Email messaging is one of the oldest and simplest ways of communication via the Internet. Even nowadays, emails are still important for everyday use of computers. Oftentimes you will use an email for sending sensitive data like your banking details, medical documents, or business information over an email. For your safety, such emails should always be encrypted.
With that in mind, a question arises – how do you encrypt and send a secure email? Do you need to be a geek to accomplish this task?
In this article, we are going to discuss several best methods to send a protected email message. We’ll explain how to protect both email’s body and attachment.
Let’s begin with a short preface on why you want to send an encrypted email, and what type of emails absolutely must be encrypted.
Why do you want to encrypt an email?
Let’s start with a simple example of Gmail. Most of us are absolutely confident when it comes to choosing the email service provider. In 99% of cases – if you want to create an email account – you will go straight to Google and get a Gmail. Google is well-known and is omnipresent. That’s why most people create their first email address at Gmail.
Having that said, Gmail has its cons even though you may be tempted to use this free and simple email service. Let’s see why using a pure Gmail account is unsafe.
Google scans emails for Ad Targeting
Gmail is not an anonymous email provider. First of all – Google will run some AI algorithms on your email messages from time to time. This is done for sake of marketing and advertising. Don’t be surprised when you start seeing a lot of commercials of a product that you mentioned in one of your emails.
Gmail is a source of ad revenue for Google and they will make everything possible to increase their profits by using your data.
Sure thing, Google employees can’t read your emails (well at least we hope they don’t), but still, their algorithms are going to process your messages and extract certain parts of your personal data.
For most of us, the above example can be a little annoying, but not very damaging. However, there are other more severe consequences of not having your private emails encrypted.
Hackers can read your email
Let’s assume you’ve decided to send some banking account credentials to a trusted person. Most likely you will assume that email messages are more suited for such secret information in contrast to any type of messenger (Facebook, WhatsApp, Snapchat, Telegram, etc.). To some extent – your assumptions are correct. Many banking institutions, medical facilities, and a lot of big IT companies rely on email service when sending confidential data.
Now there is a problem with emails. Let’s say you are using a non-protected email client or web-based email software like Gmail. This means – all your messages can be accessed by online thieves and other Internet scammers. This scenario is likely to happen if you don’t take action and scramble your email message so it becomes completely unintelligible for anyone who doesn’t have a key.
What types of emails need to be secured?
Ok, so you’ve seen some examples of critical data that needs to be encrypted before sending it via email. But, what types of messages should be encrypted?
Whenever you run the email encryption task on your computer, you will have to spend your CPU’s cycles. Encryption is more or less time-consuming depending on the size of your email and the encryption algorithm you choose. Besides that, some manual work is required when you decide to encrypt and decrypt a message by yourself. Also, both you and your email conversation companion will have to install the encryption/decryption key-pair on your computers.
So, do you absolutely need to encrypt each and every email you send? Not really. Below we will provide a bunch of examples of email types that you must and must not encrypt.
Examples of messages that must be encrypted:
- banking details (credit card numbers, passwords, banking account number, etc.)
- your company’s income or financial plans
- confidential business data (business plans, strategies, marketing campaigns)
- medical documents (prescriptions, lab tests, diagnosis, etc.)
- IRS documents (taxes, etc.)
- rest of critical confidential information
Examples of messages that are fine to stay non-encrypted:
- marketing emails to your clients (otherwise they wouldn’t be able to read them)
- informal emails (with your friends, relatives, etc.)
- other noncritical emails
As you have noticed, there is quite a lot of examples of emails that absolutely must be encrypted. Basically, all the data that you deem confidential or secret – must get encrypted prior to emailing it.
Depending on your everyday activities, your job, and other factors, you may need to be sending confidential emails more or less frequently. Feel free to use the examples above to decide whether you need or not to cipher your email.
Now, let’s talk about some of the best ways to secure your email message.
What are the ways to encrypt an email message?
There are multiple ways of how you can send a secure email. It all depends on an email service provider, email client software, and your skills in computer security. Based on all these factors and also whether you want to encrypt a body or an attachment of an email, you are going to want to use one or more techniques from this section.
Some email clients like Office 365’s Outlook contain a built-in email encryption feature. This is going to work if you are using an email client application. However, this may not work when using a different email client app or an online email messenger.
No matter how you access your email account you can always encrypt your messages. The only difference is the complexity of the encryption process. The best way is to always use an email client when possible.
Let’s take a look at how to secure an email using different methods.
Microsoft Office 365 Outlook built-in encryption
If you are a subscriber of Microsoft Office 365 – you are lucky to have a built-in email security feature inside the Outlook email client.
All you need to do is to choose “Encrypt” in the toolbar when composing your message. Microsoft will take care of the encryption and decryption process.
Office 365 not only allows for simple encryption. You can also choose a custom restriction like “Do Not Forward”, or “Confidential” to further protect your email message.
If you don’t want to use Office 365’s encryption, but still want an easy way to protect your emails when sending them via this client, you can also encrypt an email with S/MIME method. For this – you will have to go to Office 365’s settings and configure your computer’s certificates you want to use with this email program.
In case you are using an older version of Outlook, prior to Office 365, you can still encrypt your messages with the “Encrypt message contents and attachments” option that you can enable when composing a message. You can force all your messages to always be encrypted by enabling the “Encrypt contents and attachments for outgoing messages” setting.
