Question

Is There Such a Thing as a Secure Email Server?

If any of you have been following the political discussions since Hillary Clinton began being "investigated" for her use of a "private" email server, I keep reading all sorts of things from conservatives referring to a "secure email" server and a law from 2006 )?) that says that one must be used for "classified" documents.

As background, I've been involved in IT for over 50 years.  But, although trained in TCP/IP and the Internet, I've NEVER heard of any TCP/IP or SMTP concept relating to secure email nor a secure email server!  Per my training, all "secure" emails must be sent by being encrypted on the sending computer.  After all, anyone employed by your ISP or anyone with a router in your path can read any document sent.  True, there is a TCP/IP standard for Secure File Transfer (SFTP) and we know that there is a standard for secure web (https: ), but I NEVER, in all the time I worked with networking, heard of a secure email standard.  Therefore, I always reject out of hand any illusion by people saying that Ms. Clinton violated some law from 2006 or, for that matter, any year.

I have asked some "conservatives" to point me directly to such a "law" and have not been able to receive a link other than "oh, yeah.  There was some kind of law from 2006...".  I keep calling people out but I want to know if anyone has a reference to such a law (i.e., link) or, what I'm really asking about is if any of you networking types have ever heard of a technical standard for secure email.  As far as I know, none exists.  But, of course, I'm only ONE person.  What I don't know is probably enormous. So, forgetting about if a law exists or not (I'd still like to see one), I'm more interested in the technical aspects.  Has anyone heard of any such thing as a "secure email server" and can you provide me a link?  I'd really like to know.  And I'm also NOT thinking about whether or not any of Hillariy's emails were "classified" (a term NOT used in the federal government)..  Note, I'd rather NOT have a political discussion about this; just a technical discussion to fill in any gaps in my TCP/IP standards knowledge.

Discussion is locked

Answer
Follow
Reply to: Is There Such a Thing as a Secure Email Server?
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Is There Such a Thing as a Secure Email Server?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
Well there are definitely laws in the health field

which is governed by HIPPA laws. I received an email from my doctors nurse last week and there was a message saying the email was encrypted. Encrypted emails means if the email is intercepted during transmission it can't be read. Typically email servers are on networks that are heavily protected with lots of skilled security professionals.

- Collapse -
Actually, No

Mail servers almost always are OUTSIDE of the protected networks as the technology requires them to be ON the Internet, for routing purposes. I'm assuming you mean that the servers have to be hardened, but that is usually always the case anyway. There was never any special security given to mail servers when I worked (recently) for the government as the mail senders don't have to worry about the contents being read. We used heavy encryption for the mail BEFORE they even left the sending PC. For example, one project I had was to send 800,000 social security numbers to the four major mobile network providers (along with our subpoena) for information. Each provider had different requirements but, basically, the data was encrypted first by hashing. That is, one-way encryption so that the data could not be read by anyone, even the recipient. The SSNs went from 10-digit numbers, to 40-characters of alphanumeric garbage. Then, the entire file was encrypted using GPG (PGP) encrypted to 4096 bits (or was it 4095; I forget). The file was also signed by me, as well. Then, we still were not allowed to use email, we had to put the files on old-fashioned CDs and sent by U.S. mail. (Not my requirement). Could have easily been handled by SFTP but, not really. The government didn't like that and the file could have been intercepted between my PC and the government's SFTP server, if they had one.

Besides, the way email (or any Internet traffic) works is that even though your email goes from your source server to the target server, it can actually pass through many Internet servers as well as routers due to TCP/IP "hops" and the way SMTP works. For example, if the TARGET email system is DOWN, it will store the email somewhere en route to that server. All of these servers being out on the Internet or, at least, in the DMZ of unknown entities.

- Collapse -
I'm Familiar with HIPAA

But, I can tell you that, if you actually read the HIPAA law, it is as "loose" as you can imagine. For example, lets take a company that divulged over 800,000 (I forget the exact number) of patient records not ONCE but TWICE (let's give this company a name.... at random, we'll call it Anthem). You would expect a large fine for a company whose only excuse was that "security is inconvenient". In fact, on a lawyer website, some lawyers calculated the HIPAA fine as being $5 billion +. What actually happened was they got away with only $127 million in fines to be used for purchasing a secure system. The law takes into account things like if the company knew what they were doing, etc.

