Today, almost everyone around the world is concerned about protecting personal chats. That’s the reason apps like WhatsApp, Signal, and Telegram have become so popular as they offer encryption for your chats. But ever wondered how to encrypt your email information?
From businesses to personal communication, emails are being used everywhere, even for sharing sensitive data. That’s why data breaches and phishing attacks often target emails because that’s where the perpetrators find a treasure trove of data.
Hence, you need to protect your emails too to keep your details private. But why don’t mainstream email service providers offer to encrypt emails? We hear you ask.
It’s not that such features don’t exist. Instead, it’s the ignorance from both the service providers and the end-users that email encryption becomes the last thing to attract attention.
But if you’re among those who are equally concerned about securing emails, then this email encryption guide is for you.
Quick guide to encrypt your emails
Anxious to start encrypting your emails right away? The quickest method is to use an encrypted email service. Here’s how you go.
- Select a robust encrypted email service provider. You can even opt for free services such as ProtonMail or Tutanota.
- Create your account on the email service. You might have to enter bit of your personal details to register.
- Sign-in to your account and adjust the settings to ensure encryption is enabled.
- Start communicating securely.
Why do I need to encrypt emails?
Before moving on to how to encrypt email, let us elaborate on why you should do it in the first place.
Emails primarily include lots of sensitive data. For instance, business emails may consist of everything from employees’ account credentials to consumers’ personal and non-personal data. Also, intra-business emails frequently include reports, event logs, salary details, financial information, and other lucrative data for cybercriminals.
Likewise, hospitals, labs, and medical facilities often include critical PHI data of patients as well.
Similarly, personal email users also share important information via emails, such as account credentials, phone numbers, addresses, and much more.
Many times, users even communicate about sensitive topics via emails that you may think of as unimportant for anyone. However, your government and surveillance authorities would be interested in that.
So, to protect all this data contained in your emails, the only viable solution is to apply email encryption.
However, such encryption won’t effectively protect you from targeted surveillance, such as NSA’s PRISM Program. But it will provide adequate security from data mining and data monetization by your ISP and other third parties.
How does email encryption work?
Email encryption also employs the usual encryption methodology. The process transforms the readable (plain text) emails into an unreadable (ciphertext) format.
Doing so ensures that your message remains protected during transit and that nobody else can read your message except your intended recipient.
For this, emails can be encrypted with symmetric encryption, where the same key is used to cipher and decipher messages. In this case, the sender communicates the encryption key with the recipient via any means other than emails.
Or, users can apply asymmetric encryption on emails where the private and public keys are different. It is, however, a somewhat complicated process.
For asymmetric encryption, users publicly share their public encryption key with their email addresses. So, if you wish to send them an encrypted email, you will have to search for this public key.
When you send this email encrypted with the respective public key to the particular email, it remains unreadable during transit.
The respective recipient would use its own private key (corresponding to the public key) upon receiving your email.
While this process involves the additional effort of looking for the public key, it is safer than symmetric encryption. It’s because you and the other user don’t have to communicate the decryption key via any other potentially vulnerable means. So, for example, you neither have to worry about snooping on calls nor depend on unsecured third-party apps exposed to MiTM and other spying activities to share the keys.
Types of email encryption
In the jargon of email communications, you will often see the terms “S/MIME” and “PGP.” These are the two types of encryption used for securing emails.
You can use either of them, but make sure that you and the recipient use the same method.
1. Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME is like a digital fingerprint that verifies the recipient to ensure that the correct user reads the message. For this, the encrypted email includes a small-sized attachment named “smime.p7s.”
It is a centralized system that predefines the encryption algorithm and key for you. Thus, you don’t have to go through the hassle of choosing encryption algorithms.
All you need is to get a certificate from a centralized Certificate Authority (CA), such as Comodo, DigiCert, and Symantec. You can do so by using their S/MIME extension for encrypting your emails.
This type of email encryption is commonly used in corporate networks or sending emails to frequently interacted users. Most dedicated desktop email clients like Outlook and Thunderbird support S/MIME.
While you can also use it on Gmail, it is relatively more rigid. However, Apple users can easily use S/MIME since it supports OSX and iOS.
The only limitation with using S/MIME is that you cannot start using it right after activation. Instead, it needs you to have sent at least one email to the sender (if you’re at the receiving end) with your digital signature or vice versa (if you are the sender).
2. Pretty Good Privacy/Multipurpose Internet Mail Extensions (PGP/MIME)
The second way to encrypt your email is by applying PGP/MIME.
It is a relatively safer protocol as it relies on a decentralized system. Thus, it gives you the liberty to choose your own encryption key.
