EmailCloak: A Practical and Flexible Approach to Improve Email Privacy

Millions of users rely on email providers to manage and store their personal communications. This vast amount of private information, however, is often misused not only by adversaries, but also by the providers themselves. End-to-end email encryption is considered the most robust defense against this threat, however, its many requirements make this approach impractical for protecting everyday emails. In this paper, we present Email Cloak, an email alias service with public key encryption capabilities. Email Cloak relaxes email encryption requirements by relying on a privacy-respecting third-party. Emails sent and received by the user are automatically encrypted with her public key by Email Cloak before being forwarded to, and stored by her email provider. This approach, while seemingly straightforward, offers multiple benefits: simplified key management, selective and automatic encryption, advanced deployment options and transparency towards other parties. Moreover, our experimental evaluation shows that the overhead introduced by Email Cloak is adequate for email communications. We have also made our implementation publicly available. In doing so, we deliver a practical and flexible tool that provides privacy-concerned users with greater control over their stored emails.