What is email encryption?
Email encryption protects your emails by disguising the content of messages so that only the intended recipients can access and read them. Email can be a vulnerable medium, particularly when messages are sent over unsecured or public networks, because other users can intercept and read them. Encryption secures your emails by making the contents unreadable as they move from origin to destination, so if someone intercepts your messages, they can’t read them.
How does email encryption work?
Email encryption relies on Public Key Infrastructure or PKI. This involves a private key and a public key. Those who are sending encrypted emails use the public key, whereas intended recipients use the private key to decrypt messages into a readable format. Under this model, anyone can use a public key to encrypt email, but encrypted messages can only be decrypted by a unique private key.
If you plan to encrypt your emails, it's a good idea to encrypt all messages you send and receive. If you only encrypt those emails which contain sensitive information – such as login credentials or bank account numbers – this can alert hackers to the fact they contain valuable information. Encrypting all your messages gives hackers a more daunting task: attempting to decrypt messages one by one to see if any of them contain sensitive information.
Why is email encryption important?
Email encryption is intended to protect sensitive data. Securely encrypted emails help to prevent data breaches. Both individuals and organizations of all sizes use email encryption as part of their approach to cybersecurity. For some organizations, it’s a matter of regulatory compliance. Internet laws like Europe’s General Data Regulation (GDPR), the California Consumer Privacy Act (CCPA), Health Insurance Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act (GLBA) mandate certain data privacy standards which can make email encryption relevant – especially as the volume of emails sent worldwide is increasing year on year.
Types of email encryption
Three types of email encryption to be aware of are:
Pretty Good Privacy (PGP)
PGP encrypts and decrypts email messages using digital signatures and file encryption techniques. It was one of the first free, publicly available public key cryptography solutions. It is widely used by both individuals and organizations to secure online communication.
PGP uses a version of the public key infrastructure (PKI) approach, in that when a user sends a message with their public key, PGP encrypts the data and decrypts it when the recipient unlocks it with their private key.
Secure Multi-Purpose Internet Mail Extension (S/MIME)
S/MIME provides similar functionality to PGP but requires users to obtain keys from a specific Certificate Authority (CA). It is built into most modern email software services such as Apple and Outlook, and we’ll look at how to enable the feature in a moment.
Transport Layer Security (TLS)
TLS is a protocol that encrypts and delivers email data securely for both inbound and outbound email traffic. It helps prevent eavesdropping between email servers, keeping your messages private while traveling between email providers. All modern email services support TLS.
How to open encrypted email
If you receive an encrypted message, the message will usually feature the word [Secure] in the subject line to let you know that the message is confidential. The message text will also say that you have received an encrypted message. How you access the message will vary by the email provider or the service you are using.
How to encrypt email
If you are wondering how to send a secure email, you can either opt-in for an end-to-end encrypted email service or set up an encryption protocol on your current mailbox. Bear in mind that for the latter to work, both the sender and the recipient need to have matching setups. Some services also have built-in protocols for encryption. Read on to find out how to encrypt email in Outlook, Gmail, iOS, or Yahoo.
How to encrypt email in Outlook
Outlook is compatible with the S/MIME protocol. To enable S/MIME encryption, you need to obtain a certificate or digital ID from your organization’s administrator. Office outlines the process for setting up S/MIME encryption here.
Once S/MIME encryption has been enabled:
- You can encrypt all messages by going to the gear menu and clicking S/MIME settings. You can choose to either encrypt the contents and attachments of all messages or add a digital signature to all the messages you send.
- You can encrypt or remove individual messages by selecting more options (shown by the three dots icon) at the top of a message and selecting message options. Select or deselect “Encrypt this message (S/MIME).” If the intended recipient of your message doesn’t have S/MIME enabled, you need to deselect the box and send the message without encryption – they won’t be able to read your message otherwise.
How to encrypt email in Gmail
Gmail has S/MIME built into its app, but this will only work if both the sender and receiver have it enabled. To enable hosted S/MIME, follow Google’s instructions on how to do this here. Then:
- Write your message as normal.
