So there is some encryption
involved. Now, realize that I am talking about using the browser here --
not any email client like Outlook or Netscape Messenger. Even with a
browser, lots of problems exist with these products and they
really don't offer ironclad security.
First off, by using Yahoo's mail client, you have to trust that some
nefarious person isn't monitoring the path between Yahoo and
SecureDelivery's servers. Second, the SecureDelivery system, like Safe-
Mail and CertifiedMail, don't actually deliver email messages to your
recipients. Instead, they deliver a notification message that includeds
a URL pointing to a secure Web site where you can retrieve your
For both SecureDelivery and CertifiedMail, all of your recipients have
to open an account to read your messages. Opening an account involves a
few steps and going back and forth from your browser to your email
client before you get everything working. Safe-Mail sends a
notification message with a temporary ID and password; while making
message retrieval easier, it is also less secure since someone could
intercept the notification message and sign in as you.
Speaking of trust, all of these systems require you trust these
companies' data centers are up to snuff, their procedures are solid,
and they really know what they are doing. It doesn't do you any good if
someone mistakenly copies your messages and leaves them on a public
directory, for example. A good security consultant (like my friend
Fred) would audit all of their procedures before signing off on any
assessment of their security service.
For these three products, even though they try to make things simple,
the whole process is still harder than it should be -- involving far
too many steps involved in exchanging messages. You still need
extensive understanding of public key infrastructure, certificate
management, and how your email client works. For example, these
products provide a very misleading dialog box indicating the message
has been sent. In reality, it's just hanging out in your outbox queue.
Fred had trouble using these products too, and he knows tons more about
secure email than yours truly.
Another limitation of these products concerns email attachments. Of
course, you'd expect these products should support attachments,
but SecureDelivery can't include attachments if you use their Web
client. If you use Yahoo Mail or their Outlook plug-in, then it works
Safe-Mail offers the most flexibility of the trio. In addition to
sending the notifications to anyone, you can also send ordinary
unencrypted email or only send secure messages to known recipients.
Nice, but your recipients have to be using its system.
Can you track what happens to your messages? CertifiedMail, like its
name implies, provides the best message tracking features of the three.