Now, I have a question about your email that you received. If the email said that it was encrypted, how were you able to read it? Did you have to decrypt it somehow? My medical provider doesn't support direct email (except for email to tell me I have encrypted email/messages). It requires signing onto a web site. Is that what kind of thing you have? That can just use SSL. The actual HIPAA law doesn't really tell your doctor what to use but your doctor has to use "something". Give the law a read. What I am hoping for here is that someone can point me to any "standard" (such as, TCP/IP) for a secure email server. My previous TCP/IP training said that there is no standard for that kind of thing that only each side has to agree on an encryption and decryption standard done on each endpoint. If email is encrypted end-to-end, then the servers and networks in the middle should not matter.

- Collapse -
Answer
Secure email services were brought down by the USGOV.
- Collapse -
Agreed

The point though was there is NO definition within the TCP/IP definitions for secure email. Secure email has to be done ON THE PC. Why? Because if you use some sort of mail server to do the encryption, the mail has already left the building, so to speak. SSL would work as that should do the encryption at the source and decryption at the target and not be visible to any routers nor servers along the way, even the "final" server (POP3). People forget that, on the way to the "target mail server, email not only passes through lots of routers, but could also go through intermediate SMTP servers so any email would need to be encrypted at the source and NOT by a server anywhere.

- Collapse -
Answer
classified
"And I'm also NOT thinking about whether or not any of Hillariy's emails were "classified" (a term NOT used in the federal government).. "

The charge is her emails included "classified" material, and because there are no secure email servers, that's the crime, sending classified material across unsecured lines of communication. It's why all such emails should have been done ONLY using the government systems and also NOT to anyone's private email account outside that system. Also, if it had been done "in house" then emails to outside accounts probably couldn't even have been sent.
- Collapse -
I'm Not Going to Argue That

But the investigation showed that some of the emails "bordered" on requiring encryption but none actually did. There are no "secure email servers" because, as much as people will like there to be, all encryption needs to be done at the source. That is, if you are going to send a secret document from your PC (home or work) then the email MUST be encrypted BEFORE it leaves your comuter and heads out the WiFi or cable going to the wall. If you've ever used the "TRACERT" command (TRACEROUTE in LINUX, I believe), you know that everything you send has "hops" which are Internet routers where messages and other data can be read. With SSL, the information is encrypted by your browser. Same with file transfer using SFTP. But email, no such standard exists. There is no "Secure SMTP" standard. So, in terms of "Hillary's" emails, the ultimate question wasn't the private server, as many make it out to be, but a) was the email secret or top secret? and b) If it was (and the investigation said while it was close but not really secret), well, if it was, did she encrypt the documents (email) before it left her computer. The point that I'm trying to verify that the "server" played no real part in this. When I worked for the (local) government, we were supplied with a website that did NOT transfer any non-encrypted data but actually performed the encryption for us on our desktop systems.

So, I'm not addressing whether or not she sent secret email UN-encrypted or not, it is what the technology exists with talk about a "secure email server". There were no "rules" that the email could be sent to a private email address, as long as the emails were encrypted and remained encrypted until they were in front of the person on their private personal computer.

So, while the "charge" for Hillary was that "classified" (I take it you mean "secret" or "top secret") emails were sent, my recollection was that none existed. Private email servers do not enter into the technical aspects of this as the documents, even if sitting on a private server, are still encrypted. No? Your last sentence doesn't make sense because emails are sent ALL OF THE TIME to non-federal systems since the concept of DARPANet (before being called, "the Internet" was to send mail (even secret mail) outside of the government to government contractors and foreign governments. So, not being able to send to email accounts outside of the federal government don't make any sense. Otherwise we'd only have .GOV email addresses and not .COM, .MIL, .NET which have been there even when the Internet was pure military-industrial complex back in the 1970's. I hope this makes sense.

- Collapse -
more sense than you know

In 80's was at Ft Meade in a big green building with big green "golfballs" on top. Mainframes were phasing out, the PC coming in, but all comms to outside the building for what you described were by hand carried courier on paper, for security. Hillary's "server" was "insecure" in that it didn't have the software and secured comm lines the ones in her office would have.

- Collapse -
Sorry, James

But you really should look up how TCP/IP works. Try this: Use TRACERT in Windows or (I think) Traceroute, in LINUX. Pick out your favorite domain. Then:

TRACERT <name of domain>

You should see about 30 hops (max) most of them will be routers and not part of your setup nor part of the target destination. SMTP works similarly. And email is supposed to go through your mail server (which has to be on the Internet) and then to the target mail server of your destination. In actuality, it might pass through other mail servers on it's way. Certainly, if the recipient mail server is down or blocked, the email does not just vaporize. It "might" be left on another server temporarily.

