A Definition of Email Encryption 

Email encryption involves encrypting, or disguising, the content of email messages in order to protect potentially  sensitive information from being read by anyone other than intended recipients. Email encryption often includes  authentication. 

Hackers use email to target victims and steal data, such as personal information like names, addresses, and login  credentials, then commit crimes like identity theft or identity fraud. Furthermore, most sent emails are encrypted  while the data is transmitted, but the information is stored in clear text, making the content readable by email  providers. Popular free-to-use email services typically do not provide end-to-end encryption, which means hackers  can easily intercept sent messages. 

As PC World points out, it’s not just those who may email sensitive information, such as Social Security numbers,  login credentials, or bank account numbers, who need to encrypt their email. Hackers who gain unauthorized  access to an email account can access attachments, content, and even hijack your entire email account. 

Email is a vulnerable medium, particularly when emails are sent over unsecured, or public, Wi-Fi networks. Even  emails sent within a secure company network can be intercepted by other users, including your login credentials.  Encryption renders the content of your emails unreadable as they travel from origin to destination, so even if  someone intercepts your messages, they can’t interpret the content. 

Email Encryption: What to Encrypt 

PC World points out three primary things you should encrypt: 

1. The connection from your email provider 

2. Your actual email messages 

3. Your stored, cached, or archived email messages 

Encrypting the connection prevents unauthorized users on the network from intercepting and capturing your login  credentials and any email messages you send or receive as they leave your email provider’s server and travel from  server to server around the Internet. 

Encrypting email messages before they’re sent means that even if a hacker or anyone other than the intended  recipient should intercept your email messages, they’re unreadable, and essentially useless. 

Finally, if you store backed-up email messages in an email client, such as Microsoft Outlook, hackers may gain  access despite password protection of your accounts and even your device. Email encryption ensures that even if  access is obtained, the content of your email messages is unreadable. 

Types of Email Encryption

Email encryption software typically uses three types of encryption formats. These include the following email  encryption types: 

Pretty Good Privacy (PGP) 

PGP is a security program that encrypts and decrypts email messages using digital signatures and file encryption  techniques. The software was released in 1991 and was one of the first free, publicly available public-key  cryptography solutions. PGP is now widely used to protect people and organizations, providing cryptographic  authentication and privacy to secure online communication, such as email and text messaging.  

PGP uses a combination of cryptography, data compression, symmetric and asymmetric key technology, and other  hashing techniques to encrypt data in motion. It also offers a take on the public key infrastructure (PKI) approach.  When a user sends a message using their public key, PGP encrypts the data and decrypts it when the recipient  unlocks it with their private key.  

Secure Multi-purpose Internet Mail Extension (S/MIME) 

S/MIME is an Internet Engineering Task Force (IETF) standard used to deliver public-key encryption and digital  signatures. It was developed by RSA Data Security and is now built into most modern email software services.  S/MIME provides similar functionality to PGP, but it requires users to obtain keys directly from a specific Certificate  Authority (CA). 

Transport Layer Security (TLS) 

TLS is a cryptographic protocol that succeeded the secure sockets layer (SSL). Also an IETF standard, TLS was first  introduced in 1999 and built on the original SSL specifications. It enables messages to pass over a computer  network securely and is commonly used for email and other communications formats like instant messaging and  Voice over Internet Protocol (VoIP).  

TLS aims to ensure data integrity and privacy between computer application communications. It runs in the  application layer and comprises the TLS record and TLS handshake protocols. 

A common form of TLS is STARTTLS, a command that upgrades plaintext messages to secure, encrypted  communications. STARTTLS requests encryption as emails are in transit, which means neither the sender nor the  recipient needs to take action to view the message. This approach is ideal for countering attack vectors like passive  monitoring but can leave organizations open to other threats like man-in-the-middle (MITM) attacks. 

What Email Encryption Does 

There are a variety of technology tools that can be used to encrypt email. A personal email certificate is one  method of protection that digitally signs your messages, reducing the amount of spam messages that can be sent  using your name and email account. This digital signature lets recipients know whether the messages they receive  were actually sent by you; spoofed email messages will not contain the digital signature, tipping recipients off that  the message may contain spam or malicious content. 

Email encryption relies on a Public Key Infrastructure or PKI, in most cases, a combination of a private key (known  only by you) and a public key (known only to those you choose to distribute it to or even made publicly available).  Those sending emails that they want to encrypt would use the public key, while the intended recipient would use 

the private key to decrypt those messages into a readable format. In the PKI model, anyone can use a public key to  encrypt email, but each encrypted message can only be decrypted by a unique private key. 

Best practices for email encryption include consistently encrypting all messages you send and receive. Encrypting  only email messages containing sensitive information raises a flag to hackers, pointing them directly to the  messages that are most likely to contain valuable, sensitive information – the very information you’re trying to  prevent outsiders from gaining access to in the first place. 

When you encrypt all email messages as a standard practice, hackers wishing to access your personal information  have a more substantial task in front of them. Decrypting email messages one-by-one in search of a single message  containing sensitive information is a daunting and tedious task that even the most dedicated hackers may feel is  not worth the effort.