Email Encryption: How It Works and Strengthens Your Security

Estimated reading time: 15 minutes

Encryption’s Role in Email Security

It’s hard to imagine any business process today without email because it’s deeply involved in almost all workflow stages of organizations and ordinary users. Effective communication in every industry requires that messages are delivered on time, without falsification or failure, and to the intended recipient.

However, with the increasing amount of cyber threats and data breaches, email requires special attention in terms of security. Without proper email security solutions, today’s hackers can easily access your email data and attachments. That is why in this article, we will explore the key role of encryption in protecting emails from malicious actors and intruders.

What Is Email Encryption?

Email encryption refers to the sophisticated process of encoding or scrambling the contents of an email message, with any attachments, to keep it from being unauthorized or intercepted by third parties. It works by converting the original message into an unreadable format in the form of ciphertext, which can only be decrypted and further read by a person who has the appropriate decryption key.

Why Do You Need to Encrypt Emails?

With 35,900,145,035 known records breached so far in 9,478 publicly disclosed incidents according to IT Governance statistics of 2024, the importance of email encryption cannot be overstated. Encrypting messages helps protect confidential information from unauthorized access, reducing the risk of data leaks.

Given the staggering number of attacks, implementing strong email encryption protocols is a critical step in protecting personal and organizational data. Finally, encryption is an important element of email security that can affect the sender’s reputation and deliverability.

Which Emails Need to Be Encrypted?

When you encrypt emails, it’s important to encrypt all of them, not just those containing sensitive information. Encrypting only selected emails can make your inbox more vulnerable, as hackers will know exactly which emails they target. Encrypting all messages makes it harder for attackers to access valuable data.

For effective email security, three things should be encrypted: the connection to your email provider, the actual emails, and stored, cached, or archived email messages. If the connection between your email provider and your device is not encrypted, other network users can easily intercept your login credentials and messages. This risk is higher on public networks, but it can also occur on private networks.

Email messages are vulnerable because they travel over the Internet and can be intercepted. Encryption makes them unreadable until they are received by the recipient.

Saved or backed-up email messages on your device may be accessible to thieves or snoops, even if they are password-protected. Therefore, encryption keeps these messages unreadable to intruders.

Are There Laws Requiring Email Encryption?

Absolutely, there are several important email marketing laws and regulations that require email encryption, especially if they contain sensitive information. They are primarily aimed at protecting personal data and ensuring privacy and security. Here are some of the key requirements:

HIPAA (Health Insurance Portability and Accountability Act)

In the United States, HIPAA requires healthcare providers and their business associates to implement safeguards, including encryption, to protect the confidentiality and integrity of electronic protected health information (ePHI).

GDPR (General Data Protection Regulation)

In the European Union, GDPR mandates that organizations protect the personal data of EU citizens. While it does not explicitly require encryption, it strongly recommends encryption as a means to protect data, especially when it is being transmitted.

PCI DSS (Payment Card Industry Data Security Standard)

It focuses on securing credit card information. If emails contain payment data, they must comply with PCI DSS encryption requirements to protect cardholder data. Any message containing credit card information must be properly encrypted to meet its standards.

FERPA (Family Educational Rights and Privacy Act)

It mandates that educational institutions in the United States protect the confidentiality of student education records. Although encryption for student data is not explicitly required, schools are obligated to take all necessary measures to protect this information. Therefore, encryption is strongly recommended, especially for email communications, to ensure that strong data protection standards are met.

State Laws

Various U.S. states have their own data protection laws that may require encryption of personal information, such as the California Consumer Privacy Act (CCPA) and the New York SHIELD Act.

Data protection laws generally require organizations to take reasonable and appropriate measures to prevent unauthorized access to personal data. This information security requirement is based on the premise that data protection efforts should be commensurate with the level of threat and the organization’s resources. Most laws do not explicitly require email encryption but often mention the importance of encryption as a critical measure for enhancing data security.

Types of Email Encryption

There are two main types of email encryption protocols:

Transport Layer Security (TLS)

This is a protocol that provides secure communication between email servers. It encrypts the transmission of emails while they are being sent between servers, protecting them from eavesdropping and tampering during transit. However, when the email arrives in the recipient’s inbox, TLS encryption usually does not extend to protecting the content of the email.

End-to-End Encryption

This protocol provides the highest level of security by encrypting the content of the email on the sender’s side and keeping it encrypted until it is decrypted by the recipient. This means that intermediaries, including email service providers, cannot access the content of the email.

Popular End-to-End Encryption protocols include S/MIME and PGP. Both methods work by exchanging user keys, which means that the sender and the recipient have a public and private key to encrypt and decrypt messages. Let’s take a closer look at each type.

S/MIME (Secure/Multipurpose Internet Mail Extension) is integrated into most iOS devices and depends on a centralized authority to select an encryption algorithm, issue certificates for encryption, and verify email messages.

This protocol is most commonly used for industrial or commercial use, as it comes by default in major web-based email clients such as Gmail and Outlook, and can protect both plain text messages and attachments.