You said that she should have used a "secure" server. But, sorry. There may be hardened servers but no "secure" servers. The point I'm making is that there is NO STANDARD for secure SMTP (as far as I know). Also, no such thing as secure comm lines once packets go to the Internet. So, the ONLY way to have secure email is to encrypt it yourself before you hit send. If you think the comm lines have to be "secure" then NO email could be sent at all because they use the Internet and that would mean you have no control of the comm lines outside of your facility. If you have some other way of doing this, while still using the Internet in a secure manner, I'd love to hear about it. In any case, the investigation didn't find any secure documents. But I'm not talking about Hillary. I'm talking about the technology of a concept I've never heard of: "secure email server". We also don't know if Hillary's server was hardened. I doubt that Bill set it up.

- Collapse -
I think you missed my point

She NEVER should have had an email server at home. The only "secure" server is the one in a closed office system that isn't connected to the internet. My wife's previous job used a closed system and there were some separate internet connected computers elsewhere for use to "outside" that office system.

- Collapse -
OK, True

If, what we are talking about is a CLOSED email system, then we are talking about a system that is NOT in any way connected to the Internet. But, if she was even able to send email from her home, then she is dealing with Internet email unless she was connected to a secure network that is part of her office "secure" system. So, if she was NOT connected to an Internet mail system, she would not have been able to send MAIL at all. I worked for a government office since 1980. Before the Internet, we had a small (departmental) email system. Once the Internet became mainstream (non-DOJ), the entire County went to Internet email.
So, I do understand what you mean, but, if she was outside of any closed system, she would NOT have been able to send email into that system. From an Internet standpoint, the ONLY way I know of to use Internet email is to encrypt email on YOUR computer and the recipient decrypts the message on their computer. There is no security in the middle period. The reason being the Internet is, itself, not secure. No "secure" comm lines and no "secure" servers.
I did not want to get into a "political" discussion, especially because, so far, nobody has found a single email that was supposed to be "secured" in the first place. But, if an email needs to be sent through the INTERNET (versus a completely closed system as you described) then there is no secure comm lines once an email gets onto the Internet and no secure intermediate servers. So, the question then becomes, is her office email system closed or does it connect to the Internet? But standard Internet protocol (called "TCP/IP") does not have any security features for email.

So, if you are saying is that she should have used a server NOT connected to the Internet, than how could she have sent any email to any Internet email addresses? That is why I'm staying away from the political discussion and sticking with the technical discussion. The political discussion would be the place to discuss whether any of her emails were or should have been "Secret" or "Top Secret". But if a closed system is not connected to the Internet, then that system cannot send or receive Internet mail. So, I'm not missing the point. You are talking about a closed email system which I'm pretty sure does NOT exist in any office today (opinion flag) because it would be fairly useless. The Internet was designed as DARPANet which was a fairly closed system. Closed because the average citizen or company could NOT connect to it without jumping through a lot of security hoops. In the government offices where I worked, there were no extraordinary security issues using any closed system after the Internet became mainstream (how would you send or receive email from constituents otherwise?).

- Collapse -
Answer
well actually there are secure email services

email services we generally use are not secure at all but if just look around a bit there are secure email service provider like CRIPTEXT. It is a wonderful secure email service with end-to-end encryption, open source, no cloud storage and follows signal protocol. It also give a number of awesome features like taking back emails after being sent and real time email tracking. And honestly I have been using criptext for a long time now and i have never felt more secure as my mails are peotected and not read by any other person except one it is intended to.

- Collapse -
That's The Point

Email MUST be encrypted end-to-end, just like you mentioned. But, out on the Internet, the sender has ZERO control over the path of an email. For example, suppose you are sending email to a place where the mail server is down. No, you don't get a notification because the mail can sit on an intermediary server waiting for the server to come up (e.g., even if your computer can check that the server on the other end is alive, all it needs for is a router to go down. If you remember TCP/IP 101, anything coming to or from your desktop or laptop is broken into tiny packets about 1510 characters each and are sent through INTERNET routers (not home routers) and arrive at their final destination for being put in the correct order. But, for SECURE email (no, not GMAIL or YAHOO), the message has to be encrypted on your computer (not on a server) and decrypted on the destination. I have not looked at CRIPTEXT yet (thank you for that name). While I was working at a government office, we really did not have encrypted (Internet) email at first. I still remember when we had closed systems at our department but the Internet was not involved.

