How to encrypt your emails: An easy-to-follow guide on email encryption
The readers like you support PrivacySavvy to help keep up the good work. When you purchase using links on our website, we may earn an affiliate commission at no extra cost to you. Learn how PrivacySavvy.com makes money.
Today, almost everyone around the world is concerned about protecting personal chats. That’s the reason apps like WhatsApp, Signal, and Telegram have become so popular.
But what about your emails? From businesses to personal communication, emails are being used everywhere. Even for sensitive communication. That’s why data breaches and phishing attacks have emails at the top of their hit list because that’s where the perpetrators find a treasure trove of data.
So why not protect your emails too? Why don’t mainstream email service providers offer to encrypt your emails?
It’s not that such features don’t exist. Instead, it’s the ignorance from both the service providers as well as the end-users that email encryption becomes the last thing to attract attention.
But if you’re among those who are equally concerned for protecting email, then this email encryption guide is for you.
Why do I need to encrypt emails?
Before moving on to how to encrypt email, let us first elaborate on why you should do it in the first place.
Emails mostly include lots of sensitive data. For instance, business emails may consist of everything from employees’ account credentials to consumers’ personal and non-personal data. Also, intra-business emails frequently include reports, event logs, salary details, financial information, and other lucrative data for cybercriminals.
Likewise, hospitals, labs, and medical facilities often include critical PHI data of patients as well.
Similarly, personal email users also communicate important information via emails, such as account credentials, phone numbers, addresses, and much more.
Many times, users even communicate about sensitive topics via emails that you may think of unimportant for anyone. However, your government and surveillance authorities would definitely be interested in that.
So, to protect all this data contained in your emails, the only viable solution is to apply email encryption.
Although, such encryption won’t effectively protect you from targeted surveillance, such as NSA’s PRISM Program. But it will definitely provide adequate security from data-mining and data monetization by your ISP and other third-parties.
How does email encryption work?
Email encryption also employs the same usual encryption methodology. That is, the process transforms the readable (plain text) emails into an unreadable (ciphertext) format.
Doing so ensures that your message remains protected during transit and that nobody else can read your message except your intended recipient.
For this, emails can either be encrypted with symmetric encryption where the same key is used for ciphering and deciphering messages. In this case, the sender communicates the encryption key with the recipient via any means other than emails.
Or, users can apply asymmetric encryption on emails where the private key and public key are different. This is, however, a somewhat complicated process.
For asymmetric encryption, users publicly share their public encryption key with their email addresses. So, if you wish to send them an encrypted email, you will have to search for this public key.
When you send this email encrypted with the respective public key to the particular email, it remains unreadable during transit.
The respective recipient would use its own private key (corresponding to the public key) upon receiving your email.
While this process involves the additional effort of looking for the public key, it is safer than the symmetric encryption. It’s because you and the other user don’t have to communicate the decryption key via any other potentially vulnerable means.
Neither you have to worry about snooping on calls, nor would you have to depend on unsecured third-party apps exposed to MiTM and other spying activities.
Types of email encryption
In the jargon of email communications, you will often see the terms “S/MIME” and “PGP.” These two are the two types of encryption used for securing emails.
You can use either of them, but make sure that you and the recipient use the same method.
1. Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME is like a digital fingerprint that verifies the recipient to ensure that the right user reads the message. For this, the encrypted email includes a small-sized attachment named “smime.p7s.”
It is a centralized system that predefines the encryption algorithm and key for you. Thus, you don’t have to go through the hassle of choosing encryption algorithms.
All you need is to get a certificate from one of the centralized Certificate Authority (CA), such as Comodo, DigiCert, and Symantec. You can do so by using their S/MIME extension for encrypting your emails.
This type of email encryption is commonly used in corporate networks or sending emails to frequently interacted users. Most dedicated desktop email clients like Outlook and Thunderbird support S/MIME.
While you can also use it on Gmail, it is relatively more rigid. Though Apple users can easily use S/MIME as it supports OSX and iOS.
The only limitation with using S/MIME is that you cannot start using it right after activation. Instead, it needs you to have sent at least one email to the sender (if you’re at the receiving end) with your digital signature or vice versa (if you are the sender).
2. Pretty Good Privacy/Multipurpose Internet Mail Extensions (PGP/MIME)
The second way to encrypt your email is by applying PGP/MIME.
It is a relatively much safer protocol as it relies on a decentralized system. Thus, it gives you the liberty to choose your own encryption key.
Plus, you will find this much more affordable as you (often) do not have to subscribe to any service. (In case of S/MIME, you have to purchase the CA certificate.)