For more information, visit Microsoft’s Outlook email encryption guide.
PGP email encryption using any GPG application
PGP stands for Pretty Good Privacy. It’s an encryption algorithm that was created in 1991 and is still widely used. It allows encrypting not just email messages, but also files, folders, and disk partitions.
If you are not using any email client, but still want to be able to encrypt your email message body – this method will work for any email service.
In fact, this method is the most secure as you are actually encrypting your email message prior to feeding its contents to an email service provider. However, this method is the most complex if you are not tech-savvy.
First, you need to install a GPG application on your computer. This can be a command-line or GUI software. Here are some recommended GPG programs:
- for Windows – you can use Gpg4win – it’s free software, and can be installed in just a few mouse clicks
- if you’re using Linux – GnuPG is the most used GPG tool
- for macOS, you can either use a GPG Suite or the same GnuPG package as for Linux, because it works for all Unix systems
GUI GPG programs are very simple to use even if you are not a seasoned system administrator. Using the GnuPG is a little bit more complex. However, you can follow the guide below to create your keys and encrypt your email messages.
How to use a GnuPG command-line tool?
To create your new primary key pair, use this command:
gpg --full-generate-key
After creating a key pair that consists of private and public keys, you will need to exchange the public keys with your email communication partner (that person needs to follow the same guide).
Here is the command to export your public key:
gpg --armor --output pubkey.gpg --export [email protected]
The public key is important when you want someone to encrypt a message for you. They can use this key only for encryption. The decryption procedure requires a private key that you keep on your computer. You’ll just need to send this public key pubkey.gpg to someone else so they will be able to encrypt their message for you.
After your email partner has created a new key pair same as you, they will need to send you their public key that you will need to import with the following command:
gpg --import pubkey.gpg
Now you can start encrypting your emails prior to sending them to a person that gave you this public key. That person will then use a corresponding private key to decrypt your messages.
In order to encrypt your message, you will need to write it to a file and then you need to pass this file to a GPG program and specify the encryption key pair to use:
gpg --output encrpteddoc.gpg --encrypt --sign --armor --recipient [email protected] -recipient [email protected] nonencrypteddoc.txt
In the example above, nonencrypteddoc.txt will get encrypted and stored into a new file called encrpteddoc.gpg. GnuPG will use your default keypair to encrypt a message. Now you’ll just need to copy the encrypted file’s content and email it to someone.
When your receiver responds with an encrypted message, you can use the following command to decrypt it:
gpg --output decrpteddoc --decrypt doctodecr.gpg
In the last example above, we assume that you’ve copy-pasted the contents of an encrypted message sent to you into a file called doctodecr.gpg. In fact, you can call the file whatever you like, as long as the file name in the decryption command matches the encrypted file name.
Browser plugin to encrypt your email when composing it
This method works with every email provider and is also much easier than encrypting an email locally. The good news is this method is also based on the PGP approach so you are getting the same level of encryption by using a simple browser extension. Some extensions are also powered by S/MIME method similar to Office 365.
When using a browser plugin you will usually get a special button added to your email message composition page. It works fine for most providers including Gmail. When clicking the button added by an extension, you will have the new window or a popup with a text box opened. There you can type your email and it will get encrypted by the plugin.
Some of the best email encryption extensions are the following:
- PGP Anywhere (search it for your browser if using other than Google Chrome)
- Mailvelope
- EnigmaGPG (search it for your browser if using other than Google Chrome)
- CipherMail (works with Gmail only)
- PrivateMail for Gmail (Gmail only extension)
Using paid encrypted email service
There are a few email service providers that allow you to send an encrypted email straight from their dashboard. The downside is they are not free. In fact, Microsoft Office 365 is also considered as one such email service but it provides some additional features and costs more.
One of the best secure email services is ProtonMail.
How do you encrypt an email attachment?
While we have seen multiple ways to encrypt an email body (or a message text), we haven’t talked about encrypting the email attachment.
You can actually encrypt it with 7-zip or RAR archive, and then you can send a password to your recipient via one of the encrypted message techniques. A recipient will later use a password that you send to them to open a password-protected attachment.
This is combined protection by using 2 different tools. You are protecting an attachment by zipping it into a password-protected archive, then you encrypt an email message that contains a password for this archive.
What are the general tips to protect your email from being read by a third-party?
When you’ve decided to learn how you can securely send an email, you’ve gotten much closer to 100% protection. You can further improve your data security by following some of the best practices for online data protection.
Here is a list of general Internet safety tips you should always keep in mind:
- only visit SSL-enabled websites (you will see a padlock at the beginning of a website URL in your browser if it has the encryption enabled)
- try not to use untrusted public Wi-Fi networks (VPN will help protect your data if you have to use one of the open Wi-Fi hotspots)
- keep your passwords secure (use separate storage for passwords or use a password manager)
- be aware of phishing URLs (some websites may look very similar to one of those you visit frequently, but they will try to trick you and get your email credentials)
- use anti-malware with phishing and ransomware protection (to mitigate the risk discussed in the previous item)
- check our article with the best online security tips
Conclusion
We’ve discussed several email protection techniques that provide you with very strong protection. Which one of those you choose to use – is up to your personal preference and also depends on what email service and email client software you are using.
Hopefully, now you are better educated in regards to how you can encrypt your email to keep your messages always protected. Thanks for your time spent reading this.