PGP (Pretty Good Privacy) is based on a decentralized trust model and was originally developed to address the security concerns of plain text messages. This type uses a combination of symmetric and asymmetric encryption to protect emails. PGP gives you more flexibility and control over how strongly you want your emails encrypted, but it also requires using third-party encryption software installed for exchanging public keys.

It comes in two implementations: PGP/MIME and Inline PGP. PGP/MIME handles the entire email, including attachments, providing comprehensive encryption and signature. Inline PGP, on the other hand, means a plain text email containing a PGP message and ignores attachments, which are not signed or encrypted and need to be handled separately.

PGP is mostly common for personal or organizational use and supports Android devices. You can also use it in a VPN, while S/MIME cannot.

How Email Encryption Works

As we covered before, email encryption works by using cryptographic algorithms and keys to scramble the contents of an email message, making it unreadable to anyone except the intended recipient(s) who possess the decryption key.

If you only rely on your email password as a standard method of protection, it only prevents access to your mailbox, but it won’t prevent someone from intercepting your important messages in transit or on the recipient’s side. Encryption is the only reliable way to protect your information.

Here’s a simple explanation of how email encryption works in general:

1. Key Generation: Cryptographic keys (public and private) are generated for encryption and decryption.
2. Encryption: The sender uses the recipient’s public key to encrypt the message and attachments.
3. Transmission: The encrypted email is sent over the Internet, safe from interception.
4. Decryption: The recipient uses their private key to decrypt this email back into plain text.
5. Digital Signatures: Optionally, the sender can use their private key to digitally sign the email for authenticity and integrity.

How to Encrypt Emails and Send Them Securely?

The procedure of encrypting an email may seem complicated, but most of the most common email clients and services already have an encryption feature built in for their users. Even if it’s not built-in, if you follow the instructions, you can easily encrypt your email yourself in a matter of minutes.

Here are simple and quick instructions on how to encrypt your emails in the most popular email clients:

How to Encrypt Emails in Gmail

Gmail supports email encryption through S/MIME, which is already integrated into Google Workspace accounts.

Follow this step-by-step tutorial with screenshots on how to set up email encryption Gmail:

• Activate hosted S/MIME in your Google Workspace administrator account following these instructions:

• Open your Admin console:

• Navigate to Menu > Apps > Google Workspace > Gmail > User settings:

• On the left side, under Organizations, select the domain or organization you want to configure. Scroll down to the S/MIME setting and select the box labeled Enable S/MIME encryption for sending and receiving emails:

Important: To use advanced S/MIME controls for uploading and managing root certificates, ensure S/MIME is enabled at the top-level organization, typically your domain.

• Go to Gmail and manually upload the S/MIME certificate. Click on the gear icon All Settings > Accounts > Send mail as > Edit info and configure email encryption for this email address.
• Click on Upload a personal certificate:

• Choose the certificate and enter your password:

• Go to Enhanced Encryption (S/MIME) > Use this certificate:

• Compose your email message as usual.
• Set the encryption level by clicking the lock icon next to the recipient’s email address:

• Adjust settings by clicking “View details” to modify S/MIME settings or select the encryption level.

Notes: Green indicates S/MIME encryption, requiring a private key for decryption.

Gray signifies that the email is protected by TLS. This applies only if both parties have TLS.

Red means no encryption. Opt for green to protect your communication in Gmail.

How to Encrypt Emails in Outlook

Outlook also supports the S/MIME protocol, however, it requires additional configuration.

Here’s a step-by-step tutorial with screenshots on how to set up email encryption in Outlook/Office365 using the Edge web browser:

• Turn on S/MIME encryption and follow the Office’s instructions for setting up encryption.
• You need to obtain a certificate and upload its file via the website by clicking on Install S/MIME control:

Tip: Here you can find detailed instructions with video and step-by-step screenshots on how to install an S/MIME certificate and send secure email with Outlook.

• When you have installed the S/MIME control, you can choose whether to encrypt the contents and attachments of all messages or to digitally sign all sent messages.
• To add or remove digital encryption from an individual message you’re composing, navigate to New mail:

• Go to the top of the message and open the extended menu > Message options > More options:

• Check or uncheck Encrypt this message or Digitally sign it by going to the menu and selecting S/MIME settings:

• You can select or unselect the Encrypt this message (S/MIME) checkbox, as ifthe recipient of your email does not have S/MIME enabled, you should uncheck the box, otherwise, they won’t be able to read your message.
• Before sending your message, ensure that the following checkboxes are selected:

How to Encrypt Emails On IOS

Apple’s iOS devices also have built-in S/MIME support by default. Here’s where you can find it:

1. Head to Settings and tap Mail.
2. Choose Accounts.
3. Tap on the email account you want to encrypt.
4. Go to Advanced and change Encrypt by default to Yes.
5. As you create a message, a lock icon appears next to the recipient. Press the lock icon to close it to encrypt the message.

Caution: If the lock is blue, the message can be encrypted. If the lock is red, your recipient must have S/MIME settings enabled.

Here are step-by-step screenshots of how to set up email encryption in IOS:

Email Encryption on Other Platforms

Other platforms do not have the S/MIME protocol built in, so to encrypt your Yahoo, AOL, Android, or other email account, you will need to look for a third-party solution that implements the S/MIME or PGP/MIME protocol.

FAQ