Explanation: S/MIME and PGP are encryption methods for e.g: Sending e-mails securely. This ensures that only the recipient of the e-mail can read the content.

In the last few days, the focus in the media has shifted back to e-mail encryption. You may remember that the idea of encrypting electronic postcards, also known as e-mail, was born at that time, so that not every postman (= the e-mail server) can read along. Today, the technology is more than 15 years old and has unfortunately not become established.

Email Encryption

The idea is good – but not practicable. Secure encryption is always based on the exchange of keys – and that’s exactly what poses enormous problems for the normal consumer. They have to create a key, share it with their contacts and above all they must not lose it if they want to read their e-mails in a few years‘ time. Last but not least, this key has to be imported to every device that reads or writes the e-mail.

And this is where the wheat separates from the chaff. The common end devices and clients natively support only S/MIME and no PGP. The underlying PGP infrastructure and technology is considerably better. Each participant can make his public key available to others via central key servers. With S/MIME I first have to exchange unencrypted e-mails to transfer the keys.


With Efail, a large gap in the implementation of S/MIME and PGP has now been announced. One of the most important information on this topic is: the encryption has not been cracked! But: Efail describes possibilities to tap the decrypted content of e-mails.

But the decryption is still done by the recipient and his private key. But only when the actual recipient opens the e-mail can the hacker access the content. On the Internet you can find various articles that call for e-mails to no longer encrypt because it would be „insecure“ now, this approach can not be understood. Because a bit of protection is always better than none.

What exactly does Efail do?

Surely you know the dialog: „Do you want to download external content?“ in Outlook to display pictures in newsletters? – Super!
Efail uses exactly this function. Efail manipulates the e-mail during transport (always remember that e-mails are like postcards) and pretends to the e-mail program that the entire e-mail is a large image that needs to be reloaded. The moment this happens, either automatically or by clicking on „Load external content“, the entire decrypted message text is transmitted as a request to a server.

Summarized: You decrypt the e-mail on your end device and then the content is transferred. As if someone were looking over your shoulder as you read it.

Besides this simple method, there is another much more complex method, the so-called CBC/CFB Gadget Attack. But even here it is only a matter of picking up the content you have decrypted.

Can you protect yourself?

If you are one of the few users of PGP or S/MIME, you can of course protect yourself against these attacks. The easiest method is to disable the reloading of external content in your email client.

You should also use an external tool for decrypting as long as the gap has not been fixed by updates.

By the way…

Are you a DME customer using S/MIME integration? Then you are on the safe side. DME does not allow the attack and protects your data.
In DME 5.1 we will additionally introduce two new configuration options to prevent the download of external content in encrypted e-mails.

  • Download external content in encrypted emails, On/Off, default value „Off“
  • Allow links to be opened from encrypted emails in browser“, On/Off, default value „Off“.

Weiterführende Informationen:


CVE-2017-17688: OpenPGP CFB gadget attacks
CVE-2017-17689: S/MIME CBC gadget attacks

Share This