E-mail has been part of our personal and corporate lives for a long time, but it never has been secure.In my book The E-mail Frontier (1994), I wrote: “Sometime within the next three to 10 years, any e-mail without a digital signature will be regarded with the same suspicion as a stranger in the airport.” A cautious statement at the time, but I never thought it would take this long to achieve secure, signed and encrypted mail.In more ways than one, time is running out. We are nearing the end of my 10-year window, and still relatively few users or companies secure their e-mail even though much of it is sensitive. Meanwhile, estimates say that (unsigned) spam messages makes up more than 50% of e-mail traffic, threatening e-mail’s very existence as a medium. And we’ve got good reason to become even more suspicious of strangers, both within airports and on the Internet. While I’ve yet to succumb to clicking on an “I Love You” or “Big Boss” letter attachment, the proliferation of such garbage in the in-box adds tension to the workday.Perhaps it is perversity, but after receiving a signed message from a colleague at Symantec, I decided to try signing my own outgoing mail. Using Microsoft Outlook 2000, I requested a new certificate from VeriSign and set a flag causing outgoing mail to be digitally signed. Soon, the complaints began flooding in. While many of my colleagues who also use Outlook 2000 can read the signed messages, others cannot. For example, Outlook Web access users cannot read signed messages because Outlook does not support this capability. Nor can users of Microsoft’s Macintosh client. Nor can colleagues at a company that uses Lotus Notes, even though IBM/Lotus, like Microsoft, claims to support Secure Multipurpose Internet Mail Extensions.There are other problems. Encryption in Outlook is a nonstarter for most people because it requires use of (usually nonexistent) recipient public keys, whereas signing requires only the sender’s. When our clients have requested encryption, we’ve had to manually create password-protected, Pretty Good Privacy self-decrypting archives. To make signing truly worthwhile, one also should set the software to require a password or personal identification number every time the private key is invoked for every signature. This is a pain. And while I picked a short but obscure password that’s easy to type, I am looking forward to a later experiment with smartcard fingerprint readers.Individuals and companies can help by learning more about secure e-mail. It isn’t acceptable to send sensitive e-mail over the Internet in the clear. We shouldn’t let spammers get away with forging their “From” address. Experiment in your environment to see what can be done, and push your vendors to improve support for interoperable, secure e-mail. Related content how-to Doing tricks on the Linux command line Linux tricks can make even the more complicated Linux commands easier, more fun and more rewarding. By Sandra Henry-Stocker Dec 08, 2023 5 mins Linux news TSMC bets on AI chips for revival of growth in semiconductor demand Executives at the chip manufacturer are still optimistic about the revenue potential of AI, as Nvidia and its partners say new GPUs have a lead time of up to 52 weeks. By Sam Reynolds Dec 08, 2023 3 mins CPUs and Processors Technology Industry news End of road for VMware’s end-user computing and security units: Broadcom Broadcom is refocusing VMWare on creating private and hybrid cloud environments for large enterprises and divesting its non-core assets. By Sam Reynolds Dec 08, 2023 3 mins Mergers and Acquisitions news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe