mail Exchange, which ensures complete encryption of e-mail messages and attachments in a message-exchange platform for certain groups within an organization, and Encrypted Document Delivery, an application that encrypts signed documents such as statements, invoices and notices for secure delivery to clients through e-mail (Product News Network, 2008).
Encryption via the PKI standard to achieve e-mail security involves a long process that requires recipient pre-enrollment for keys, mutual agreement between sender and recipient to trust one or more Certificate Authorities, download-installation of a root certificate, installation of their own personal digital certificate and exchange of keys by sending each other digitally signed e-mail messages (Kemshall, 2008).
In S/Mime functionality, a sender generates a digital signature for a message using his private key, encrypts the message by employing symmetric bulk encryption to and encrypts the encryption key using the recipient’s public key which creates a lock box (De Clercq, 2006). The recipient then decrypts the lock box through his private key to yield the bulk encryption key that will be used in decrypting the message for viewing. Anti-Spam and Secure E-mail In April, a Symantec report revealed that spam composed more than 80% of all email and has been steadily increasing as compared to previous years (Infoworld. om, 2008). Despite the variety of anti-spam products in the market, spammers have become adept at discovering spam filter vulnerability at the same time continually developing new tactics such as back scattering. This has become a bane to companies who need to regularly upgrade their anti-spam technology to reduce risks, an endeavor that requires the use of information technology resources, considerable finances and even the sacrifice of user convenience.
This situation necessitates that mail servers closely adhere to security measures that bar anonymous forwarding (Infoworld. com, 2008). The use of secure e-mail solutions can enhance anti-spam activity in business organizations by requiring sender authentication before messages can be sent within the network system and read by recipients. E-mail addresses which are not in the directory can not send messages. Further, unencrypted messages from senders who are policy-bound to encrypt also trigger violation alerts.