Or, even if you use a paid service, you will find them much more affordable.
The only problem with PGP is that you will have to rely on third-party services to implement encryption. (S/MIME is usually available as a built-in feature with email clients and Apple devices.)
However, this single limitation isn’t a big deal given the freedom and the range of choice for implementing encryption.
How do I send an encrypted email?
Generally speaking, encrypting emails aim at three different aspects: encrypting email connections, email messages and attachments, and storing encrypted emails.
Regardless of the type of mail encryption or the method you choose, the overall procedure will always focus on these three aspects.
Encrypting an email connection
Just like websites, SSL and TLS encryptions also help in encrypting emails.
As with HTTPS website security that creates a secure tunnel between you and the website, applying SSL/TLS to emails encrypts the connection between your device and the email service provider.
Most services already encrypt email connections. You can check this by taking a look at the address bar. If you can see an “https://” at the beginning of the URL, along with a padlock sign, then you have an encrypted connection with your email provider.
If not, try typing “https” in place of “HTTP” to secure your connection. If that doesn’t work, you may need to check your “Account Settings” and see if your email provider supports SSL/TLS. You may also ask your email provider for this.
Encrypting email attachments
If you’re wondering how to encrypt email attachment, then let us tell you that attachments, in most cases, are encrypted together with the email message. It means that when you encrypt the contents of an email, that includes the attachments too.
To encrypt email messages, you can simply use the available encryption method. For example, you can use S/MIME built-in to your device or email client. Or, choose any third-party add-on.
Storing an encrypted email
This is the most important thing to consider because slight negligence here will ruin all your efforts to encrypt emails.
Briefly, to keep encrypted emails secure, you can apply encryption to your respective device as the email would always reach your device.
However, things go seemingly out of control when you backup your emails on the clouds. So, to keep your emails safe there, you can use third-party encryption tools to protect your backed-up data.
Also, you can use the security features offered by your cloud service. For instance, Microsoft OneDrive offers a secure “Personal Vault” to protect your sensitive data. Likewise, Dropbox provides encryption to your data.
How do I encrypt an Outlook email?
We’ll start our email encryption guide with Outlook since this is the platform commonly used in the corporate sector. Whereas, most desktop users also use Outlook for personal emails because of its ease of use.
Before moving on to encrypting an email on Outlook, make sure that you have a digital certificate from a reputed CA. Often, your organization would provide you with one. Otherwise, you can buy it from a reliable CA like Comodo, DigiCert, and others.
Once you get yourself a certificate, here’s how you should proceed.
Setting up Outlook for encrypting an email
1. Open Outlook on your desktop. Go to the “File” menu and click on the “Options” tab. You will see a window like this:
2. Now click on the “Trust Center” tab.
3. Now click on the “Trust Center Settings” button and go to “Email Security.”
If you have a digital certificate, you will see a “Get a Digital ID” button beside the “Import/Export” button. (It’s not visible in the snapshot above because of my own settings.) Clicking on that button will allow you to choose the CA, whose certificate will reach your mailbox after you subscribe to the service.
4. Once done, configure your Outlook for sending encrypted emails. Simply click on the “Settings” button appearing under the “Encrypted e-mail” section (as shown in the above screenshot). You will now see the following Window.
Here, make sure that you have S/MIME selected as the “Cryptographic Format” and have both the default setting boxes checked.
Now click on the “Choose” button appearing in front of the “Signing Certificate” option and select the certificate sent to you by your CA.
After that, check the “Send these certificates with signed messages” option and click on “OK.”
Sending encrypting emails via Outlook
You successfully set up Outlook for encrypting emails above. Now, let’s cover how to send a secure email attachment and messages after adjusting your Outlook Settings.
Well, for that, you just need to follow a few more steps that we list here.
1. Click on “New Email” to start composing an email and go to the “Options” tab. This is the first step to creating encrypted emails via Outlook.
Now go the “Message Options” by clicking on the small arrow, as shown here.
2. You will now see the following window. Click on the “Security Settings” button.
3. In the new prompt, check the “Encrypt message contents and attachments” and “Add digital signature to this message” boxes. Leave the other options as they are, and click on “OK” to finalize your settings.
But wait, you aren’t done yet.
While you have finalized your Outlook settings, you still need to first communicate with the sender with your digital signature and vice versa. (Remember the limitation of S/MIME we mentioned above?)
This prior exchange of digitally signed communication lets Outlook verify a trusted contact.
So, if you want to send an encrypted email to someone, check if you have already received the recipient’s digital signature.
