Making email secure is not enough if users do not know about it and are not able to tell whether the transport of their emails is adequately protected or not. This is why, after a few months, we decided to add one more step at the end of our guide to email security for Internet Service Providers: make your security visible!
Email security has always been hampered by its lack of visibility. In the World Wide Web, you can immediately see whether the connection to the website you are visiting is secure or not, and all modern browsers have specific UI features to make it clear; this makes it easy to educate users.
However, for what regards email, the delivery of a message happens asynchronously. Your email client just delivers your message to your local SMTP server and forgets about it – so it is not possible for your client to give you immediate information on the security or any other feature of the subsequent steps in the transmission of the message. Thus, users cannot tell secure deliveries from insecure ones, and the customers’ awareness and demand on providers is much lower.
This can change if both the client and the local server are part of the same email platform, as it normally happens with web-based email clients. In this situation, it is possible for the platform to track the level of security of the connections to each possible destination domain, and to use this information to predict the security of future deliveries and to show it to users when composing new messages.
So, if you provide a webmail system, you should work with your vendor or software developer to display security information for each message. If you do so, you will be rewarded with increased user appreciation: as email threats are more and more common, demand for better email security increases as well.