SoK: Securing Email—A Stakeholder-Based Analysis

Jeremy Clark, P.C. van Oorschot, Scott Ruoti, Kent Seamons, and Daniel Zappala

While email is the most ubiquitous and interoperable form of online communication today, it was not conceived with strong security guarantees, and the ensuing security enhancements are, by contrast, lacking in both ubiquity and interoperability. This situation motivates our research. We begin by identifying a variety of stakeholders who have an interest in the current email system and in efforts to provide secure solutions. We then use the tussle among stakeholders to explain the evolution of fragmented secure email solutions undertaken by industry, academia, and independent developers. We conclude with a fresh look at the state of secure email and discuss open problems in the area. An extended version of our paper includes an evaluation framework for proposed or deployed secure email systems and identify how well they meet properties related to security, utility, deployability, and usability.

Jeremy Clark, P.C. van Oorschot, Scott Ruoti, Kent Seamons, and Daniel Zappala. 2021. SoK: Securing email—A stakeholder-based analysis. In Proceedings of the 25th International Conference on Financial Cryptography and Data Security. Springer.