How can I send secure email? Email encryption is the process of scrambling or disguising the contents of email messages to keep them secure from unauthorized access. When emails are encrypted, only the intended recipient can decrypt and read the email by unlocking the scrambling using a secret key.
Encryption protects sensitive personal information transmitted by email that could lead to identity theft or fraud if intercepted. This includes data like:
- Social Security numbers
- Passwords and login credentials
- Bank and financial account details
- Medical records or treatments
- Confidential business communications
It’s important to encrypt all emails consistently rather than only emails known to contain sensitive data. Targeted encryption diminishes security overall. When some emails are clearly marked encrypted, it signals to hackers which emails likely hold valuable data to focus attacks on. Encrypting nearly all communication better hides critical transmissions.
In this guide, we’ll explain best practices for implementing email encryption across some of the most widely used email platforms and providers, including Gmail, Outlook, Yahoo Mail, and Apple Mail. Follow our recommendations to make your inbox more secure.
The key tips across providers include using available encryption plugins and extensions, enabling two-factor authentication for accounts, signing emails using digital signatures to verify authenticity, and employing industry-standard encryption protocols like OpenPGP or S/MIME to scramble messages prior to transit. Apply these steps consistently to best shield your important digital communications from prying eyes.
What Is Email Encryption?
Email encryption works by scrambling or “encrypting” message contents into an unreadable cipher text that disguises confidential data as it travels insecurely over networks or remote servers. Encryption relies on public key infrastructure (PKI) and cryptography to allow only intended recipients to decode or “decrypt” the message using private keys only they possess.
Specifically, public-private key pairs are used to encrypt and decrypt messages between parties:
Public Key – Can be openly shared and is used by the sender to encrypt messages before transmission. Published on key directories.
Private Key – Kept secret by the recipient and stored locally to allow deciphering received messages using their exclusive private key.
This paired mechanism also affords additional security functions through the PKI framework like:
- Digital signatures verifying authenticity
- Integrity checks confirming messages are unmodified
When properly implemented using industry standard algorithms, email encryption ensures only recipients you designate can decrypt and read your most sensitive and confidential messages, keeping them secured from any unauthorized access in transit or storage using high-strength cryptography.
Why Is Email Encryption Important?
Email encryption is extremely important for protecting the confidentiality and privacy of sensitive communications transmitted digitally. Without encryption safeguards, critical personal and organizational data sent over email risks potential exposure to sophisticated hackers.
Unencrypted emails traverse multiple servers over the public internet, allowing possible interception at many points that could lead to compromised information, identity theft, or reputational damage. Government agencies also conduct broad surveillance programs that can sweep up unprotected email content.
Encrypted emails remain scrambled and impossible to decipher even if intercepted illegally during transmission or storage. Encryption also verifies integrity by detecting unauthorized tampering attempts. These vital privacy and security assurances make sensitive communications via email channels possible, across areas like healthcare, legal affairs, corporate dealings, financial transactions, proprietary research, trade secrets, and personal life details exchanged digitally. By learning how to implement email encryption properly, individuals and organizations can confidently embrace email’s convenience while minimizing risk.
Types of Email Encryption Common Used
There are two predominant standards used for encrypting email communications – S/MIME and PGP/MIME. Understanding the core differences allows selecting the right model for your needs.
S/MIME (Secure/Multipurpose Internet Mail Extensions)
- Relies on certificate authority for centralized key management
- Built into most major email services like Gmail and Exchange
- Enables encrypting message body and attachments
- commonly used in corporate environments
- Seamless integration with email workflows
- Encryption process not fully visible or customizable
PGP/MIME (Pretty Good Privacy/MIME)
- Uses decentralized web of trust for key distribution
- Requires installing separate PGP software tool
- User has more control over encryption ciphers and processes
- Popular for personal and small team communications
- Enables fine-tuned encryption options per message
- Encrypts subject lines as well for added security
- Higher learning curve for configuration
So in summary – S/MIME simplifies encryption by building it into email providers directly, while PGP handles more customized implementations but requires separate software installation. Consider usage, control needs, and team size when deciding between the two popular standards.
How to Encrypt Emails in Gmail?