Plus, you will find this quite affordable as you (often) do not have to subscribe to any service. (In the case of S/MIME, you have to purchase the CA certificate.)
Or, even if you use a paid service, it doesn’t blow your budget.
The only problem with PGP is that you have to rely on third-party services to implement encryption. (S/MIME is usually available as a built-in feature with email clients and Apple devices.)
However, this single limitation isn’t a big deal given the freedom and the range of choice for implementing encryption.
How do I send an encrypted email?
Generally speaking, encrypting emails aims at three different factors: encrypting email connections, email messages and attachments, and storing encrypted emails.
Regardless of the type of mail encryption or the method you choose, the overall procedure will always focus on these three aspects.
Encrypting an email connection
Just like websites, SSL and TLS encryptions also help in encrypting emails.
As with HTTPS website security that creates a secure tunnel between you and the website, applying SSL/TLS to emails encrypts the connection between your device and the email service provider.
Most services already encrypt email connections. You can check this by taking a look at the address bar. If you can see an “https://” at the beginning of the URL, along with a padlock sign, then you have an encrypted connection with your email provider.
If not, try typing “HTTPS” in place of “HTTP” to secure your connection. Ideally, this should reload the page if HTTPS is present. But if that doesn’t work, you may need to check your “Account Settings” and see if your email provider supports SSL/TLS. You may also ask your email provider for this.
Encrypting email attachments
If you’re wondering how to encrypt email attachments, then let us tell you that attachments, in most cases, are encrypted together with the email message. It means that when you encrypt the contents of an email, you encrypt the attachments too.
To encrypt email messages, you can simply use the available encryption method. For example, you can use S/MIME built-in to your device or email client or choose any third-party add-on.
Storing an encrypted email
This is the most important thing to consider because even slight negligence here will ruin all your efforts to encrypt emails.
Briefly, to keep encrypted emails secure, you can apply encryption to your respective device where you receive emails.
However, things go seemingly out of control when you backup your emails on the clouds. So, to keep your emails safe there, you can use third-party encryption tools to protect your backed-up data.
Also, you can use the security features offered by your cloud service. For instance, Microsoft OneDrive offers a secure “Personal Vault” to protect your sensitive data. Likewise, Dropbox provides encryption to your data.
How do I encrypt an Outlook email?
Let’s start this email encryption guide with Outlook – a platform commonly used in the corporate sector. Also, most desktop users use Outlook for personal emails too because of its ease of use.
Before moving on to encrypting an email on Outlook, make sure that you have a digital certificate from a reputed CA. Often, your organization would provide you with one. Otherwise, you can buy it from a reliable CA like Comodo, DigiCert, etc.
Once you get yourself a certificate, here’s how you should proceed.
Setting up Outlook for encrypting an email
1. Open Outlook on your desktop. Go to the “File” menu and click on the “Options” tab. You will see a window like this:
2. Now click on the “Trust Center” tab.
3. Next, click on the “Trust Center Settings” button and go to “Email Security.”
You will see a “Get a Digital ID” button beside the “Import/Export” button if you have a digital certificate. (It’s not visible in the snapshot above because of my own settings.) Clicking on that button will allow you to choose the CA, whose certificate will reach your mailbox after subscribing to the service.
4. Once done, configure your Outlook for sending encrypted emails. Simply click on the “Settings” button appearing under the “Encrypted email” section (as shown in the above screenshot). You will now see the following window.
Here, ensure that you have S/MIME selected as the “Cryptographic Format” and have both the default setting boxes checked.
Now click on the “Choose” button appearing in front of the “Signing Certificate” option and select the certificate sent to you by your CA.
After that, check the “Send these certificates with signed messages” option and click on “OK.”
Sending encrypting emails via Outlook
You have successfully set up Outlook for encrypting emails above. Now let’s cover how to send a secure email attachment and messages after adjusting your Outlook Settings.
Well, for that, you need to follow a few more steps listed below.
1. Click on “New Email” to start composing an email and go to the “Options” tab. It is the first step to creating encrypted emails via Outlook.
Now go to the “Message Options” by clicking on the small arrow, as shown here.
2. You will now see the following window. Click on the “Security Settings” button.
3. In the new prompt, check the “Encrypt message contents and attachments” and “Add digital signature to this message” boxes. Leave the other options as they are, and click on “OK” to finalize your settings.
But wait, you aren’t done yet.
While you have finalized your Outlook settings, you must first communicate with the sender with your digital signature and vice versa. (Remember the limitation of S/MIME mentioned above?)
This prior exchange of digitally signed communication lets Outlook verify a trusted contact.