If yes, you’re good to go. If no, then you need to send an email with your digital signature to the recipient and ask the recipient to send you the same.
After that, both of you will have each other’s digital certificates. Hence, you can now start communicating via encrypted emails.
If you are wondering about the Office 365 email encryption, then don’t worry. Microsoft Office 365 also supports sending encrypted emails even to the other email services.
If you’re at the receiving end, you will receive a link with the email to read the message. Sign-in with your respective email service provider and opt for a one-time passcode. This is how to open an encrypted email in Outlook when not using Office 365.
How can I encrypt an email on macOS?
Like Outlook, sending encrypted emails via macOS also requires you to buy a CA’s digital certificate.
Also, the email encryption mode will be S/MIME. So, you must ensure the prior exchange of digital certificates before sending an encrypted email.
Given that you already have a CA digital certificate, here we quickly list the step-by-step process to send encrypted email on macOS:
- Go to the “Applications” on your Mac device via “Finder.” Then, via “Utilities,” click on “Keychain Access.”
- After opening the app, click on “Keychain Access” appearing on the top-left of your screen and scroll down to reach “Certificate Assistant.” From here, click on “Create a Certificate” from the side menu. This option works when you are using the built-in S/MIME encryption to create a self-signed certificate. Otherwise, if you already have a digital certificate with you from a CA, then choose the “Create a Certificate Authority” option instead.
- Now, give a name to your digital certificate and proceed to create.
- Once done, link your email address with the certificate to apply it to your emails in the future. For this,
- Find your certificate under the “Keychain Access” menu, right-click it, and select the “New Identity Preference” option.
- Type your email address under the “Location or Email Address” option.
- Make sure that your certificate name is appearing in front of the “Certificate” value. Click the “Add” button.
- Now enter your Mac password to proceed with integrating the Keychain Certificate into your email.
Note: After step 4, you would be ready to share your digital certificate with the other user (and vice versa). Once done, you can send encrypted emails on your Mac.
How to encrypt emails on iPhone?
Similar to macOS, S/MIME is also available by default in iOS too.
So, you are all set to send encrypted emails via your iPhone right after you exchange your digital certificate with other users.
All you need to do is to activate S/MIME on your email account. You can do so by selecting your desired account via the Settings > Accounts & Passwords > Accounts.
Tap on the desired account then click on your email ID and go to the “Advanced” settings. Scroll down to reach “S/MIME,” turn it on, and select “Encrypt by Default” as “Yes” if you want all your emails to be encrypted.
Now the iOS will automatically consult the global address list (GAL) to find S/MIME certificates of your contacts whenever you compose an email. If found, you will see a blue-colored open padlock sign in front of the recipient’s address.
In case a certificate isn’t available for a recipient, this icon will appear red. In that case, you first need to exchange your certificates before sending an encrypted email.
How do I send an encrypted email in Gmail and Yahoo?
Did you know you can also send encrypted emails via Gmail? You heard it right.
Although Gmail offers a dedicated feature of sending Confidential emails to others, this feature doesn’t provide any specific security to your messages.
It only prevents others from downloading or forwarding your emails. However, the tech giant itself can still view it easily. It means your emails also remain visible to the service providers, and thus, no encryption exists meanwhile.
However, it doesn’t mean that you can’t encrypt your Gmail apps. Of course, you can. It may be a bit harder, though.
Likewise, if you wonder how to encrypt email on Yahoo, again, we’ve got you covered.
Here is the one-for-all solution to encrypt your emails as a routine – the Mailvelope.com.
It’s a dedicated browser extension that doesn’t make you go through tedious installation procedures. Nor does it occupy lots of space in your device. Mailvelop is available for Chrome, Edge, Firefox, and other Chromium-based browsers.
When installed in your browser, it provides encryption functionality to your webmail clients, like Gmail, Yahoo, Outlook.com, Zoho Mail, and more.
This extension is also an open-source product. It means you can use it to encrypt your emails for free. However, the paid options give you even more functionalities needed for corporate use.
Using Mailvelop is relatively easy. Just visit their site and download the add-on version compatible with your browser.
After that, click on the add-on’s icon to configure it. Enter your name and other details as asked and proceed with generating your PGP encryption key.
Once done, you can visit the “Display Keys” option under the “Key Management” tab to see your key. Click on it and move on to “Export” your “Public Key.”
You can now share this “Public Key” with others to let them send PGP encrypted emails to you. Whereas, you will have your own private key secretly stored at your end within the add-on.
