{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T12:45:08Z","timestamp":1776084308104,"version":"3.50.1"},"reference-count":17,"publisher":"Emerald","issue":"1","license":[{"start":{"date-parts":[[2013,3,15]],"date-time":"2013-03-15T00:00:00Z","timestamp":1363305600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013,3,15]]},"abstract":"Purpose<\/jats:title>Email communication has been used for many years, and has begun to replace traditional, physical correspondence more and more. Compared to a traditional postal service, email services are easier, faster, and free of charge. Standard email, however, is, from a security point of view, more comparable to post cards than letters. Some security techniques and services exist, but few people use them due to lack of awareness, low usability, and a lack of understanding of Public Key Infrastructures (PKIs). A comprehensive comparison is missing, which makes it difficult for users to decide which email service to use. The purpose of this paper is to identify evaluation criteria covering security, usability, and interoperability aspects of email, and to apply them to existing email services.<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>The authors first define criteria based on literature review, threat analysis and expert consultation. These criteria are then applied, when applicable, to existing approaches including DKIM, SPF, PGP, S\/MIME and Opportunistic Encryption, and to common secure email providers including Gmail, Hushmail, and De\u2010Mail.<\/jats:p><\/jats:sec>Findings<\/jats:title>None of the existing analysed services meets all the derived criteria. Based on the result of the application of these criteria and the corresponding comparison, the authors propose future directions for usable secure email communication.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>The criteria proposed are original and allow an evaluation and a comparison of different email systems that not only considers security aspects, but also the relation and trade\u2010offs between security, usability and interoperability. Moreover, the trust assumptions involved are also considered.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685221311314419","type":"journal-article","created":{"date-parts":[[2013,3,25]],"date-time":"2013-03-25T11:56:32Z","timestamp":1364212592000},"page":"41-52","source":"Crossref","is-referenced-by-count":9,"title":["Usable secure email communications: criteria and evaluation of existing approaches"],"prefix":"10.1108","volume":"21","author":[{"given":"Cristian","family":"Thiago Moecke","sequence":"first","affiliation":[]},{"given":"Melanie","family":"Volkamer","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022022019433007300_b2","doi-asserted-by":"crossref","unstructured":"Alperovitch, D., Judge, P. and Krasser, S. (2007), \u201cTaxonomy of email reputation systems\u201d, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07), IEEE Computer Society, Washington, DC, p. 27.","DOI":"10.1109\/ICDCSW.2007.78"},{"key":"key2022022019433007300_b18","unstructured":"Butterfield, J., Tracy, M. and Jansen, W. (2007), Guidelines on Electronic Mail Security, Recommendations of the National Institute of Standards and Technology, National Institute of Standards and Technology, Gaithersburg, MD."},{"key":"key2022022019433007300_b6","unstructured":"Garfinkel, S. (2003), \u201cEnabling email confidentiality through the use of opportunistic encryption\u201d, Proceedings of the 2003 Annual National Conference on Digital Government Research, pp. 1\u20104."