So, if you want to send an encrypted email to someone, check if you have already received the recipient’s digital signature.
If yes, you’re good to go. If not, you need to send an email with your digital signature to the recipient and ask the recipient to send you the same.
After that, both of you will have each other’s digital certificates. Hence, you can now start communicating via encrypted emails.
If you are wondering about Office 365 email encryption, don’t worry. Microsoft Office 365 also supports sending encrypted emails even to the other email services.
If you’re at the receiving end, you will receive a link with the email to read the message. Sign in with your respective email service provider and opt for a one-time passcode. This is how to open an encrypted email in Outlook when not using Office 365.
How can I encrypt an email on macOS?
Like Outlook, sending encrypted emails via macOS requires you to buy a CA’s digital certificate.
Also, the email encryption mode will be S/MIME. So, you must ensure the prior exchange of digital certificates before sending an encrypted email.
Given that you already have a CA digital certificate, here we quickly list the step-by-step process to send an encrypted email on macOS:
- Go to the “Applications” on your Mac device via “Finder.” Then, via “Utilities,” click on “Keychain Access.”
- After opening the app, click on “Keychain Access” appearing on the top-left of your screen and scroll down to reach “Certificate Assistant.” From here, click on “Create a Certificate” from the side menu. This option works when you are using the built-in S/MIME encryption to create a self-signed certificate. Otherwise, if you already have a digital certificate with you from a CA, then choose the “Create a Certificate Authority” option instead.
- Now, give a name to your digital certificate and proceed to create.
- Once done, link your email address with the certificate to apply it to your emails in the future. For this, find your certificate under the “Keychain Access” menu, right-click it, and select the “New Identity Preference” option.
- Type your email address under the “Location or Email Address” option.
- Make sure that your certificate name is appearing in front of the “Certificate” value. Click the “Add” button.
- Now enter your Mac password to proceed with integrating the Keychain Certificate into your email.
Note: After step 4, you would be ready to share your digital certificate with the other user (and vice versa). Once done, you can send encrypted emails on your Mac.
How to encrypt emails on iPhone?
Similar to macOS, S/MIME is also available by default in iOS too.
So, you are all set to send encrypted emails via your iPhone right after you exchange your digital certificate with other users.
All you need to do is to activate S/MIME on your email account. You can do so by selecting your desired account via Settings > Accounts & Passwords > Accounts.
Tap on the desired account, click on your email ID and go to the “Advanced” settings. Next, scroll down to reach “S/MIME,” turn it on, and select “Encrypt by Default” as “Yes” if you want all your emails to be encrypted.
The iOS will automatically consult the global address list (GAL) to find S/MIME certificates of your contacts whenever you compose an email. If found, you will see a blue-colored open padlock sign in front of the recipient’s address. It shows that you can send encrypted emails to the recipient.
If a certificate isn’t available for a recipient, this icon will appear red. In that case, you first need to exchange your certificates before sending an encrypted email.
How to send encrypted emails on Android?
Unlike desktop email clients and Apple devices, Android doesn’t have predefined encryption. Thus, you have the liberty to use either S/MIME or PGP/MIME, whichever suits you.
Moreover, you have plenty of apps supporting email encryption on Android. Considering Android devices’ vulnerability to cyber threats, we highly recommend encrypting your emails on Android devices.
1. S/MIME encryption using CipherMail App
The easiest way to secure your emails on Android is by using the CipherMail Email Encryption app.
It works on top of your existing Android email app, offering S/MIME encryption.
Moreover, it also comes with a great convenience to make your email communication more secure.
CipherMail can work with existing S/MIME clients, including Outlook and Thunderbird. Plus, it also works with Gmail on Android. Hence, if you face any trouble while applying encryption to Gmail, you can protect your email via your Android device.
Also, CipherMail lets you create self-signed certificates.
2. Using PGP/MIME encryption
Unlike S/MIME, which requires a single app on Android, PGP/MIME setup is a bit more complicated. Yet, knowing that this one is safer than the former one, you may want to make this effort to enjoy secure email communication.
Setting up PGP/MIME on Android involves using a separate email app and a keychain for certificate storage. Thus, you need to install two apps here.
At first, you need to install the K-9 Mail app. It’s an open-source email app that allows encrypting emails with OpenPGP. Since it is open-source, you can use it to send free encrypted email messages from your Android.
After that, you can download and install the OpenKeychain app. It’s a dedicated Android app that applies PGP encryption to your messages. Also, it’s an open-source, free-to-use application.
Now you may wonder why to install K-9 Mail when you have your own email client on Android.
