A Definition of Email Encryption
Email encryption involves encrypting, or disguising, the content of email messages in order to protect potentially sensitive information from being read by anyone other than intended recipients. Email encryption often includes authentication.
Hackers use email to target victims and steal data, such as personal information like names, addresses, and login credentials, then commit crimes like identity theft or identity fraud. Furthermore, most sent emails are encrypted while the data is transmitted, but the information is stored in clear text, making the content readable by email providers. Popular free-to-use email services typically do not provide end-to-end encryption, which means hackers can easily intercept sent messages.
As PC World points out, it’s not just those who may email sensitive information, such as Social Security numbers, login credentials, or bank account numbers, who need to encrypt their email. Hackers who gain unauthorized access to an email account can access attachments, content, and even hijack your entire email account.
Email is a vulnerable medium, particularly when emails are sent over unsecured, or public, Wi-Fi networks. Even emails sent within a secure company network can be intercepted by other users, including your login credentials. Encryption renders the content of your emails unreadable as they travel from origin to destination, so even if someone intercepts your messages, they can’t interpret the content.
Email Encryption: What to Encrypt
PC World points out three primary things you should encrypt:
1. The connection from your email provider
2. Your actual email messages
3. Your stored, cached, or archived email messages
Encrypting the connection prevents unauthorized users on the network from intercepting and capturing your login credentials and any email messages you send or receive as they leave your email provider’s server and travel from server to server around the Internet.
Encrypting email messages before they’re sent means that even if a hacker or anyone other than the intended recipient should intercept your email messages, they’re unreadable, and essentially useless.
Finally, if you store backed-up email messages in an email client, such as Microsoft Outlook, hackers may gain access despite password protection of your accounts and even your device. Email encryption ensures that even if access is obtained, the content of your email messages is unreadable.
Types of Email Encryption
Email encryption software typically uses three types of encryption formats. These include the following email encryption types:
Pretty Good Privacy (PGP)
PGP is a security program that encrypts and decrypts email messages using digital signatures and file encryption techniques. The software was released in 1991 and was one of the first free, publicly available public-key cryptography solutions. PGP is now widely used to protect people and organizations, providing cryptographic authentication and privacy to secure online communication, such as email and text messaging.
PGP uses a combination of cryptography, data compression, symmetric and asymmetric key technology, and other hashing techniques to encrypt data in motion. It also offers a take on the public key infrastructure (PKI) approach. When a user sends a message using their public key, PGP encrypts the data and decrypts it when the recipient unlocks it with their private key.
Secure Multi-purpose Internet Mail Extension (S/MIME)
S/MIME is an Internet Engineering Task Force (IETF) standard used to deliver public-key encryption and digital signatures. It was developed by RSA Data Security and is now built into most modern email software services. S/MIME provides similar functionality to PGP, but it requires users to obtain keys directly from a specific Certificate Authority (CA).
Transport Layer Security (TLS)
TLS is a cryptographic protocol that succeeded the secure sockets layer (SSL). Also an IETF standard, TLS was first introduced in 1999 and built on the original SSL specifications. It enables messages to pass over a computer network securely and is commonly used for email and other communications formats like instant messaging and Voice over Internet Protocol (VoIP).
TLS aims to ensure data integrity and privacy between computer application communications. It runs in the application layer and comprises the TLS record and TLS handshake protocols.
A common form of TLS is STARTTLS, a command that upgrades plaintext messages to secure, encrypted communications. STARTTLS requests encryption as emails are in transit, which means neither the sender nor the recipient needs to take action to view the message. This approach is ideal for countering attack vectors like passive monitoring but can leave organizations open to other threats like man-in-the-middle (MITM) attacks.
What Email Encryption Does
There are a variety of technology tools that can be used to encrypt email. A personal email certificate is one method of protection that digitally signs your messages, reducing the amount of spam messages that can be sent using your name and email account. This digital signature lets recipients know whether the messages they receive were actually sent by you; spoofed email messages will not contain the digital signature, tipping recipients off that the message may contain spam or malicious content.
Email encryption relies on a Public Key Infrastructure or PKI, in most cases, a combination of a private key (known only by you) and a public key (known only to those you choose to distribute it to or even made publicly available). Those sending emails that they want to encrypt would use the public key, while the intended recipient would use
the private key to decrypt those messages into a readable format. In the PKI model, anyone can use a public key to encrypt email, but each encrypted message can only be decrypted by a unique private key.
Best practices for email encryption include consistently encrypting all messages you send and receive. Encrypting only email messages containing sensitive information raises a flag to hackers, pointing them directly to the messages that are most likely to contain valuable, sensitive information – the very information you’re trying to prevent outsiders from gaining access to in the first place.
When you encrypt all email messages as a standard practice, hackers wishing to access your personal information have a more substantial task in front of them. Decrypting email messages one-by-one in search of a single message containing sensitive information is a daunting and tedious task that even the most dedicated hackers may feel is not worth the effort.