- Click on the lock icon, which appears to the right of the recipient.
- Click on ‘view details’ – here, you can alter the S/MIME settings or encryption level.
When changing the encryption levels, there are three color codes to be aware of:
- Green — The contents are protected by S/MIME encryption and can only be decrypted with a private key.
- Gray — The email is protected with TLS (Transport Layer Security). This will only work if both the sender and recipient have TLS capabilities.
- Red — The email does not have encryption security.
How to encrypt email in iOS
iOS devices also have S/MIME support built into them as a default.
- Go to advanced settings to enable S/MIME.
- Change “Encrypt by Default” to yes.
- When you write a message, you will see a lock icon next to the recipient. To encrypt the email, click the lock icon, so it appears closed.
- If the lock is blue, the email can be encrypted. If it’s red, it means the recipient needs to switch on their own S/MIME setting.
How to encrypt email in Yahoo
Not all email providers and devices have in-built S/MIME compatibility. This means that they require a third-party tool to use S/MIME or PGP/MIME protocol. For example, Yahoo uses SSL (Secure Sockets Layer) as a layer of security to protect your email account but requires third-party services to encrypt with S/MIME or PGP/MIME. See below for more information on third-party services.
Third party email encryption services
Email encryption can be carried out manually or via a secure email service. Dedicated email service apps each offer different features such as encrypting emails, attachments, and contact lists. By doing this in the background, users don’t have to take action manually.
Well known providers include:
- Allows a user to enable end-to-end encryption
- PGP compatibility
- Different price levels, depending on your usage requirements
- Supports encryption through S/MIME, OpenPGP, TLS, and PDF
- Popular for its compatibility with Android devices
- Provides end-to-end email encryption services
- Compatible with Gmail, Outlook, Hotmail, Yahoo, and other providers.
- Free and paid plans
- An OpenPGP encryption service for webmail
- Compatible with Gmail, GMX, Outlook, Posteo, WEB.DE, and Yahoo
- Send and receive encrypted emails using PGP
- Compatible with Gmail, Yahoo, AOL, Microsoft, and Outlook
- Free and paid plans
- Supports encryption through PGP
- Compatible with email services such as Outlook and Gmail
- Free and paid plans
- Offers military-grade encryption
- Compatible with Outlook and Gmail
- Free and paid plans
Email security best-practice: top tips
Aside from email encryption, there are a few critical steps you should be taking to secure your email:
Most viruses that infect computers come from email attachments. Therefore, it's important to scan email attachments before opening them, especially if the sender is unfamiliar. Many email clients, such as Gmail, automatically scan attachments but others require you to do so manually.
Avoid clicking on unfamiliar links
To avoid becoming a victim of phishing, don’t click on links in emails you are not sure of, and avoid opening attachments. In fact, if you think an email looks suspicious, don’t click on it or open it at all. Using a good spam filter should help reduce the number of spam messages you receive.
Use BCC, and only use reply all where appropriate
When emailing a large number of people, using BCC prevents spammers from getting hold of all their email addresses. In a similar vein, if you receive an email that has a large number of recipients, only ‘reply all’ if it’s really necessary.
Use strong passwords for your email accounts
A strong password is long – made up of at least 12 characters and ideally more – and contains a mix of characters, such as upper- and lower-case letters plus symbols and numbers. Avoid the obvious – such as sequential numbers ("1234") or personal information that someone who knows you might guess, such as your date of birth or pet's name. A password manager can help you to keep track of your login credentials.
Consider using a VPN, particularly when using public Wi-Fi
The best way to protect your data online when using public Wi-Fi is to use a virtual private network (VPN). A VPN creates an encrypted tunnel between you and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel, making your data more secure. If you connect to a public network using a VPN, other people on that network should not be able to see what you are doing – providing enhanced internet protection.
Use a strong antivirus
A good antivirus will help keep viruses and malware off your devices and criminals out of your accounts – protecting you from the latest online threats.