It’s because, as stated above, many apps do not support PGP/MIME. Likewise, OpenKeychain also supports limited apps for encryption.
Therefore, for using PGP/MIME encryption on your Android emails, the combo of K-9 Mail and OpenKeychain is the most viable free option.
Setting up K-9 Mail and OpenKeychain
After you download both apps, open the OpenKeychain app, and tap on the “Keys” option. Then tap on “Create My Key” to generate your PGP key.
After that, open the K-9 Mail app on your device and complete the installation process.
Then, go to the “Account Settings,” find and tap the “Cryptography” option and select “OpenPGP.” Then choose “OpenKeychain” here to let the latter integrate with your mail client.
Once done, you are all set to send PGP encrypted emails.
However, ensure that the receiver also uses PGP; otherwise, your emails won’t open at the other end.
How do I send an encrypted email in Gmail and Yahoo?
Did you know you can also send encrypted emails via Gmail? You heard it right.
Although Gmail offers a dedicated feature of sending Confidential emails to others, this feature doesn’t provide any specific security to your messages.
It only prevents others from downloading or forwarding your emails. However, the tech giant itself can still view it easily. It means your emails also remain visible to the service providers, and thus, no encryption exists meanwhile.
However, it doesn’t mean that you can’t encrypt your Gmail apps. Of course, you can. It may be a bit harder, though.
Likewise, if you wonder how to encrypt email on Yahoo, again, we’ve got you covered.
Here is the one-for-all solution to encrypt your emails as a routine – Mailvelope.com.
It’s a dedicated browser extension that doesn’t make you go through tedious installation procedures. Nor does it occupy lots of space in your device. Mailvelop is available for Chrome, Edge, Firefox, and other Chromium-based browsers.
When installed in your browser, it provides encryption functionality to your webmail clients, like Gmail, Yahoo, Outlook.com, Zoho Mail, and more.
This extension is also an open-source product. It means you can use it to encrypt your emails for free. However, the paid options give you even more functionalities needed for corporate use.
Using Mailvelop is relatively easy. Just visit their site and download the add-on version compatible with your browser.
After that, click on the add-on’s icon to configure it. Enter your name and other details as asked and proceed with generating your PGP encryption key.
Once done, you can visit the “Display Keys” option under the “Key Management“ tab to see your key. Click on it and move on to “Export” your “Public Key.”
You can now share this “Public Key” with others to let them send PGP encrypted emails to you. At the same time, you will have your own private key secretly stored at your end within the add-on.
Mailvelop has been kind enough to share a detailed tutorial about using the utility. You can check their help page for detailed guidance.
Alternate method to encrypt your emails: Use secure email service
While you can apply encryption to your current email clients, setting them up is not always easy.
Besides, you get limited options to encrypt your emails the way you want.
Nonetheless, several secure email services are now available to address these issues. Some of them are even free to use.
Precisely, secure email services apply easy-to-setup or default encryption for your emails, including attachments. Thus, you do not have to meddle with the configurations regarding S/MIME or PGP, etc. All it takes is to register with a service of your choice to start protecting your emails.
Below we list some select secure email service providers suitable for everyone.
- Tutanota: Germany-based open-source, end-to-end encrypted email service suporting 1GB of free storage.
- ProtonMail: A Swiss-based, open-source, end-to-end encryption email service offering 500MB of email storage for free.
- Hushmail: a freemium Canadian secure email service supporting OpenPGP.
- CounterMail: Supports OpenPGP emails, prevents email breaches even if someone gets your password by offering physical USB support to store decryption keys.
Nonetheless, feel free to go through our guide on the best secure email services to know about more of such providers.
Advantages of using email encryption
The main reason you encrypt your email may be to ensure uninterrupted delivery of your message to the intended recipient. But, did you know there are many more benefits of doing that? Here we quickly list a few key benefits that you get by encrypting your emails.
- Secure sensitive information from snoopers and hackers. Of course, your emails would often include lots of sensitive personally identifiable and health data that can risk your security if landed into the wrong hands. So, with encryption, you ensure that all of this data remains safe even in the case of a data breach.
- Swift security of your communications. Once enabled, you don’t really have to keep resetting encryption for your emails. That means you no more have to worry about HTTPS or other security measures while sending emails from anywhere.
- Cost-effective alternate to data security. Of course, you need to keep your servers secure and away from cybercriminals, which requires a fortune. But you can largely reduce this cost by security your email data with encryption. Let your secure servers store the rest of your data.
- Compliance with data security laws. Although, as an organization, emails are not the only data that you should protect when it comes to complying with the prevalent internet security laws. But, with email encryption, you can achieve a certain level of data protection for your customers, which subsequently helps you comply with laws, such as HIPAA.
