16

If a webpage is delivered over HTTPS, the browser makes this clear with a padlock symbol. It's something that people look for. My browser also makes it clear that a page is not secure.

Why aren't emails treated similarly? In Gmail, you have to open up a small pop-up to see that an email is signed by DKIM and delivered over TLS. Else there's no obvious indication.

I ask this because someone asked me to put a link to PayPal in an email but it's a bad idea due to the risk of phishing. Except this would be no more insecure than a website if users were on the look out for a secure symbol, as they are with a website.

Steffen Ullrich
  • 201,479
  • 30
  • 402
  • 465
Ian Warburton
  • 1,187
  • 1
  • 11
  • 16
  • 2
    The last I looked, Gmail doesn't intrinsically support encrpted emails. There are addons available. – user10216038 Feb 04 '21 at 04:46
  • ok, maybe only signed then, or delivered over https. – Ian Warburton Feb 04 '21 at 05:00
  • 1
    I'm unclear about how links *in* an email are a factor or how they relate to your question. – schroeder Feb 04 '21 at 08:20
  • 1
    Sign you email with X.509 certificate and the recipient will see signature mark. – i486 Feb 04 '21 at 10:37
  • @schroeder If you have a guarantee that an email comes from a sender you trust then you can trust that a link to PayPal is not a link to a bogus PayPal account and someone else takes your money. – Ian Warburton Feb 04 '21 at 16:40
  • 3
    "If a webpage is delivered over HTTPS, the browser makes this clear with a padlock symbol." - It's actually the other direction; padlocks in browsers are likely to go away as well. - "It's something that people look for." - No, it isn't, that's why they're removing them ;) - I'm aware this doesn't answer your question much, and honestly I feel more should be done with e-mail encryption. – marcelm Feb 04 '21 at 16:56
  • 3
    So, I create a malicious domain, configure my email properly, and now emails are sent encrypted, signed, valid and pass DKIM. Now what? I think you are making assumptions about "safety" when you see "signed and encrypted". – schroeder Feb 04 '21 at 17:06
  • @schroeder Yes, you'd have to pay attention to the domain too. But without security features that could be spoofed. – Ian Warburton Feb 04 '21 at 17:27
  • @marcelm isn't it perhaps simply because https is forced on major sites anyway and on other sites as a user you cannot do anything about it. The lock itself does not tell you if you are on a phishing site with a slightly altered url than the one you wanted to visit because the phishers might well have used https too.... so imho, even if you know and care about it, the lock itself is pretty useless. (okay, it could help if the phishers are lazy... but if you go far enough to check the lock you can also double check the url... so meh) – Frank Hopkins Feb 04 '21 at 23:00
  • @schroeder Isn't it the same thing that happens with the HTTPS padlock? – Federico Poloni Feb 05 '21 at 08:04
  • @FedericoPoloni the OP is saying that if the email is encrypted and signed, then the content is likely safe. The green padlock ensures that the domain is verified and the encryption is of a certain quality. It doesn't verify the content either. So, yes. It's the same. – schroeder Feb 05 '21 at 08:09
  • @schroeder You get a padlock icon when you go to https://downloadavirushere.com/ (if it's a real site) telling you the site is perfectly secure – user253751 Feb 05 '21 at 13:02

1 Answers1

39

TL;DR: Mail delivery using TLS and signing using DKIM are weak protections, compared to accessing a web site using HTTPS. They should not be assumed to provide the same security and the indicators better should not suggest such interpretation.

... delivered over TLS?

Mail is delivered hop-by-hop between client and final mail server, i.e. there are multiple servers in between. TLS cares only about protection between these hops, not on these hops. Each of these servers has access to the plain unencrypted mail. The indicator in GMail shows only if the last hop of delivery was done over TLS - and this is all what the final mail server can control.

Because of this hop-by-hop even a TLS indicator does not mean end-to-end protection of the email, i.e. from sender to recipient. Contrary to this HTTPS is end-to-end protection from browser to server. See TLS encryption email for more on this.

