With more than 2 million email messages sent every second and over two-thirds of EU citizens using email, it's one of the most widespread forms of communication in use today. However, not all email communications are necessarily as safe as you might think.
Our research has revealed that email providers often fail to apply appropriate security standards to protect their communications with other providers for the delivery and reception of emails.
So, are your email communications safe? The My Email Communications Security Assessment (MECSA) is an online tool that allows you to check whether your email provider offers a good level of protection in your email communications.
Simply submit your email address and reply to the email you will receive. MECSA will run some quick checks and come back with scores in three categories:
- Confidential delivery: this score assesses how well emails that you send and receive are protected from being read by third parties that could be listening to the communication channel or impersonating the recipient's email provider.
- Phishing and identity theft: this score measures the capacity of your provider to detect and prevent some forms of email identity theft (e.g. someone sending emails on your behalf)
- Integrity of messages: your email provider will score well here if they can detect modified messages, where the content received differs from content sent.
The goal of MECSA is to empower individuals in assessing the level of protection of their email communications and promote best practices among email providers.
The tool also collects anonymous statistics on the assessments carried out. These data helps scientists in analysing the state of play in the protection of email communications between providers.
MECSA is currently available in five languages - English, German, French, Spanish and Italian. The plan is to extend the tool to all EU languages this year.
MECSA is linked to the European Commission's policy initiatives on cybersecurity in several ways.
In its Communication on Resilience, Deterrence and Defence, the Commission has identified email encryption as part of one of the three priority areas to strengthen the resilience of the EU to cyberattacks with a Single Cybersecurity Market.
In the Commission's proposal for the new ePrivacy regulation, web-based email services are considered 'Over The Top' communication services whose confidentiality should be protected.
Moreover, the General Data Protection Regulation and the principle of confidentiality enshrined in article 7 of the Charter of Fundamental Rights of the European Union are also of particular relevance for the security of email communications.
Safer Internet Day
This year's Safer Internet Day theme, "Create, connect and share respect: A better internet starts with you" is a call to action for every stakeholder to play their part in creating a better internet for everyone, in particular the youngest users out there.
More than that, it is an invitation for everyone to join in and engage with others in a respectful way in order to ensure a better digital experience.
On the occasion of the annual event, the Commission launched several EU-wide #SaferInternet4EU initiatives which will run throughout 2018.
The initiatives promote cyber hygiene, media literacy, critical thinking and digital skills, and raise awareness of the internet risks in the society, with a particular attention given to children.
More information on the #SaferInternet4EU initiatives can be found on the EU's betterinternetforkids.eu portal.
The annual Safer Internet Day is organised by Insafe/INHOPE network of Safer Internet Centres, with the support of the European Commission.
The event brings together thousands of people from more than 140 countries to champion a safer and better internet through various events and activities worldwide.