HP TECH TAKES /...
Exploring today's technology for tomorrow's possibilities
How to Send Encrypted Email
August 7, 2019
Have you ever wondered about the security of your private email conversations? Whether at work, school, or home, sending emails comes with a bit of a risk. There’s one thing you can do to discourage data breaches and attacks on your sensitive data, however. Use encrypted email. Learn how to practice this common-sense method for communicating in our step-by-step guide. But first, let’s look at why you should embrace encryption for your email correspondence.
How to Encrypt Email and Send Secure Messages
Although you might not have experienced any issues sending emails containing sensitive information like your bank account number or login credentials, it’s still an operation that can make you vulnerable to hackers. Emails sent over an open network can be intercepted and malicious actors can see email contents, attachments, or even take over your account.
To drive home the importance of email security, take a look at some alarming statistics that show the widespread cybersecurity issues that may have affected you in the past and still pose a threat today:
- In 2016, 3 billion Yahoo accounts were hacked 
- According to research by cybersecurity company, Symantec, emails with a malicious URL make up a total of 12.3% of all emails 
As these numbers illustrate, emails are a point of vulnerability for many unsuspecting users. However, it’s not all doom and gloom, there are ways to protect yourself and your information.
To help safeguard against hackers and ensure your privacy is maintained, you can use encryption. Encryption ensures that your emails remain unreadable, even if they fall into the wrong hands.
What is encrypted email and what are the benefits?
There are two main types of ways to encrypt emails, one protocol is called S/MIME and the other is PGP/MIME.
S/MIME (Secure/Multipurpose Internet Mail Extensions)
S/MIME allows users to send encrypted and digitally signed emails . This protocol allows recipients of the email to be certain the email they receive is the exact message that began with the sender. It also helps ensure that a message going to an outbound recipient is from a specific sender and not someone assuming a false identity.
How does S/MIME work? S/MIME provides cryptographic-based security services like authentication, message integrity, and digital signatures. All these elements work together to enhance privacy and security for both the sender and recipient of an email.
S/MIME also works with other technologies such as Transport Layer Security (TLS) which encrypts the path between two email servers. The protocol is also compatible with Secure Sockets Layer (SSL) which masks the connection between email messages and Office 365 (a common email service) servers.
In addition, BitLocker works in conjunction with S/MIME protocol, which encrypts data on a hard drive in a data center so if a hacker gets access, he or she won’t be able to interpret the information.
PGP/MIME (Pretty Good Privacy/Multipurpose Internet Mail Extensions)
PGP/MIME is another protocol that encrypts and signs an email and any attachments . There is more flexibility and control over how well you want your email to be encrypted - but it requires a third-party encryption tool.
One major advantage of this protocol is that if an email is intercepted, the contents can’t be leaked. In order to read the message, the recipient has to download the whole message, including all attachments, since everything has to be encrypted together.
What are the benefits of encrypted email?
It’s hard to overstate the importance of securing your information in a world where data breaches are becoming more and more common. Encrypted emails are just one security step you can take that helps you protect your sensitive data. They provide a way for users to have peace-of-mind that their private messages will stay private .
Benefits of encrypted email
1. Safeguards sensitive data
If you’re sending information like your Social Security number over email, it’s important that it’s not easily stolen by hackers.
Instead of purchasing security equipment, you can simply rely on email encryption that’s integrated directly on the server.
Instead of wasting time using several programs to make sure a connection is secure, you can rely on email encryption to do most of the work for you.
4. Regulation compliance
If you work in the healthcare industry, for example, and you haven’t taken the right steps to secure medical data, you could be in violation of HIPAA laws . Encryption helps you avoid those missteps.
5. Protects against malware
Malicious emails sometimes contain viruses masked as innocent email attachments. If you or someone else send an attachment using encrypted email, the email has a digital signature to prove its authenticity.
What is the importance of encrypted email?
It’s a common misconception that people with nothing to hide have no reason for encryption. If you’re not involved in criminal activities, what’s the point of keeping your communications safe? Unfortunately, we live in a world where your most sensitive personal data has value to hackers, identity thieves, and even marketers. The information you freely share in personal emails to family and friends may be just what bad actors need to cause harm or make money.
Fortunately, software companies and computer operating system providers understand the importance of email privacy. They’ve taken steps to equip consumers so that you can easily add a few steps to regular email use and enjoy a much more secure experience. Whether you’re sharing the dates you’ll be out of town on vacation or you’re telling someone the security system code to your home, you’ll have the peace of mind knowing that your email is free from prying eyes and will only be seen by those intended.
How does email encryption work?