Bonus tip: Use burner email addresses
As mentioned in the earlier sections, email encryption only protects your messages from snoopers during transit.
Once the email reaches the destination server, it becomes possible (to an extent) for the service providers and other snoopers to get a hint of the message.
It means that you get around 90% security of your communication when using email encryption. Whereas, to achieve the remaining 10% protection, you need an alternate strategy, such as using Burner Email Addresses.
Burner emails, as the terminology hints, are a means of sending anonymous emails with complete anonymity. Through these services, you get fake email addresses for temporary usage.
These services may not be helpful for long-term use. However, if you want to merely send a message to someone without disclosing your identity online, then these email addresses come in handy. Two classic examples of such services are ZMail and Guerrilla Mail.
Email apps you should avoid
Today, you’ll find tons of email apps online, all offering impressive services. However, from a security point of view, you can’t really trust them if they don’t support encryption.
While that’s pretty obvious for a privacy-savvy user, what’s horrific is that many apps claim to support or offer encryption. But, in reality, they do not support S/MIME pr PGP/MIME.
Although such apps may appear faster and easy to use, you can’t be sure of their safety unless you know about their encryption protocol. Undoubtedly, not all encryption protocols offer the same level of security. So, it is wise to stay wary of such apps that do not present explicit information about the encryption protocols they use.
What else should keep your emails secure? Best practices.
Although, email encryption remains the best way to secure your email communications. However, you may not always ensure proper encryption, such as when you and the recipient won’t use the same service. So how would you protect your emails in the absence of encryption?
Take a look at the following best practices that you should consistently implement for your personal, business, and other emails. Also, keep following them with or without encryption.
Scan emails for malware
Regardless of encryption, viruses or malware always have a chance to sneak into your email box. And once it does, you risk all your communications and other data to the attackers.
Usually, such viruses arrive via email attachments. So, it’s best always to scan such attachments before opening or downloading them. Thankfully, most service providers, like Gmail, automatically scan attachments and flag them upon spotting malicious behavior.
Avoid emails from unknown sources
It applies to all senders, even if they impersonate someone important. Ideally, if the sender has a visible name or identity (such as your bank), consider reaching out to the apparent sender via other means (like a phone call). If you can validate the genuineness of that email, you’re safe to open it. If not, delete it right away, or move to spam first to block any malicious components when you open the message. Marking as spam will also block emails from that sender in the future.
Use ‘BCC’ instead of ‘CC’
Although using ‘CC’ is a typical email practice in most organizations, such emails directly expose the emails addresses of everyone to everyone. Such exposure will also happen if an adversary access one such email message. Hence, it’s ideal to use ‘BCC’ in your emails aimed at more than one recipient to avoid excessive email exposure.
Similarly, if you receive a CC’ed email that you need to respond to, do not click on ‘Reply all’ unless you want your message to be visible to all others. Instead, you can click on ‘Reply’ to respond to the relevant sender only.
Create strong email passwords
It’s as essential for protecting your emails as for your bank account. You can take help from an online password generator to create strong passwords for you. Or, you can use a robust password manager to do the job.
Just like your private chats, your emails also deserve to be encrypted; in fact, they need it more. It’s because your emails often include data that you may not deem as necessary. But, from a hacker’s point of view, it’s a treasure trove.
Therefore, it’s your right, as well as your responsibility, to encrypt your emails and protect your privacy, be it about your personal or business emails.
That’s why we came up with this email encryption guide to let all of our readers secure their communication.
We hope that you will be able to identify the most suitable email encryption option(s) for yourselves after going through this article. Still, if you face difficulty or confusion at any point, feel free to share your concern with us via the comments section. Our team will revert to you at our earliest.
Stay safe, and enjoy your privacy!
Encrypted email is just an email that you ‘encrypt’ to prevent any third parties from spying on the message. You can apply end-to-end email encryption or encryption in transit to secure your communication accordingly.
While a VPN encrypts your internet traffic to prevent network snoopers or your ISP from spying on you, it cannot encrypt your email. This is because VPNs typically deal with internet traffic, whereas emails are managed by your email service providers. So, despite using a VPN, you need to encrypt emails for thorough security.
No. Although Gmail’s Confidential Mode allows you to create private emails, they are not adequately encrypted anyway. Besides, Gmail only secures your emails in transit via TLS. You can, however, apply S/MIME encryption by enabling settings from your Google Admin Console.
Yes. You can encrypt your emails by using a free secure email service provider. Alternatively, you can enable settings like PGP to protect your emails.