What Is Email Encryption? How to Encrypt Email

We often send personal and business information through email. However, by default, email protocols have no built-in encryption. Therefore, learning how to send encrypted emails to protect your information is crucial. In this article, learn what email encryption is, various encryption protocols - like PGP and S/MIME - and how to encrypt email on major email servers.

What is email encryption?

Email messages aren't secure by default. For this reason, email is sometimes a vulnerable medium, especially when messages are sent over public or unsecured WiFi networks.

Therefore, email encryption is crucial. Email encryption is the process of securing the contents of your email messages to prevent others from viewing or altering them. It ensures that only the intended recipient can access what you send. The goal of encryption is to protect sensitive information from getting into the wrong hands.

Furthermore, data breaches and other security incidents can uncover emails sent years ago. Even if the message isn't current, encrypting emails has great importance when it comes to data security. Sensitive information such as login credentials, credit card numbers, Social Security numbers, medical records, and confidential business documents are vulnerable to attacks when sent via email.

Email encryption graphic

How does email encryption work?

Email encryption uses cryptography to convert information into code, preventing unauthorized access. It encodes the email using sets of cryptographic keys to convert the message into a format unreadable to everyone except the person who has the other key. These cryptographic keys, or Public Key Infrastructure (PKI), uses a public key and a private key. The email's sender uses the public key while the receiver uses the private key to decrypt messages into a readable format.

Through this method, anyone can use a public key to encrypt emails, but only select people with private keys can decrypt encrypted emails and reveal the information contained in the messages.

Senders and recipients use these keys to encrypt and decrypt messages through two approaches: symmetric encryption and asymmetric encryption.

  • Symmetric encryption uses a single key to encrypt and decrypt messages. The key is shared between the sender and the recipient, and both parties need to share the same encryption key in order to securely exchange encrypted emails. While this method is efficient, sharing the encryption key itself can present challenges.
  • Asymmetric encryption uses a pair of two separate keys: a public key and a private key. The sender shares the public key and uses it for encryption, and the recipient keeps the private key secure to use for decryption. This method eliminates the need for sharing a common key, which makes the process both more manageable and more secure.

What is encrypted mail?

Encrypted mail is the type of email that is protected from unauthorized access. Traditional email services transmit messages in plain text, meaning anyone with access to the network or server could easily read them. Encrypted mail, however, has gone through the email encryption process. Its contents convert to a code or cipher that renders it unreadable to any unauthorized recipients.

How to encrypt email

Encrypting your emails isn't difficult; you can set up an encryption protocol on your current mailbox or opt for an end-to-end encrypted email service. Either way, your emails will send safely. Find instructions below for encrypting emails on popular servers like Outlook and Gmail.

How to encrypt email in Outlook

Outlook has S/MIME built into its app. Therefore, this allows users to encrypt emails with specific keys. However, you need to enable S/MIME for Outlook if you want to use it. If you're a Microsoft 365 subscriber, follow these steps:

  1. Open Outlook in your app or web browser and compose a new message.
  2. Click Options.
  3. Choose Encrypt.
  4. Select to encrypt with S/MIME.
  5. Click Send to send your encrypted message.

When you open an encrypted message in outlook, you'll receive the same secure email message with its original contents.

How to encrypt emails in Gmail

Gmail is compatible with S/MIME protocol. To protect your email in your Gmail account, follow these steps:

  1. Log in to your Google account and go to your Settings.
  2. Start a new email.
  3. Check and click on the lock icon, which appears to the right of the recipients' names.
  4. Click View Details and then change the S/MIME settings from here.

When adjusting the S/MIME settings, note the three color codes that Gmail uses, as each means something different.

  • Green means S/MIME encryption protects your content.
  • Gray means TLS encryption protects your content.
  • Red means that your email does not have encryption security.

How to encrypt email in iCloud

iOS devices support S/MIME, so you can send encrypted email messages from any iCloud email account. To enable message encryption with iCloud, follow these steps:

  1. Open the Settings app.
  2. Choose Mail > Accounts.
  3. Select the account that has messages you want to encrypt by default.
  4. Select Account and then choose Advanced.
  5. Then, choose Encrypt by Default and turn it in.

Note that when you reply to or forward a message, the encryption state of your message will match the state of the incoming message. With these settings, however, you can send encrypted messages.

Types of email encryption protocols

There are several protocols used for encrypting emails today, such as PGP and TSL. Below, learn more about each to gain a better understanding of which email encryption method might best suit your needs.

