He thought: "Of course I have to get the cheese delivered by a trustworthy transport company. But what if the Frama-cheese is loaded from one truck to the next or even onto the ship? It could be that when the cheese is passed on, someone maliciously replaces the cheese, regardless of whether the transport company is considered safe. So, the milk technologist concluded: "I have to hand over my Frama-cheese to the transport company packed in a secure case. This way, no one can exchange the delivery during the restacking process. I then let the end customer know separately how to open the case."
As with our cheese example, sending an e-mail message is similar. The TLS (Transport Layer Security) protocol ensures that an e-mail message is encrypted on its way, in our example the trustworthy transporter with his truck. Nobody can see the cheese in the truck, so nobody can see an e-mail message that is on its way with TLS. TLS therefore plays an important role in securing e-mail communication. But what happens now, if the e-mail message is passed on or, like the cheese, is rearranged. Suddenly, people who don't have the authority to do so can get to the cheese. The same happens with an e-mail message. TLS thus ensures encrypted transport but does not protect against unauthorized access when the e-mail message is transferred from one server to another. If the message reaches an intermediate server, it will sort of be reshuffled there, stored in plain text and can be viewed. In order to avoid this problem, the e-mail message content must be encrypted, i.e. transported in a secure container, so almost like the Frama-cheese. To open the encrypted message, the recipient then needs the corresponding key.
Basically, today (2020) many e-mails are already transported encrypted (approx. 90%), but TLS is not just TLS! The most commonly used version is TLS 1.2, but since 2018 TLS 1.3 has been available, which further improves security when transporting e-mail messages. In version 1.3, old encryption algorithms have been removed and many things have been simplified by revising the protocol. Administrators and developers can now make fewer mistakes when configuring the protocol, which significantly increases the security of version 1.3 compared to version 1.2.
But is an email sent via TLS secure or not? The answer is yes and no. In transit, the message is secure, but it is still available in plain text on the intermediate servers and can be viewed by people with access to the systems. Furthermore, mail servers try to send the messages with TLS 1.2, but if they fail, the messages are automatically sent with outdated versions of TLS or even in plain text, i.e. without TLS at all. This is happening without notice to the sender. This often occurs because the receiving mail server does not support TLS version 1.2 or TLS at all.
There are several solutions on the market that solve the problem of encrypted transport as well as the encryption of the e-mail message itself. One of these solutions is Frama Rmail, which can not only encrypt the transport of an e-mail message and the message content but has much more to offer. More information here: https://www.frama-rmail.com/en/rmail/