In the last two years I was there, they did get a third-party encryption service. The important thing is that the email NEVER left your computer unencrypted (end-to-end as you mentioned). So, technically, the "secure" part was never at a server anywhere. You used a website that would do the encryption on your machine (desktop) without sending data anywhere and then, finally, would send the encrypted email out. The receiver would need to use the same product to decrypt the mail on their desktop computer. Where the problem was, if any of your recipients were NOT on the system, they could not handle the encrypted email. So, if you are looking at the head of the U.S. State Department, you would never be able to send an email with cc's or bcc's that didn't use that system. Because, if the decrypted form of the email got out onto the Internet, that was the end of the encryption.

I'll look into CRIPTEXT. Thanks.

- Collapse -
Answer
as a Secure Email Server?

To many users, a less-protected email provider is harmless, because they feel like they have nothing to hide. And the likelihood of someone looking into their email is considered to be negligible by many.

Although you might have nothing to hide, that doesn’t mean you should ignore any form of email protection. Companies like Gmail, Yahoo and Outlook will hand over your email data to the U.S. government without hesitation.

In addition, what most users don’t realize is that, when you create an email account at Gmail, you also allow Google to scan your emails for keywords. Google uses this practice to target you with product personalization ads based on the scan results and analysis of all your email data.

Obviously, it’s not like Gmail and Yahoo are completely unprotected and insecure email providers. But, there are quite a few other email providers that offer highly advanced security features.

These less-popular email providers offer high-end security and encryption features, as well as much better protection of your online privacy overall.

In contrast to Gmail or Yahoo, these email providers don’t scan your emails for advertising purposes, and don’t hand over your email data to the U.S. government - or any other government, for that matter.

The majority of these email providers offer a mixed range of free and paid plans. Free plans often provide limited access to all the features - a limit on the number of email accounts and limited storage space.

However, the paid plans are rather inexpensive. For just a few dollars a month, you’ll have access to all the features, multiple email accounts and decent storage capacity.

Remember, when you aren’t paying for a product or service (like Gmail, Yahoo or Outlook), you are the product.

1.CounterMail
They use diskless data servers, which basically means that any in- and outgoing email traffic can’t be read by others. Also, CounterMail is the only provider with 100% transparency on how their security systems work.

The company focuses entirely on your security. It’s also the only web-based service provider that implements a USB dongle feature. This provides an additional layer of protection in the form of physical security.

- Collapse -
Answer
Is There Such a Thing as a Secure Email Server?

A secure email service is the easiest way to keep your emails private. Not only do they guarantee secure and encrypted email, they protect anonymity. Most regular free email accounts are just fine for the average user, but if you need to be confident that the messages you send and receive are totally and completely protected, check out some of these providers.
ProtonMail is a free, open-source, encrypted email provider based in Switzerland. It works from any computer through the website and also via the Android and iOS mobile apps.

The most important feature when talking about any encrypted email service is whether or not other people can get a hold of your messages, and the answer is a solid no when it comes to ProtonMail since it features end-to-end encryption.

Nobody can decrypt your encrypted ProtonMail messages without your unique password — not the employees at ProtonMail, their ISP, your ISP, or the government.

In fact, ProtonMail is so secure that it can't recover your emails if you forget your password. The decryption happens when you log on, so they don't have access to a means of decrypting your emails without your password or a recovery account on file.

Moderator Note: Training was not asked for so the link in this post was disabled.

Post was last edited on August 13, 2019 3:38 PM PDT

- Collapse -
Answer
No. There is no such a thing as secure email server.

There is no such a thing as a secure email server. There is a secure email service however. Email was born in 1970s and it uses the basic store and forward model. Because a email server needs to forward and store messages, the header of the messages are usually not encrypted so the servers know where to forward the messages. Secure email services like, ProtonMail, uses zero knowledge encryption to secure data at rest, HTTPS or VPN to secure data in transit.

Moderator Note: Good answer but to keep this from being spam, the link has been disabled.

Post was last edited on August 13, 2019 9:05 AM PDT

- Collapse -
The Concept of "Secret" Email

We know that in the RFCs for TCP/IP, there are definitions for secure FTP and for secure web (HTTPS). But, to the best of my knowledge, there has never been a "standard" for secure Internet email (that is, secure SMTP). The rule I was taught was that, if something needs to be sent via email in a secure manner, then it has to be encrypted ON the sending device (PC) and de-crypted on the receiving device. Without that, the conversation does NOT have control of the level (depth) of encryption. Therefore any use of an encrypting server would mean that unencrypted data could be sent in a clear form from the sender to the server, which is NOT secure.