If you don’t want anyone but the receiver to see the contents of a message, encryption is vital. To the outsider, an encrypted email will have a bunch of random letters, digits, or symbols instead of readable text. The person with the private key to decrypt it, typically the receiver, will be able to read the email as usual.
There are generally three encryption types available:
- S/MIME encryption works as long as both the sender and recipient have mailboxes that support it. Windows Outlook is the most popular version that works with this method. Gmail uses it as well.
- Office 365 Message Encryption is best for users with valid Microsoft Office licenses who can use this tool to encrypt the information and files sent via email. It’s also a top choice for Outlook users
- PGP/MIME is a more affordable and popular option that other email clients may prefer to use. It’s reliable and integrated into many of the apps we use today
Other email products may have their own brand of encryption, but the science behind it is the same. Only senders and recipients who have exchanged keys or digital signatures can communicate within the encrypted network.
How to send encrypted email in Outlook
Encrypting email may sound complicated, but it’s not. Microsoft has a reputation for providing its users with simple ways to encrypt data, from files to folders to emails, too. It makes sense that they would include built-in tools for Outlook, their proprietary email system. You don’t need a separate software tool or plug-in to start sending secure messages. Just follow these steps to begin.
1. Create a digital certificate
For Outlook users, encrypting a single email is simple. First, you must have a digital signature. To create a digital signature:
- Start in your Outlook window and click on the File tab
- Select Options, then Trust Center, then Trust Center Settings
- Select Email Security, Get a Digital ID
- You’ll be asked to choose a certification authority. This is entirely up to you as most are rated the same
- You’ll receive an email with your digital certificate/ID included
- Go back into Outlook and select Options and the Security tab
- In the Security Settings Name field, type in a name of your choosing
- Ensure that S/MIME is selected from the Secure Message Format box and that Default Security Settings is checked as well
- Go to Certificates and Algorithms, select Signing Certificate, and click Choose
- Make sure the box is checked next to Secure Email Certificate, and check the box next to “Send These Certificates with Signed Messages”
- Click OK to save your settings and start using Outlook
2. Use your digital signature
Now that you have a digital ID, you need to start using it:
- Open a new message to access the Tools tab
- Click that, then Customize, and finally the Commands tab
- From Categories, select Standard
- From Categories, select Digitally Sign Message
3. Encrypt Outlook messages
You can now send encrypted messages to a recipient with the next steps.
- Open the window to compose a new message and select the Options tab, then More Options
- Click the dialog box (triangle with arrow pointing down) in the lower-right corner
- Choose Security Settings and check the box next to Encrypt message contents and attachments
- Write your message as normal and send
After you’ve sent and received a message that you’ve both signed and encrypted, you don’t have to sign it again. Outlook will remember your signature.
4. Encrypt all Outlook messages
You can encrypt each one, or you can use the steps below to encrypt all outgoing messages in Outlook:
- Open the File tab in Outlook
- Select Options, then Trust Center, and Trust Center Settings
- From the Email Security tab, select Encrypted email
- Check the box next to Encrypt content and attachments for outgoing messages
- Use Settings to customize additional options, including certificates
Note: Doing this requires message recipients to have your digital ID to see messages. If they don’t, they will not be able to decode what you’ve written or sent.
How to encrypt email in Outlook
When you send emails through Outlook, you have the option to encrypt your email messages .
S/MIME encryption instructions:
Before you get started, you must add a certificate to the keychain on your computer. After you have your signing certificate set up, you’ll need to configure it using these steps.
- Under File, navigate to Options > Trust Center > Trust Center Settings
- Navigate to Email Security
- Under Encrypted email, select Settings
- Under Certificates and Algorithms, press Choose and press S/MIME certificate
- Select OK
- Write your email and send
Office 365 encryption instructions
- In an email, press Options and then click Encrypt
- Choose the encryption with the restrictions you want. For example, you can choose Encrypt-Only or Do Not Forward
Encrypt all outgoing messages in Outlook
To do this, you need to make sure all recipients have your digital ID to interpret and see your messages.
- Under the File tab, choose Options > Trust Center > Trust Center Settings
- Under Email Security, go to Encrypted email and select Encrypt contents and attachments for outgoing messages check box
- To change more settings, such as using a specific security certificate, navigate to settings
Encrypting email in iOS
The ability to encrypt via S/MIME is built-in to iPhone’s email client.
- Turn it on by going into the advanced settings
- Switch S/MIME ON
- Select Encrypt to YES by default.
You know it’s working when you see little lock icons next to the names of your email recipients.
How to encrypt email on iOS
Before you start, here are the prerequisites for using encryption on iOS devices :
- Your iPhone or iPad has to be updated with iOS or above.
- Your email account has to be configured and working.
- The email that you have set to encrypt must match the one you have configured on your device.