So, how to send an email encrypted? Gmail has built-in support for S/MIME email encryption. However, both the sender and recipient need to have S/MIME properly configured in Gmail for encrypted messaging to work. Here are the steps to start encrypting emails using S/MIME security in Gmail:
- Enable S/MIME in Your Gmail Account
Go to your Gmail account settings and navigate to the “Accounts and Import” tab. Under “Send mail as”, click on the highlighted sending address to open a new menu. Check the box for “Secured and encrypted S/MIME protocol” and save the changes.
- Compose an Email in Gmail
Write your email in Gmail as normal. When finished, click the “Send” button which will now trigger the encryption process.
- Select Encryption Keys and Options
A window will appear allowing you to pick encryption keys and set security options. Make choices here for encrypting with the recipient’s public key, signing with your private key, etc.
- Recognize Encryption Indicators
Once sent, encrypted emails will display a closed padlock icon in the sent mailbox. Click the icon to see details:
Green padlock – Fully S/MIME encrypted message Grey padlock – Partial TLS encryption used Red X padlock – No encryption enabled
Following those steps allows leveraging S/MIME encryption for your Gmail messages to improve email security. Confirm the recipient also has Gmail S/MIME enabled to exchange encrypted communications.
How to Encrypt Emails in Outlook?
Outlook’s built-in email encryption relies on the S/MIME protocol. To start encrypting Outlook communications, first ensure S/MIME is properly set up:
- Acquire S/MIME Certificate for Outlook
Obtain a personal S/MIME certificate file (.pfx extension) from your organization’s IT administrator or public certificate authority to install for Outlook email signing and encryption.
- Install S/MIME Control for Certificate Management
Download and install the S/MIME control for managing your S/MIME certificates within Outlook. This extends functionality. Follow Microsoft’s guide if needed.
- Set Default S/MIME Behavior
Once configured, go to Options > Trust Center > Email Security to set default encryption behavior like encrypting all outgoing mail.
Additionally, toggle per-message encryption via the ribbon menu:
- Encrypted icons confirm S/MIME status
- Context menu to encrypt/decrypt specific messages
- Warning shown if recipient certificate not available
By getting a verified personal certificate and enabling Outlook’s built-in S/MIME controls, you can start to selectively or universally encrypt email for better privacy and security. Confirm recipients also support decoding for delivery.
How to Encrypt Emails in Yahoo?
Unlike Gmail and Outlook, Yahoo Mail does not support built-in email encryption. To send encrypted messages from your Yahoo account, you’ll need to install a third-party encryption plugin.
One reliable provider is Mailvelope. Here are steps to get started using Mailvelope’s browser extension to encrypt Yahoo Mail:
- Install Mailvelope Go to the Mailvelope website and install their browser plugin. It’s available for Chrome, Firefox, and others. Restart your browser after installing.
- Compose an Email in Yahoo Mail Log into Yahoo Mail to start a new message. You should see the Mailvelope icon now displayed.
- Encrypt the Message Using Mailvelope Before sending, click the Mailvelope icon and select “Encrypt” to lock down your message content and attachments.
- Mailvelope Handles Encrypted Delivery Finish addressing your recipients as normal in Yahoo. Mailvelope will detect the encryption and process secure transport behind the scenes when you send.
The recipient will require Mailvelope as well for decoding your message. But it provides reliable OpenPGP email encryption even on services like Yahoo that lack native support. This pattern works for other plugins like Virtru too.
How to Encrypt Emails on iOS?
How can I send an encrypted email on iPhone? Apple’s iOS Mail app includes integrated support for S/MIME email encryption. To enable it as the default for your mail account on an iPhone or iPad:
- Open Settings > Mail
- Select Accounts and choose your email account
- Tap Account > Advanced
- Turn on “Encrypt Outgoing Mail”
- Select whether to Always or Ask Before Encrypting
Now when composing emails from that account within the iOS Mail app:
- You’ll see a padlock icon next to recipient names
- Tap the icon to confirm encryption is enabled
- Padlock will show as closed to signify messages are secured
The recipient email service also requires S/MIME support to decrypt your encrypted messages successfully. But by toggling the default settings in Account Advanced, you can ensure your iPhone or iPad Mail app automatically encrypts sent mail end-to-end for added privacy when communicating between supported mail platforms.