An encrypted email is a secure email only the intended recipient can read. Unlike regular emails, which are sent in a plain format, encrypted emails are scrambled using a code or a cipher. Only the person with the key to decipher the encryption can read the content. This way, the information stays confidential even if someone steals the email during transmission.
You might have stumbled upon the term “encrypted email” because of a new workplace policy or a standard in your industry. While the idea of encrypting your emails might sound intimidating, it’s more approachable than you think.
We’re here to break down what is encrypted email, why it’s essential, and how you can implement it in your daily communications.
Table of Contents
- Why Should You Send Encrypted Emails?
- Do I Need Email Encryption for Personal Use?
- Never Share Passwords Over Email
- Understanding Email Encryption Protocols
- How Do I Know if an Email Is Encrypted?
- How Do I Open an Encrypted Email?
- How Do I Send an Encrypted Email?
- Email Encryption Best Practices
- Always Safe, Sometimes Encrypted
Why Should You Send Encrypted Emails?
Email services, like Gmail and Yahoo, keep improving their security and spam protection mechanisms. They already have decent security to keep your messages safe as they travel from your computer to their servers. They do this using a protocol called TLS, which makes sure nobody can peek at your message while it’s on its way — more on TLS later.
However, once your email reaches the service provider’s servers, the TLS protection goes away, and your email sits there in a readable, plain format. So, if someone gets access to these servers, they may be able to read your email easily.
What’s more, this plain text email isn’t just accessible from your account but also from the recipient’s account. So, if someone steals your or the recipient’s password, they can read the email without any problem.
Unencrypted emails are also pretty easy to forge. Hackers can fake an email and make it look like it came from a legitimate source.
That’s why relying on basic protection won’t be enough in some situations. Instead, you need to apply end-to-end encryption so that your email is encrypted right on your device and stays encrypted while it’s on the server until it reaches the recipient’s device.
Here are scenarios where we recommend using end-to-end encrypted emails for extra security.
Protect Sensitive Information
When sending certain types of information through email, you want to be extra careful. No one wants their medical records or IDs leaked. This is a scenario where using encrypted emails can add that extra layer of security to keep your information safe from people who have no business seeing it.
Use encryption when sending these types of information:
- Medical records.
- Employment records.
- Financial documents.
- Bank account details.
- Insurance information.
- Social Security numbers.
- Personal Identification Information.
Compliance With Regulations
Apart from just keeping personal stuff safe, there’s another big reason why encrypting emails is important: staying on the right side of the law. Regulations for encryption can be specific to an industry or a region. For example:
- In the European Union, the General Data Protection Regulation (GDPR) recommends companies use encryption to store and transfer personal data because they’ll be held accountable in case of a breach.
- Canada has the Personal Information Protection and Electronic Documents Act (PIPEDA), which states organizations must have security policies and tools, such as encryption, to protect the personal information they collect.
- Australia’s Privacy Act has similar requirements for organizations and businesses.
Now, besides countries having rules, certain industries have their own set of rules, too. Here are a few regulations for industries in the United States:
|Industry||Regulation Name||Enforced By||Requirement|
|Healthcare||Health Insurance Portability and Accountability Act (HIPAA)||Department of Health & Human Services||Emails containing patient info must be encrypted to keep people’s health details private.|
|Finance||Gramm-Leach-Bliley Act (GBLA)||Federal Trade Commission||Financial institutions should encrypt emails to protect customer financial information.|
|Legal||Various State Laws||State Governments||Lawyers often need to encrypt emails to keep client information confidential.|
|Education||Family Educational Rights and Privacy Act||Department of Education||Schools should do everything in their power to keep student records private.|
If you’re in a different field or another country, check whether there are any rules about encrypting emails. One way to do this is by talking to your company’s legal staff or a compliance officer. You could also search online or check with professional organizations in your field. They often have guidelines or resources on these topics. If you want to be thorough, contact a local regulatory agency or a lawyer who knows about information security laws.
Do I Need Email Encryption for Personal Use?
You won’t typically need email encryption for personal emails. Personal email security is mostly a matter of avoiding risky behavior, such as sharing passwords. If you plan to send sensitive data, like medical or financial records, password-protect these files and send them as an attachment.
Or you can use more secure methods like secure messaging platforms or a secure file-sharing service.
Encryption is still an option, but depending on your email client and the recipient’s client, it could need some configuration. So, only use it if you have to.
Never Share Passwords Over Email
There’s one type of information you should never send over email, even if you encrypt it: your passwords. While encryption makes your emails a lot safer, it’s not a fortress. If someone really wants to, and has the right tools, they might still find a way to crack it open.
Instead, a safer alternative is to use a password manager — an app that keeps all your passwords in a secure vault, locked with a master password. Password managers also let you share passwords securely without the risks that come with using email.
Understanding Email Encryption Protocols
Before explaining the details of sending and receiving encrypted emails, we should cover a few concepts and protocols. This way, you can make better choices based on what you learn.