... signed by DKIM

DKIM does not provide a cryptographic signature created by the sender - this would be done instead using PGP or S/MIME. DKIM is done instead by a mail server on the way. All it shows that the mail was (mostly) unmodified on the way from this mail server to the final mail server. It does not indicate that the mail was sent by a specific user, nor that it was unmodified between sender and DKIM signing mail server.

Note also that DKIM actually allows modifications of the mail. Depending on the method changes in white space are allowed but there can also be changes which completely change the interpretation of the mail - see Breaking DKIM - on Purpose and by Chance for more on this.

Steffen Ullrich
  • 201,479
  • 30
  • 402
  • 465
  • ok, I've updated the question. I meant signed using DKIM. – Ian Warburton Feb 04 '21 at 07:40
  • 2
    @IanWarburton: the update of your question says "signed .. using TLS". There is currently nothing about DKIM in your question. Also, if you ask about DKIM then this completely changes the meaning of the question - which is a bad idea if the question was already answered. Please ask a new question then instead. – Steffen Ullrich Feb 04 '21 at 07:41
  • No it doesn't. It says "signed and delivered over TLS". – Ian Warburton Feb 04 '21 at 07:42
  • 1
    @IanWarburton: Yes, TLS - not DKIM is you write in your first comment. – Steffen Ullrich Feb 04 '21 at 07:43
  • It's poor grammar then. I meant signed, and then delivered over TLS. Not signed and delivered both by TLS. – Ian Warburton Feb 04 '21 at 07:44
  • @IanWarburton: "signing an email" is usually considered signing by the end user, i.e. using PGP or S/MIME. DKIM (which is still not mentioned in your question) does not sign the mail by the end user, but only by some mail server on the way. – Steffen Ullrich Feb 04 '21 at 07:46
  • GMail says that mail is "signed" when I use DKIM. – Ian Warburton Feb 04 '21 at 07:46
  • Let us continue this discussion in chat. – Steffen Ullrich Feb 04 '21 at 07:47
  • 3
    "Contrary to this HTTPS is end-to-end protection from browser to server"—yes absolutely, but it's also worth noting that that usually isn't truly "end-to-end" because the server itself is often an intermediary between the two true end users of the logical conversation (eg users who both live chat through HTTPS connections to the same webserver might observe that their respective connections to that server are HTTPS, but that of course does not mean their chat is E2E encrypted). – eggyal Feb 04 '21 at 12:50
  • @SteffenUllrich That's a great answer. Thanks. – Ian Warburton Feb 04 '21 at 16:51
  • @SteffenUllrich: Each of these servers has access to the plain unencrypted mail. is that certain? Even if the destination is the same email provider? E.g. gmail to gmai? – Jim Feb 05 '21 at 15:50
  • @Jim: To be precise: each of the hops (mail servers) in the mail delivery with SMTP has access to the unencrypted mail. You can easily see this from the added Received fields in the mail header - it would not be possible to add these to the mail without having access to the unencrypted mail. I cannot say anything about the Google infrastructure though. But you can be certain that they have access to the unencrypted mails because otherwise they would not be able to give you access to these mails through protocols like IMAP or through the web browser. – Steffen Ullrich Feb 05 '21 at 16:46
  • @eggyal I think you just might be using a different definition of "end". In the context of HTTPS, I thought "end" means the system which is in control of the domain certificate, which you have to trust. Of course that system can take that data unencrypted and broadcast it to the world (like on their website) or deliver it to another user (like a chat) or they could print it on paper and mail it to France. – Greg Schmit Feb 05 '21 at 17:39
  • @GregSchmit: Yes, that is of course true in the context of HTTPS. But “end-to-end encryption” more normally refers to systems that ensure only the communicating users can read the messages; the systems you describe would not normally be considered “end-to-end encrypted”. – eggyal Feb 05 '21 at 18:30
  • yeah, fair enough – Greg Schmit Feb 05 '21 at 18:30