Therefore, the only way a "service" can be truly secure is if the encrypting is performed on the source computer. You can't send an email TO an encrypting server and have it still be secure as it can be read at any HOP along the route or by anyone with software to read Ethernet packets. e used one "service" solution where I was working, but the encryption was not performed out on a server, but rather, on the initiating PC. The "server" simply supplied the code to do the encrypting.

Post was last edited on August 13, 2019 11:43 PM PDT

- Collapse -
Secure Email

I believe, at least in my organization, the secure pieces of email are:
End point encryption
Digital signature
PtP (VPN) encrypt/tunnel
between (at least internally) Enchange servers.

I believe you're right that there is no "standard" defined by a guiding or governing body like with others secure services or protocols, etc. That doesn't negate the concept of securing email. A good potential future source for a standard might be an organization like ProtonMail.

- Collapse -
Exactly

The issue with doing email security using "servers" is that the mail would travel through a local LAN unencrypted while it reaches the server. and then, what happens between an SMTP/POPS server and the destination user? This is why I didn't want a "Hillary" discussion only that I was pointing out in other areas that there was no such thing as a "secure Internet email Server" as many assumed there would be. My education was that email had to be done end-to-end. Since email can bounce around on Internet SMTP servers, it means that just because YOUR server is secure, it doesn't mean that intervening servers and, more important, routers, are going to be secure (that is, "hops"). Thank you for replying.

- Collapse -
The whole secure email idea "blown."

Look at what happened to LAVABIT.

Many articles about it but the most DAMMING find is that the USGOV insists (non-negotiable) on installing hardware to facilitate the surveillance of all communications.

Even if you manage to create "secure" email over the Internet, you will be dragged into court and if you refuse, jail.

- Collapse -
Lavabit

I have not been familiar with Lavabit at all.I can't see how any server-based secure email system would work unless the creator AND all recipients are on the system and communication is through an encrypted pipe. If you send an email off to jdoe@someomain.com, would the mail jeading to the smtp/pop server be encrypted? But, true. There are still government agencies that don't like encryption.

- Collapse -
PGP's author was hounded the USGOV over this.

PGP email was for a time secure. Maybe it's been upgraded but it's another example that if you manage to create secure communication you will be subject to harassment by many governments.

https://www.cnet.com/news/feds-drop-charges-in-encryption-case/ is too light a treatment of what our government did and what continued on past that date.

- Collapse -
Answer
Classified, isn't?

I'm curious to understand your thinking when you say "classified" is NOT a term used by the Gederal Government.
While the word Classified is not a classification in and of itself, utmost certainly applies to the content, if not the "server" wrt the Hillary email debacle.
Actual classification labels for objects used by the Fed are Confidential, Secret and Top Secret. All these are considered "classified" (not to go down the rabbit hole of SCI or Code Word and others I probably never heard of). Again. It's the content, or Object, that holds the classification so any "classified" content exposure or "spillage" as it can be termed, would be "illegal". Especially if the release is intentional. I could dig and come up with specifics, however, suffice to say any Hillary release of classified objects would at minimum be covered under her Mandatory IT Use Agreement; which must be signed, approved and recorded before ANYONE is given access to government systems, networks or data (classified or not).

- Collapse -
Yes, I Agree

I ws saying that there is no classification as "Classified". It was as you said, "Secret" and "Top Secret". The question I have is this: After 51 years in IT, there is NO INTERNET STANDARD for Secure SMTP that I know of. That is, unlike secure file transfer and secure HTTP (SFTP, HTTPS), there is no such thing that I know of for email. That is, no SMTPS. It has to do with the end-to-end nature of email. So the "rule" was, if anything needed security, you are required to encrypt the email before it leaves the sending device and it gets decrypted on the receiving device and NOT on any Internet server. As you know mail and packets "bounce" around on the Internet before arriving at a destination. Aka, "hops".

