What is email encryption and how does is work
If you don’t encrypt your emails, you’re sending them via an easily attackable connection and also in plain text! This not only makes it easy for unauthorized persons to intercept emails on their way to the recipient, but also allows them to easily read the messages once they’ve intercepted them. You also expose yourself to the latter risk if you store received messages in the archive folder or mailbox of your account without encrypting them. Since May 25, 2018, the GDPR (General Data Protection Regulation) has been in force throughout Europe, and therefore you should no longer take the issue of email encryption lightly and protect your messages adequately against unauthorized access.
How to secure emails when sending and saving them: a question of encryption
Without encryption, the contents of emails are about as secret as the contents of a postcard: if the card or email falls into the wrong hands, the entire text can be read easily. For this reason, powerful encryption methods have been developed to either generate an encrypted email or encrypt the email transfer. There are three categories when it comes to the encryption of emails:
- Encrypting the email transfer
- Encrypting the content of emails
- Encrypting saved emails
Sending encrypted emails - with SSL/TLS
The Transport Layer Security (TLS) transmission protocol is a necessary tool for securely transferring email content. However, it is better known under its former name Secure Sockets Layer (SSL). An email with SSL or TLS encryption cannot have its content deciphered by third parties during the data exchange because they do not have the key that’s necessary for decryption. It does not matter whether the electronic mail is retrieved or sent via an email client such as Outlook or via a web browser. SSL/TLS technology is not only used for sending e-mails, but also for online banking and e-commerce.
Encrypted emails with S/MIME or PGP
If you want to encrypt the actual content of emails, you can choose between different techniques - such as the standard method S/MIME or the also established PGP, both of which use asymmetric encryption. While traditional coding and decoding methods access the same key, asymmetric encryption uses two keys - a private one known only to the sender and a public one freely accessible to all recipients.
Encrypt archived emails with system tools or third-party tools
Encrypting electronic messages is of utmost importance even if they remain stored in your inbox or are archived after being read. By encrypting them, you can prepare yourself in case criminals gain access to your account and therefore to all your existing emails. The above-mentioned encryption methods make it very difficult (or even impossible) for hackers to read your data. For additional data protection, use two-factor authentication (especially when using email web clients) or encrypt your hard drive or relevant folders and files (when using email desktop clients or apps).
Putting email encryption into practice: how it works
The most important building blocks for email encryption and secure message transmission have been briefly explained in the preceding sections. In the following sections, you will learn more about how to implement the individual security measures.
Encrypting the transmission of email using SSL/TLS in web clients such as Gmail
Encrypting content via SSL/TLS is one of the success factors of the internet. If you retrieve or send your messages with a web client in your browser, you’re almost certainly dealing with encrypted email traffic. Reputable mail providers have long been offering their web services via the secure HTTPS protocol standard. You can tell whether your provider does this by looking at the URL, which should begin with “https” instead of “http”. The browser also gives you a big clue: the current Firefox version displays a green padlock icon if the page has a SSL/TLS certificate:
If the browser displays the usual “http” URL after you’ve logged in to the respective web client and doesn’t show any other indications of an encrypted transmission, you can try to force email encryption: Insert an “s” after the “http” and then reload the page. If the provider supports SSL/TLS mails, the connection should be changed automatically by doing this. Also, in the account settings, check whether you can set the encrypted connection as the default solution for future log-ins.
Encrypting email transfer to desktop clients such as Outlook
You can also encrypt the connections to mail servers via SSL/TLS in the mail client on your PC or in a corresponding app on your smartphone or tablet. The decisive factor is which port is being used for sending and receiving. The corresponding settings can be found in the account settings of the mail program. There is also often a general option to enable email SSL/TLS encryption. As soon as this is switched on, the program will usually set the appropriate ports automatically. Otherwise, you can do this manually, entering different numbers depending on the input server type (POP3 or IMAP):
Incoming mail server (IMAP) | 993 |
Incoming mail server (POP3) | 995 |
In both cases, select “SSL” as the connection type. For the outgoing server (SMTP), enter the following port (connection type: automatic):
Outgoing mail server (SMTP) | 465 |
If the function StartTLS is activated in the options, SMTP requests either port 25 or port 587 for the establishment of encrypted connections caused by this technique.
Encrypting the content of emails: How to easily encrypt your web client messages with the Mailvelope browser extension
If you want to send and receive encrypted emails as well as use a secure SSL/TLS connection, you have numerous programs at your disposal with which you can access the S/MIME and PGP encryption methods previously mentioned. If you send and receive your email using a web client, the easiest way is to use a browser extension such as Mailvelope, which will be used as an example in this article.
Mailvelope is available for Mozilla Firefox and Google Chrome and enables you to use PGP email encryption in various webmail services, including Gmail, Yahoo, and Outlook on the Web. The first step is to install the extension via the plug-in or extension center (direct links can be found on the Mailvelope website), which will add the Mailvelope icon to the browser’s menu bar:
First click on the icon and then on the button “Start configuring Mailvelope”. You will then be redirected directly to the key management, which does not yet contain a key pair for the planned email encryption. To generate the key pair, click on “Generate” and then type in the required information:
If you select the option “Upload public key to Mailvelope Key Server”, contact partners can obtain it from there to send you encrypted emails as well. As soon as the PGP key pair has been generated, you will receive a confirmation message and the encrypted email, which Mailvelope sends to the specified email address. Open the message, click on the icon in the middle, and then enter the password for the previously created key:
The message will be decrypted, and a link will be displayed. Click on it to activate your email address and encrypt e-mails in the future. For encryption, you will now find a specific Mailvelope button in the message editor of the respective web client, which you must use whenever you want to encrypt the content of your emails:
Further possibilities for using and configuring PGP encryption can be found in our detailed guide on email encryption. Alternatively, see S/MIME basics article for information on how to encrypt your mails with the standard procedure that was defined in 1999.
Email encryption: a must for secure data
Many users are unaware of the danger posed by poorly secured email traffic. They involuntarily invite third parties to read their messages. Nearly all popular email programs and services support encryption features that allow you to send and receive encrypted emails and generally secure their transfer. Because these features are set up with relatively little effort, you should not hesitate to encrypt your emails and enable existing SSL options for secure transfer.