When you want to encrypt a piece of information, such as an email, you need an encryption algorithm and a key. The algorithm is fixed. It always goes through the same steps. But the keys are variable, meaning each key will produce a different result.
The key determines the unique output of the encryption process. Even a slight change in the key will result in a completely different encrypted message. It’s the secret component that ensures only authorized parties can access the original, unencrypted information.
Encryption keys come in two types:
- Public key: A public key is like a lock, and it’s called public because anyone can have it. When someone wants to send you an encrypted email, they use your public key to lock or encrypt it.
- Private key: The private key is like the key to that lock. It’s called private because only you should have it. You use your private key to unlock or decrypt the email so you can read it.
An email locked with your public key can only be unlocked with your private key, and vice versa.
You can encrypt email communications in two ways: the connection that transports the email and the email message itself. Connection encryption is known as transport-layer encryption while encrypting the message itself is called end-to-end encryption.
Transport Layer Security (TLS)
TLS encrypts data packets that travel between your device and the server so that no one can read them, even if they can eavesdrop on your connection. But the encryption isn’t end-to-end — the server that receives the packets decrypts them.
The protocol works automatically, meaning you don’t have to install any special software to use it. But a lot goes on behind the scenes. When you want to send an email to a server, a process known as the TLS “handshake” kicks into action to establish a secure connection. Here’s a simplified breakdown of what happens:
- Initiating the connection: Your client or browser sends a secure connection request to the server.
- Server certificate: The server responds by sending over a digital certificate. This certificate, issued by a trusted entity called a Certificate Authority (CA), vouches for the server’s identity. It’s the server saying, “You can trust me; see, I have this certificate!”
- Verification: Your client checks the certificate to make sure it’s valid and really from the intended server. This is your device’s way of making sure it’s not talking to an imposter.
- Key exchange: Your device and the server exchange key information to establish a secure connection. This is like exchanging secret handshakes so that both sides can understand each other, but anyone eavesdropping wouldn’t understand a thing.
- Secure communication: Your data is encrypted using this key information, sent to the server, decrypted by the server, and vice versa. This ensures that your communication remains private and intact.
- Closure: Once the communication is complete, the secure connection is closed. If you or the server want to communicate securely again in the future, a new handshake process will begin.
If you know anything about secure connections, you’ve probably heard about Secure Socket Layer (SSL). It was the go-to protocol for establishing secure connections, but TLS replaced it a few years ago. Despite the transition, many people still use TLS and SSL interchangeably.
Open Pretty Good Privacy is the most popular standard for end-to-end email encryption. It was first developed in 1997 as a proprietary protocol, but it became open-source a few years later. It provides a set of rules for application developers to follow when creating email encryption software. Various versions of OpenPGP are available for all the major operating systems.
Here’s how OpenPGP works. Your email software generates an exclusive pair of public and private keys. When you want to send an encrypted email, it uses the recipient’s public key to encrypt the message. Once the recipient gets your email, they’ll use their private key to decrypt the message into readable text.
To use OpenPGP on your computer, you’ll need an encryption program, such as Pgp4Win if you’re a Windows user or GnuGP if you’re into Linux. You’ll also need a certificate manager, like Kleopatra. The process involves a few imports and exports and might feel overwhelming at first. But you can set everything up in less than 30 minutes.
You can also find a YouTube tutorial that hits the spot for total beginners.
How do you find the recipient’s public key?
The easiest option is to ask them to send it to you. They can email you the text file containing the public key. Doing this doesn’t pose a security risk since the key is literally “public.” The other option is to search their email address on a key server, a directory of public keys. But there’s no guarantee you’ll find the public key.
Here’s a list of certificates you’ll find on Kleopatra’s key server:
Besides encrypting emails, OpenPGP also allows for digital signatures — a way for the sender to prove that the email came from them and wasn’t tampered with along the way. When you send an email, OpenPGP can create a unique signature using your private key. The recipient can use your public key to check the signature and verify the email came from you.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME is an end-to-end encryption protocol that encrypts the email’s text and attachments. It’s a newer standard than PGP, and it’s easier to use because most email clients, like Outlook and Apple Mail, support it out-of-the-box. So, there’s no need for additional software.
S/MIME is a corporate-friendly option because it’s an efficient, open standard that anyone can implement into their email infrastructure. So, organizations can set their network to encrypt all emails end-to-end automatically.
Proprietary Encryption Protocols
Many companies create their own encryption protocols to better control security or tailor the encryption process to their specific needs.
For example, Microsoft’s Office 365 Purview Message Encryption lets Office 365 users send encrypted emails to all addresses using this end-to-end encryption protocol. This protocol is much more convenient than OpenPGP because it doesn’t require installing software or certificates — just ticking a checkbox. If the recipient uses Office 365, they’ll view the email regularly, but if they use another client, they’ll get a link that explains how they can access the message.