As I also said, this was not specifically about Hillary as I didn't want a political discussion, just a technical one. You also probably have read that Mr. Trump (I really don't want to talk politics here, just technical) had the "current" secretary of state launch an investigation into Hillary-era emails. Out of 10's of thousands (they mentioned a number that I forgot) only about 30 were "mis-classified" and those would be discussed with the authors of the emails (not Hillary). They also provided that they would have preferred that she use the department's server simply because they think it might have been more hardened than her personal server. I personally don't think this was fair in that the person in a department such as the state department responsible for determining what is or is not secret/top secret isthe secretary. That is, it was Hillary's call and going back and redetermining eligibility for classification is hindsight at best. At least the "lock her up" mentality is now over since she has been cleared by the current state department administration that found no evidence of systemic abuse...blah blah.. But, I was just asking if anyone knew of any TCP/IP determination for secure email/SMTP or anything of a server-side secure email system. We had one, but it didn't process mail at the server-side. It encrypted the mail on the user PC, where it should be encrypted. Therefore a non-political technical discussion, whatever side of the political isle you or anyone is on. I worked for the government in security at the COUNTY level, here in California.

Post was last edited on November 11, 2019 11:27 AM PST

- Collapse -
SecMail (Yes, I just coined the term. ;) )

Would S/MIME qualify as secure email? Just popped in my head, haven't looked into refreshing my memory on what it Ctually is.

- Collapse -
Proton

Other than SMIME, the only other thing that comes to mind is ProtonMail. But, this is, as you say, just encryption (5kbit key I think) .
If I see anything more relevant, I'll be sure to po st.
Merry Christmas All.

- Collapse -
Technically, Yes

The point is that, unlike FTPS and HTTPS, there is no "server standard" for email. No secure SMTP established in TCP/IP standards. That is because, unlike FTP and HTTP, email is an end-to-end thing rather than a server-to-user concept. The only method that I know of to secure Internet (repeat, INTERNET) email is encryption so, S/MIME would probably qualify. There are also other encryption-based techniques and, while some seem to use a server, the encryption is actually done on the user PC that is sending the email.

I just wanted to make sure that, if I'm telling people that (as of 2006) there was no such thing as a "secure Internet mail server" that I wasn't lying. Of course there are ways to encrypt the email but, as far as I know, there is no secure SMTP standard for a (mail) server.

So, in other words, yyes, you can send secure email, but it has to be secure from the originating PC. We all know that, in TCP/IP (the rules of the Internet) that there are HOPS and mail/all Internet traffic can be intercepted at any HOP should someone be so inclined. In addition, even though at level 4 and above of the model it appears that the email goes directly to the destination server, I remember that, if the destination server is not available (maintenance, etc.) the email can sit on another SMTP server waiting to be passed to the final destination.

- Collapse -
Who's on 1st

I'm not sure you're 100% correct that the Secretary would determine classification level. My understanding, by doctrine, the "Data Owner" sets classification. This may or may not be the head of the department, though in this case, SecState may be ultimately responsible. Though these types po f things are usually delegated to a Designated Representative, officially by memo or order, depending on the type of organization.
I work more with procedure (controls, hardening, STIGing, continuous monitoring, etc) than policy, so take my words with a grain.

- Collapse -
Thanks

But I remember "hearing" that the Secretary of State is responsible for setting the standards at the state department. In that case, it would have been... Hillary. Usually, it would be something worked out with the IT department, I'm sure but would be the Secretary of State's responsibility. But, I could be wrong. When I said "secretary" I was implying the federal government department "secretary". That is, "Secretary of State" and I don't believe that he or she reviews each and every email. Maybe just sets standards or intervenes when there is a question that can't be resolved at a lower level. As long as a standard is set, the author of the elails should be responsible for adhering to the standard. In the case of the "Hillary" issue, the current (Trump-era) Secretary of State was assigned a task to review all emails by the previous administration. Personally, you have two Secretary of States each with their own ideas and, possibly, different standards, with the newer one reviewing email from under a previous administration with a different standard. However, the result was that there were thousands of emails with only about 30 questionable ones and the individual authors being counselled on their choices. They found no "systemic" violation of email security. As for the server, the finding was that they would have preferred that Hillary used the departmental server only in that it might have been more "hardened" than her personal one. Once an email is out on the Internet, there is no guaranty where an email may wind up or pass through so, having no standard for secure email like they have for file transfer (FTP) or web (HTTP), the only way is to encrypt email on the source and decrypt the email on the target computer (user machines).

Post was last edited on December 8, 2019 2:25 AM PST

- Collapse -
Answer
Secure Email Server.

A secure email server is an intranet server that does not access the internet. That is why its secure.
Encryption does not make anything more or less secure, it just means the message is encrypted. Which doesn't take long now these days to decrypt it.

CNET Forums

Forum Info