S/MIME encryption instructions:
- Open Settings
- Open Mail, Contacts, Calendars
- Click on your email account
- On the Exchange Account screen, choose the account you want to set up with S/MIME encryption
- Go to Advanced Settings
- In S/MIME section, toggle from OFF to ON. After you do this, the Sign and Encrypt options will be available
- S/MIME is now active. Now you can choose whether you want to sign/encrypt for all messages
Remember, if the lock is blue, the email can be encrypted. If the lock is red, however, the message’s recipient must turn on their S/MIME setting.
Note: Just like with Outlook, your messages won’t be encrypted if the digital signature isn’t on file for a recipient. You need to exchange messages first before encryption will take effect.
Encrypting email in Gmail
Assuming you have exchanged keys with someone you want to message through Gmail, the service will support S/MIME encryption. To know if a contact is set up to communicate with securely, compose a message, and check their name or message sender details for a lock icon.
- If the key icon is gray, the email was sent with TLS encryption, the standard for most servers. Both the sender and recipient have to support this for it to work
- If the icon is green, your message is protected by the S/MIME enhanced encryption, and a key is needed to decrypt on the receiving end
- If the icon is red, there is no level of encryption. You should try to avoid sending and receiving personal data from someone who doesn’t have even this basic level of security
There are also many apps, Chrome browser extensions, and third-party tools that claim to work with Gmail and Google’s suite of services. Your experiences with each may vary.
To send an encrypted email using Gmail :
- Begin composing an email message.
- Add recipient in the “To” address box.
- Press the lock icon to the right of the receiver’s address.
- Press “view details” to change the S/MIME settings or the encryption level.
- Encryption levels are as follows:
- Green: Information is masked by S/MIME encryption. This can be translated with a private key.
- Gray: Email is safeguarded with TLS (Transport Layer Security). This only can work if both the receiver of the message and the sender have TLS abilities.
- Red: No encryption enabled.
- Encryption levels are as follows:
Email providers that require a third-party encryption service
If email service providers don’t have encryption capabilities built in, you’ll need a third-party to encrypt data to send emails with S/MIME or PGP/MIME protocols. Yahoo and Android are two of the email providers that will need these third-party tools.
Yahoo utilizes Secure Sockets Layer (SSL) but needs a third-party service for higher level encryption. Similarly, Android devices can send encrypted emails but, again, you’ll need a third-party and extra setup to do it.
A few notable providers of email encryption service include:
- ProtonMail: This service allows you to choose from both free and paid plans depending on the number of encrypted messages you plan to send. With ProtonMail, you can enable PGP encryption to protect sensitive data.
- Ciphermail: This is a completely free service that supports encryption through PDF, TLS, OpenPGP, and S/Mime protocols.
- Available for Android
- Virtru: Compatible with Outlook, Hotmail, Gmail, Yahoo, and a few other email providers, this service allows for end-to-end encryption.
- Enlocked: This service allows users to receive and send out encrypted emails using PGP protocol for Gmail, Microsoft, Outlook, and Microsoft.
- Available for Chrome
Why email encryption is for everyone
Your email is essential to communication with family, friends, co-workers, and almost anyone you do business with, personal or professional. It contains information that only you and the receiver should see. Now that you know how simple it is to encrypt from most devices and email tools, why wouldn’t you do it?
Data security is a huge industry - but so is hacking. With so many data breaches happening, it’s more important than ever to make sure you’re sending sensitive data with the proper protections in place.
Whether you use Outlook, Gmail, a phone client, or iOS to keep your messages safe, you can feel better about where your emails end up and how the data inside will be viewed and used. Getting started takes no time at all, and once you’ve exchanged signatures through email with your favorite contacts, your email security will be virtually automatic. Stay safe out there!
Encryption: Send Secure Messages
 Oath; Yahoo provides notice to additional users affected by previously disclosed 2013 data theft
 Symantec; Internet Security Threat Report
 Microsoft; S/MIME for message signing and encryption in Exchange Online
 Proton Mail; What are PGP/MIME and PGP/Inline?
 Secure Swiss Data; 5 Benefits of Encrypted Email
 HIPPA Journal; HIPAA Compliance for Email
 Lifewire; How to Encrypt Email in Gmail
 Microsoft Office; Encrypt Email Messages
 QuoVadis; How do I sign and encrypt on an Apple iPhone or iPad?
 PandaSecurity; How to Encrypt email (Gmail, Outlook, iOS, Yahoo, Android, AOL)
About the Author: Linsey Knerl is a contributing writer for HP® Tech Takes. Linsey is a Midwest-based author, public speaker, and member of the ASJA. She has a passion for helping consumers and small business owners do more with their resources via the latest tech solutions.