Mailvelop has been kind enough to share a detailed tutorial about using the utility. You can click here to visit their detailed guide.
How to send encrypted emails on Android?
Unlike desktop email clients and Apple devices, Android doesn’t come with predefined encryption. Thus, you have the liberty to use either S/MIME or PGP/MIME, whichever suits you.
Moreover, you have got plenty of apps supporting email encryption on Android. Considering Android devices’ vulnerability to cyber threats, we highly recommend encrypting your emails on Android devices.
1. S/MIME encryption using CipherMail App
The easiest way to secure your emails on Android is by using the CipherMail Email Encryption app.
It works on top of your existing Android email app, offering S/MIME encryption.
Moreover, it also comes with a great deal of convenience to make your email communication more secure.
CipherMail can work with existing S/MIME clients, including Outlook and Thunderbird. Plus, it also works with Gmail on Android. Hence, if you face any trouble while applying encryption to Gmail, you can protect your email via your Android device.
Also, CipherMail lets you create self-signed certificates.
2. Using PGP/MIME encryption
Unlike S/MIME that requires a single app on Android, PGP/MIME setup is a bit more complicated. Yet, knowing that this one is safer than the former one, you may want to make this effort to enjoy secure email communication.
Setting up PGP/MIME on Android involves the use of a separate email app and a keychain for certificate storage. Thus, you need to install two apps here.
At first, you need to install the K-9 Mail app. It’s an open-source email app that allows encrypting emails with OpenPGP. Since it is open-source, you can use it to send free encrypted email messages from your Android.
After that, you can download and install the OpenKeychain app. It’s a dedicated Android app that applies PGP encryption to your messages. Again, it’s an open-source, free-to-use application.
Here, you may wonder why to install K-9 Mail when you have your own email client on Android, won’t you?
It’s because, as we stated above, PGP/MIME isn’t supported by many apps. Likewise, OpenKeychain also supports limited apps for encryption.
Therefore, for using PGP/MIME encryption on your Android emails, the combo of K-9 Mail and OpenKeychain is the most viable free option.
Setting up K-9 Mail and OpenKeychain
After you download both apps, open the OpenKeychain app, and tap on the “Keys” option. Then tap on “Create My Key” to generate your PGP key.
After that, open the K-9 Mail app on your device and complete the installation process.
Then, go to the “Account Settings,” find and tap the “Cryptography” option and select “OpenPGP.” Then choose “OpenKeychain” here to let the later integrate with your mail client.
Once done, you are all set to send PGP encrypted emails.
However, make sure that the receiver also uses PGP; otherwise, your emails won’t open at the other end.
Alternate methods to encrypt your emails
Although, you can apply encryption to your current email clients. But, setting them up is not always easy.
Besides, you get limited options to encrypt your emails the way you want.
To address these issues, several secure email services are now available. Some of them are even free to use.
Here we list some select secure email service providers that are suitable for everyone.
Feel free to go through our guide on the best secure email services to know more about them and alike.
Bonus tip: Use burner email addresses
As we mentioned in the earlier sections, email encryption only protects your messages from snoopers during transit.
Once the email reaches the destination server, it becomes possible (to an extent) for the service providers and other snoopers to get a hint of the message.
It means that you get around 90% security of your communication when using email encryption. Whereas, to achieve the remaining 10% protection as well, you need an alternate strategy, such as using Burner Email Addresses.
Burner emails, as the terminology hints, are a means of sending anonymous emails with complete anonymity. Through these services, you get fake email addresses for temporary usage.
These services may not be useful for long-term use. However, if you want to simply send a message to someone without disclosing your identity online, then these email addresses come in handy. Two classic examples of such services are ZMail and Guerrilla Mail.
Just like your private chats, your emails also deserve to be encrypted; in fact, they need it more. It’s because your emails often include data that you may not deem as necessary. But, from a hacker’s point of view, it’s a treasure trove.
Therefore, it’s your right, as well as your responsibility, to encrypt your emails and protect your privacy, be it about your personal or business emails.
That’s why we came up with this email encryption guide to let all of our readers secure their communication.
We hope that you will be able to identify the most suitable email encryption option(s) for yourselves after going through this article. Still, if you face difficulty or confusion at any point, feel free to share your concern with us via the comments section. Our team will revert to you at our earliest.
Stay safe, and enjoy your privacy!
About the author
Abeerah is a passionate technology blogger and cybersecurity enthusiast. She yearns to know everything about the latest technology developments. Specifically, she’s crazy about the three C’s; computing, cybersecurity, and communication. When she is not writing, she’s reading about the tech world.