Electronic Mail is one of the most common communication forms. The Internet and the World Wide Web has made Electronic Mail a widespread application in use by numerous individuals and organizations. In the basic e-mail model, a user accesses an e-mail server using a network communication protocols, can retrieve messages waiting for him or her, and can send new messages to one or more intended recipients. Several e-mail vendors offer additional functionality on top of this basic function, such as managing contacts, filtering and categorizing emails, etc.
There are many e-mail vendors who provide e-mail services in the Internet, rather than distribute the software for operating an e-mail server. Prominent examples include Google®'s Gmail™ service, Hotmail™ and also many smaller Internet Service Providers (ISPs). In such Internet-hosted services, users' messages and other data are stored on the email provider's servers. Some organizations and individuals concerned of their privacy are reluctant to use such hosted services, as users' data and messages are trusted to a third party—the email provider.
Electronic mail is a global and open system. Every email provider is registered for one or more e-mail domains. E-mail addresses always include this e-mail domain. When an e-mail message needs to be delivered to its recipient, the global e-mail domain registry is consulted in order to find the server handling this domain; then the message is sent to that server; the server stores the message; and later the recipient retrieves the message from the server. The global registry of e-mail domains is operated using the global Domain Name System (DNS), in which records known as MX records are registered by providers. An MX record of an email domain points to a server handling incoming messages for that domain.
Email providers typically emphasize their taking of security measures to protect users' data. Such measures include protecting the communications between the user and the provider by encrypting the network traffic, strong security policies enforced in the provider's data centers, auditing and similar methods. However, all these measures do not eliminate the basic concern of putting a user's data in the hands of another party.