Not all email encryption providers are created equal: S/MIME & the Outlook Bug

By Mark Liapustin on Nov 07 2017

Email encryption has become a pivotal tool for businesses and average citizens around the world, due to the simplicity and ease that emails can be hacked. Encrypted email providers are constantly developing new ways to better protect your information and keep you and your business safe. Now that there are solutions which protect organizations from hacked emails and information, it is even more important to ensure said solutions function correctly.

Recently, an end-to-end encryption protocol, S/MIME (Secure/Multipurpose Internet Mail Extensions) has fallen under fire for its failure in keeping the emails of its Microsoft Outlook users encrypted. Companies using this protocol in Outlook need to beware. For the past six months, emails thought to be encrypted, were actually not.

The problem was due to a bug (CVE-2017-11776) in Microsoft Outlook that occurs when users format their emails as plain text while using the S/MIME encryption. This causes the “encrypted” emails to be sent in a human-readable clear text form along with the encrypted version. This was not the service that was promised.

One of the biggest issues is also that the users would have no idea that the sent email was compromised. It would still show up in the sent folder as “encrypted” leaving the user with a false peace of mind. Tracking is a key part of email security and companies such as Trustifi have great solutions to this tracking error.

Many consumers do not understand how to encrypt an email and trust their providers with their personal information. Trustifi’s solution avoids these issues because they are a military grade, court validated interface that encrypts your emails with absolute ease. They continue to compete with the best cyber security companies in the industry due to their dedication to security. Trustifi’s solutions for encrypting emails is simply one way they can avoid what happened with S/MIME.

Cybercrime is a serious matter, and how a company protects themselves with a secure email gateway should be taken with care and certainty. The best cyber security companies around the globe understand the trust their clients put in them, and the importance of their role in their clients’ lives.

Trustifi, a patented email solution that encrypts and tracks emails, and is the first federally-accepted method of sending legal documents online, is one of many solutions for avoiding problems that S/MIME ran into. Their solution is predicated on providing top-notch security and strict confidentiality to their clients in order to provide peace of mind.

According to researchers, the magnitude of the vulnerability depends on the configuration on the user’s Outlook.

  1. Outlook with Exchange

The encrypted emails of Outlook with Exchange users would only reach one hop (to the sender’s exchange) and the plain text message would be removed because they were sent to external exchange. However, if the sender and recipient were in the same exchange, the plain text would be attached.

  1. Outlook with SMTP (Impact on the entire email path)

If Outlook was being used with SMTP the plaintext would be received by the recipient as well as all mail servers along the path. So not only was the failure in encrypting emails, but your email could be seen by anyone on the mail servers.

Since one of the biggest problems with the S/MIME bug was that users would view their email as encrypted in their own sent folder. Trustifi’s email tracking system avoids this issue as their product users will be able to track where the email was sent to, as well as who opened it and on what device. This is yet another way to avoid any mishaps with the security of your emails.

The S/MIME bug truly demonstrates the importance of having a trustworthy encrypted email provider. Sending legal documents with confidential information is too risky if you are using a sub-par provider. Only the best cyber security companies will suffice, who understand the ins and outs of encrypting emails, and keeping you and your clients’ information, safe.

For instance, having a federally-approved form of legal delivery allows a company like Trustifi to have confidence in its solutions. This in turn gives a sense of security to its users that all is well regarding their email.

From legal records, to medical records, to intellectual property, encrypted emails and documents must be kept as safe as possible when the consumer trusts a company to do so. It is the obligation of any encrypted email provider to deliver the best possible service, with no negative outcomes.

Unfortunately, hacked emails are a part of the modern world. The more technology and security that is out there, the more people will attempt to take advantage. This is where cyber security companies must step up to the challenge. Trustifi is one said company that uses modern technology and ideas to come up with the best possible strategies and solutions to deter any negative activity.

Another reality this incident with S/MIME brings to the surface is how serious businesses must take their private information. Human relations divisions must take note, they are in charge of protecting all the personal information for the employees and their company. It would be detrimental to any business owner if any single email with private information were to be hacked due to faulty encryption. Encrypting emails safely is the only way to avoid the major consequences that occur when an email is compromised. You must find an industry leader you can trust.

Trustifi offers a demo so you can understand exactly how their solution works before you even sign up. Understand that this matter is only becoming more and more serious, and encrypting your emails is more pertinent than ever before.

The average consumer does not understand how to encrypt an email and therefore is truly putting all their trust in cyber security companies. Mistakes such as the bug with S/MIME and many others demonstrate the risks of the modern technological world we live in. It is the providers job to protect and secure all of its clients’ documents to the highest standard, anything short of this is simply unacceptable.

To protect your most important information, sign up for a free trial of Trustifi’s patented solution.

Try Trustifi Today


See if Trustifi Is Right for Your Organization