},{"key":"key2022022019433007300_b8","doi-asserted-by":"crossref","unstructured":"Garfinkel, S. and Miller, R. (2005), \u201cJohnny 2: a user test of key continuity management with S\/MIME and Outlook Express\u201d, Proceedings of the 2005 Symposium on Usable Privacy and Security, ACM Press, New York, NY, pp. 13\u201024.","DOI":"10.1145\/1073001.1073003"},{"key":"key2022022019433007300_b7","doi-asserted-by":"crossref","unstructured":"Garfinkel, S., Margrave, D., Schiller, J., Nordlander, E. and Miller, R. (2005), \u201cHow to make secure email easier to use\u201d, Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, ACM Press, New York, NY, pp. 701\u201010.","DOI":"10.1145\/1054972.1055069"},{"key":"key2022022019433007300_b14","unstructured":"Sheng, S., Broderick, L., Hyland, J. and Koranda, C. (2006), \u201cWhy Johnny still can't encrypt: evaluating the usability of email encryption software\u201d, Symposium on Usable Privacy and Security, pp. 3\u20104."},{"key":"key2022022019433007300_b15","doi-asserted-by":"crossref","unstructured":"Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F. and Downs, J. (2010), \u201cWho falls for phish?\u201d, Proceedings of the 28th International Conference on Human Factors in Computing Systems \u2013 CHI'10, ACM Press, New York, NY, p. 373.","DOI":"10.1145\/1753326.1753383"},{"key":"key2022022019433007300_b16","unstructured":"Whitten, A. and Tygar, J. (1999), \u201cWhy Johnny can't encrypt\u201d, USENIX Security, Vol. 1999, p. 1."},{"key":"key2022022019433007300_frd1","doi-asserted-by":"crossref","unstructured":"Allman, E., Callas, J., Delany, M., Libbey, M., Fenton, J. and Thomas, M. (2007), DomainKeys Identified Mail (DKIM) Signatures. RFC 4871 (Proposed Standard).","DOI":"10.17487\/rfc4871"},{"key":"key2022022019433007300_frd2","doi-asserted-by":"crossref","unstructured":"Dusse, S., Hoffman, P., Ramsdell, B., Lundblade, L. and Repka, L. (1998), S\/MIME Version 2 Message Specification, RFC 2311 (Historic).","DOI":"10.17487\/rfc2311"},{"key":"key2022022019433007300_frd3","doi-asserted-by":"crossref","unstructured":"Elkins, M. (1996), MIME Security with Pretty Good Privacy (PGP). RFC 2015 (Proposed Standard).","DOI":"10.17487\/rfc2015"},{"key":"key2022022019433007300_frd4","doi-asserted-by":"crossref","unstructured":"Klensin, J. (2008), Simple Mail Transfer Protocol. RFC 5321 (Draft Standard).","DOI":"10.17487\/rfc5321"},{"key":"key2022022019433007300_frd5","doi-asserted-by":"crossref","unstructured":"Lyon, J. and Wong, M. (2006), Sender ID: Authenticating E\u2010Mail, RFC 4406 (Experimental).","DOI":"10.17487\/rfc4406"},{"key":"key2022022019433007300_frd6","doi-asserted-by":"crossref","unstructured":"Resnick, P. (2008), Internet Message Format, RFC 5322 (Draft Standard).","DOI":"10.17487\/rfc5322"},{"key":"key2022022019433007300_frd7","doi-asserted-by":"crossref","unstructured":"Richardson, M. and Redelmeier, D. (2005), Opportunistic Encryption Using the Internet Key Exchange (IKE). RFC 4322 (Informational).","DOI":"10.17487\/rfc4322"},{"key":"key2022022019433007300_frd8","doi-asserted-by":"crossref","unstructured":"Santesson, S., Nystrom, M. and Polk, T. (2004), Internet X.509 Public Key Infrastructure: Qualified Certificates Profile. RFC 3739 (Proposed Standard).","DOI":"10.17487\/rfc3739"},{"key":"key2022022019433007300_frd9","doi-asserted-by":"crossref","unstructured":"Wong, M. and Schlitt, W. (2006), Sender Policy Framework (SPF) for Authorizing Use of Domains in E\u2010Mail, Version 1. RFC 4408 (Experimental).","DOI":"10.17487\/rfc4408"}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685221311314419","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221311314419\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685221311314419\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:27Z","timestamp":1753402167000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/21\/1\/41-52\/176389"}},"subtitle":[],"editor":[{"given":"Steven M.","family":"Furnell","sequence":"first","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2013,3,15]]},"references-count":17,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,3,15]]}},"alternative-id":["10.1108\/09685221311314419"],"URL":"https:\/\/doi.org\/10.1108\/09685221311314419","relation":{},"ISSN":["0968-5227"],"issn-type":[{"value":"0968-5227","type":"print"}],"subject":[],"published":{"date-parts":[[2013,3,15]]}}}