The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

em:anonemail

Email is Reasonably Anonymous

It is often heard that email leaks lots of meta data. Back in the day email used to be sent unencrypted over the network. An entity with access to that network traffic could easily determine where the email was coming from, where it was going to and the email addresses involved.

These days most email traffic is encrypted from user to server and server to server1). The server to server connection can be forced to be unencrypted with an active attack 2) but because the traffic is encrypted it is only possible to target such attacks on the basis of the involved mail servers. So such an attack has to be fairly intensive and tends to be noticed.

Email is fairly anonymous by nature. A particular email user can have as many email identities as they want on email servers all over the world. Each email travels through one or two servers on the way to the destination. There is never a direct connection between sender and receiver. Email is a store and forward system where servers put messages to be delivered in a queue and then deliver them one after the other. This makes it harder to use statistical techniques to determine where incoming messages are being forwarded by observing the server network traffic.

Email supports anonymity by culture as well. It is quite normal for an email user to receive and even look at messages where there is no evidence that they know or even know of the sender. Unfortunately that enables the serious problem of email spam…

Email spam causes the entities that run the email servers to work against anonymity by more diligently logging the IP addresses of the source of incoming email both locally and in the headers of the emails. On the other hand it has caused the elimination of the practice of arbitrarily forwarding emails through multiple email servers. These days a maximum of two entities running servers will ever see your email.

The current level of meta data leakage from email is not significantly worse than that of most messaging systems. Since email is an open federated system, you have the opportunity to create an email account in a way that conceals your identity. You can then use that account in a way that conceals your IP address. So the maximum level of anonymity achievable with email is greater than with most messaging systems.

Encrypted Messaging index

1)
STARTTLS
2)
Opportunistic_TLS:Weaknesses_and_mitigations
em/anonemail.txt · Last modified: 2021/09/22 14:20 by b.walzer