Pretty Good Privacy (PGP)

Pretty Good Privacy, or PGP encryption, is an email encryption program used to secure messages. Typically, PGP protocol uses public key cryptography and private key cryptography.

Pretty Good Privacy:

  • is compatible with most email services
  • offers digital signatures to prove the authenticity of messages
  • requires third party software to encrypt and decrypt emails
  • uses the combination of symmetric and asymmetric encryption to protect emails

PGP works by first encrypting the email message using symmetric encryption. Then, the symmetric encryption key is secured using the recipient's public key. The encrypted message and the encrypted symmetric key are sent to the recipient.

The recipient then uses their private key to decrypt the symmetric key, which is subsequently used to decrypt the actual email message.

PGP is used by a variety of organizations and businesses. It's a good choice for individuals or companies seeking enhanced email protection.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Secure/Multipurpose Internet Mail Extensions, or S/MIME, is another commonly-used email encryption protocol available. It enables email clients, like Outlook, to encrypt and decrypt emails seamlessly.

Secure/Multipurpose Internet Mail Extensions:

  • builds into many mobile devices and webmail platforms
  • authenticates email messages by offering digital signatures
  • is widely supported by email providers
  • employs digital certificates to authenticate messages

S/MIME enables users to digitally sign emails, thereby providing means to authenticate the sender's identity. Aside from that, it verifies that your content is secure and not tampered with during transmission.

Transport Layer Security (TLS)

Email providers such as Google and Microsoft use Transport Layer Security to secure email while it's in transit. As a successor to the Secure Sockets Layer (SSL) protocol, Transport Layer Security protects the confidentiality, integrity, and authenticity of data sent over a network.

TLS protocol works by encrypting the data before it goes over a network. In addition to emailing, other TLS applications include file sharing and web browsing.

Transport Layer Security:

  • secures SMTP and IMAP connections
  • works with any email server that supports encryption, regardless of if the server uses different protocols
  • has email provider support

There are a number of different TLS implementations available; choose the one that best suits your needs.

Secure SMTP Transport Layer Security (STARTTLS)

STARTTLS, or Secure SMTP Transport Layer Security, is a protocol that tells an email server to initiate a TLS connection. It allows email clients to upgrade an existing, unencrypted connection to a secure one using Transport Layer Security.

The software is an extension of the SMTP protocol and therefore requires no changes to underlying SMTP infrastructure.

Secure SMTP Transport Layer Security:

  • works with major email clients and servers
  • ensures a secure way to exchange email messages using TLS
  • is easy to use once enabled in email server settings

When users enable STARTTLS, the email client first establishes an unencrypted connection. The email client then sends a STARTTLS command to the server indicating what the client wants to upgrade the connection to a secure one. If the server supports STARTTLS, it will respond with a 250 OK code, which results in a more upgraded and secure connection.

Benefits of email encryption

Emails help improve efficiency in a workplace, but they also present a danger if data security isn't a top priority. Encrypting your emails offers many benefits.

  • Data privacy and security. Email encryption boasts privacy and security for users. By encrypting email content, your valuable information remains inaccessible to outsiders. The fact that only the intended recipient can decrypt messages means hackers can't get ahold of your data, mitigating the risk of identity theft and data breaches.
  • Authentication and verification. Popular email encryption protocols, like PGP and S/MIME, offer digital signatures to prove the authenticity of messages before sending them. Encryption provides additional verification methods that protect your messages.
  • Communication protection. Encryption protects against email spoofing and other fraudulent activities.
  • Regulatory compliance. Email encryption also plays a vital role in regulatory compliance by ensuring that secure information - such as in finance and healthcare industries - transmits according to field regulations. Encryption helps organizations meet requirements like HIPAA or GDPR.

Ultimately, email encryption helps protect all users, whether they're individuals or a large organization.

Frequently asked questions

Does Google Workspace have email encryption?

Yes, Google Workspace uses the most advanced cryptographic standards to encrypt all data in transit.

What are the best email encryption services?

There are a number of excellent email encryption services available, but some of the best include ProtonMail, Ciphermail, Virtru, Mailvelope, Startmail, Enlocked, and Send 2.0.

What is the best encryption standard for emails?

End-to-end encryption (E2EE) is the best encryption. It encrypts emails so that only the sender and recipient can read them.

Can I encrypt an email in Gmail?

Yes, you can encrypt emails in Gmail. Gmail supports S/MIME encryption, which then allows you to send encrypted emails.

Do emails get encrypted by default?

No, emails do not get encrypted by default on major email servers. Because of this, the content can be intercepted during transition. However, you can enable email encryption on email servers in order to encrypt your messages and improve your email security moving forward.