Email encryption is a cybersecurity measure that prevents unintended recipients from reading your emails. In this guide, you will learn how to send encrypted email on three platforms.
How Email Encryption Works
An encrypted email is a jumbled up message that can only be read by the person holding the decryption key. Email encryption and decryption uses Public Key Infrastructure (PKI).
If your friend wants to send you an encrypted email, they can use the public key to encrypt the message before sending it. Since you are the only person holding the private key, nobody else but you can decrypt the message.
When you want to prove that you are the sender of a message, you will use your private key to digitally sign an email. When your recipient successfully decrypts the message, then they will know that the message was from you.
In the first half of 2019, 4.1 billion records were reportedly exposed. To prevent such data breaches, email encryption is an imperative safety measure.
Main Types of Email Encryption
The two main types of email encryption protocols are Secure/Multipurpose Internet Email Extensions (S/MIME) and Pretty Good Privacy/Multipurpose Internet Email Extensions (PGP/MIME). The first protocol depends on a centralized authority trust model while the second relies on decentralized authorities.
S/MIME is already built into large email service providers, such as Gmail and Outlook, while you need a third-party encryption tool to apply PGP/MIME.
Additionally, when you use the S/MIME protocol, the key code is created for you. However, the PGP/MIME allows users to create their own key codes.
Email service providers Yahoo and AOL support PGP/MIME.
How to Send Encrypted Email on Gmail
To use the S/MIME email encryption protocol on Gmail, both senders and receivers need to enable email encryption. This feature is only available to users with G Suite products like G Suite for Education, G Suite Enterprise for Education, and G Suite Enterprise.
Below are the steps you should take:
- Sign in to Google Admin Console using an administrator account
- Click Apps > G Suite > Gmail > User Settings
- Go to Organizations and choose the domain you want to configure
- Click the S/MIME setting and check the box for enabling S/MIME encryption
Google has provided optional steps for enabling S/MIME that you can consider browsing.
After enabling hosted S/MIME, reload your Gmail account. You will now note that the subject field has a lock icon. When your email is encrypted, this lock will appear green in color. Next, you need to upload the S/MIME end-user certificates. To do this, follow these steps:
- From your Gmail inbox, go to “Settings” then click on the “Accounts” tab
- Select “Send email as” then click “Edit info”
- Click “Upload a personal certificate”
- Next, open the certificate and enter the password then select “Add certificate”
Now, you can exchange keys by sending an encrypted message to your friend. The digital signature will have a public key that your friend can use to encrypt the emails they send to you.
Once you have shared the public key with recipients, you can send encrypted emails with ease. To do this, simply create a message as you normally would. Click the lock icon then the “View details” option to change the S/MIME settings if you want to. If you are okay with the level of encryption that Gmail displays as a green lock icon, you can send your S/MIME encrypted email.
Other encryption levels include the gray lock icon that means the email is protected with Transport Layer Security (TLS) and the red lock icon, which indicates that your email is not encrypted.
Email Encryption on Outlook
To send an encrypted email on Outlook, you need to first get the S/MIME certificate from your administrator and then install the S/MIME control.
Next, follow these instructions:
- Go to the gear menu and select S/MIME settings
- To encrypt all outgoing emails, choose “Encrypt content and attachments of all messages I send”
When sending a single encrypted email, simply compose your message then go to the “Options” tab and select “Encrypt” from the dropdown menu. Choose “Encrypt with S/MIME” and send your email.
Encrypting Emails on iOS
The S/MIME email encryption protocol is available by default on iOS devices. Here are the steps you should follow to encrypt an email:
- Go to “Advanced Settings” and turn S/MIME on
- Change “Encrypt by Default” to yes
- Write your email, then click the lock icon next to the recipient field to encrypt the email
- Hit “Send”
Several email service providers like ProtonMail also allow users to send free encrypted emails. Learn more about these providers in this guide on the top five free encrypted email services reviewed for 2020.