How Do I Know if an Email Is Encrypted?
Different email clients have their own ways of showing you if an email is encrypted, but many use a padlock icon as a visual indicator.
For instance, if you’re using Gmail (client and webmail), click on the small arrow near the “To” line, and a box will pop up showing you some security details.
- A red padlock means the email isn’t encrypted.
- A gray padlock tells you that the email has TLS encryption.
- A green padlock means the email is encrypted using S/MIME.
Here’s an example:
If you’re using Outlook, you can find similar information in the same place, but instead of colorful padlocks, it uses descriptive text to tell you about the encryption status.
With other clients, you can usually find this information in the documentation or help section of your email client. Look up “encryption indicator” or something similar, and you should find instructions on how to check the encryption status of your emails.
How Do I Open an Encrypted Email?
Opening an encrypted email varies depending on the encryption protocol and whether your email client supports that protocol.
For example, if an email is encrypted using S/MIME, and you’re using an email client like Outlook, which supports S/MIME, the process should be straightforward. If your email client is set up correctly with your private key, the authentication and decryption process happens automatically. You’ll just open the email as you normally would
To understand the exact way your email client handles encrypted emails, check its documentation.
How Do I Send an Encrypted Email?
You can take two different routes when you want to send an encrypted email: encrypt the entire email or only encrypt the sensitive info and send it as an attachment. Let’s break down each one:
Using an Email Client
Sending an encrypted email involves a few steps, and the process can vary depending on the email client or service you’re using. Here’s a brief outline of how you might go about it:
- Choose an encryption protocol: Your choice might depend on your email client and whether you’re sending to recipients within your organization or outside of it.
- Get the necessary keys/certificates: For S/MIME, you’ll need a digital certificate from a Certificate Authority (CA). For PGP, you’ll need to create a key pair and might need the recipient’s public key.
- Configure your email client: Set up your email client to use the chosen encryption method. This might include installing additional software or configuring built-in settings.
- Compose your email: Write your email as you normally would.
- Encrypt the email: If you’re using S/MIME, your email client will automatically encrypt the email when you send it. With PGP, you might need to use a plugin or an external program to encrypt the email before sending it.
- Send your email. The recipient will need the corresponding private key to decrypt and read the email.
This video will teach you how to send encrypted emails using Outlook with a Microsoft 365 subscription. You’ll discover how to send encrypted emails to people within and outside your organization.
Instead of encrypting the whole email, you just encrypt the attachment using a file encryption software or service. You then attach this encrypted file to your email. The recipient will need the correct key or password to decrypt and access the file.
This method is usually simpler since the sender and recipient don’t have to have compatible email encryption setups. Also, the email itself is still readable so that the recipient can understand the context of the attached file.
Here’s how you can encrypt a text message (or any kind of file) using OpenPGP.
- Download and install the right OpenPGP software for your operating system.
- Create your keypair using your name and email address.
- Click Encrypt and choose your file.
- If you want to encrypt the attachment using someone else’s key, import their certificate file. Otherwise, leave your own certificate selected and click Sign/Encrypt.
- You’ll get a pgp file, which you can attach to a regular email and send to your recipient.
You’ll need a different way, such as file sharing, to securely share the decryption key with the recipient. Still, if someone intercepts both the email and the decryption key, they can access the sensitive content in the attachment.
Email Encryption Best Practices
Email security isn’t just about which encryption protocols you use. As the person in the driver’s seat, how you handle encryption matters a lot. Here are a few tips to maximize your protection:
- Keep your private key files on a secure drive or folder, and never share them with anyone. Cloud storage or printed keys.
- Make it a habit to encrypt all your emails if you decide to go down the encryption path. Encrypting everything makes it difficult for someone to spot which emails might contain sensitive information, adding an extra layer of security.
- For maximum security, don’t keep unencrypted versions of your encrypted attachments on your device. This way, your sensitive information will stay safe even if someone gets access to your device.
- Keep your email client and encryption plugins up-to-date to get the latest security enhancements.
- Learn about email encryption and educate others who may need to send or receive encrypted emails.
Always Safe, Sometimes Encrypted
An encrypted email is your digital safeguard when sending sensitive information. It transforms your readable message into a scrambled text, which only the recipient can unscramble and read with the correct key.
At Campaign Refinery, we help you foster trust with your audience, and security is part of that effort. When you send emails through our platform, your links will be secure. This way, your audience can interact with your content with confidence, knowing that the links are safe to click.
Check out our services and let’s see if we can team up!
If your concern is getting your emails delivered reliably to your recipients’ inboxes, we’re here to help. Our Inbox Formula guide is packed with actionable tips based on our experience as a fast-growing email marketing solution working with elite customers. You’ll learn how to keep your marketing message away from the spam folder for good!
Get Access to the Inbox Formula for free today!
Written by Casper Feeney