Should You Encrypt Your Email?
Interest in email encryption has skyrocketed since Ed Snowden revealed the NSA’s widespread surveillance of electronic communications. And more recently, there's been lots of noise about Wikileaks and email hacking. Here is the low-down on email encryption, and some free tools to help you send and receive secure emails...
How To Encrypt Your Email Messages
Unencrypted email is a sitting duck for eavesdroppers; your message is sent in plain text that anyone who intercepts it can read. Email bounces from one server to another, often many times, on its way from sender to receiver. Administrators at any of these relay points can read any email they choose (although they’re usually too busy). Search warrants or national security letters can force email service providers to open their stored copies of your email to the government.
Encryption is essential if you want any assurance of privacy. There are three things that need to be encrypted to protect your email fully.
First, the connection between you and your email server should be encrypted. For Webmail users (Gmail, Yahoo, Outlook.com, AOL, etc.) this is done for you automatically. When you're logged in, you’ll see “https” instead of “http” in your browser’s address bar, and a lock icon that indicates you have a secure encrypted connection.
Desktop email clients such as Outlook, Thunderbird, and Eudora can secure connections to email servers using SSL/TLS, too, if the server supports it. Consult your Internet Service Provider or your email program's help files for details on how to enable secure connections. Thunderbird users can install the Enigmail extension (Windows or Mac) to simplify the process of sending secure emails.
The Next Step
Second, each email message should be encrypted before it is sent to protect its contents against prying eyes while it resides on other people’s servers, including your email service provider. This is important because even though your email travels over a secure, encrypted connection, it's stored in plain (non-encrypted) text once it arrives. If your email service provider (or the recipient's) is served with a court order to give up your mail, it should be able to hand over only a file of encrypted gibberish. The email service provider should not have the key that decrypts your encrypted email.
However, sender and receiver must have digital certificates and they must know each other’s public encryption keys before they can exchange encrypted email. Yes, that sounds kind of geeky. In the past, setting up encryption has been a challenge for most users so it hasn’t gotten done. Now there are services that make using encryption easy.
Virtru provides add-ons and apps that do the heavy lifting of email encryption. It supports Internet Explorer, Firefox, Chrome, and Safari browsers; iOS and Android devices; and Outlook and Mac Mail desktop mail clients. Once installed, Virtu lets you encrypt any email you choose before it is sent. Virtru never sees your email’s contents and your email service provider never gets the key that decrypts your mail. However, recipients do not need the Virtru software or a public key; they just have to verify their identities once by registering with Virtru or using Oauth or OpenID and their Google, Yahoo, or Microsoft account.
Virtru’s basic end-to-end email encryption (including attachments) is free. It comes with a 14-day trial of the Premium features including the ability to revoke/cancel an email after it’s sent, control of forwarding, setting of email expiration dates, and more. If you want these features they cost $2/month after the trial ends.
ProtonMail goes beyond Virtru to provide email service as well as encryption of email. Like Virtru, ProtonMail cannot decrypt any of its users email. Better still, ProtonMail provides email servers that are beyond the reach of the NSA and other governments’ spies. ProtonMail’s servers are in Switzerland, where strong privacy laws keep all governments out of email and other personal electronic data. ProtonMail is available via the Web, and on Android and iOS (iPhone/iPad) mobile devices. Free accounts offer 500MB of message storage, and can send up to 150 messages per day. A ProtonMail Plus account (about $5/month) gives you 5GB of storage, up to 5 email addresses, the ability to use a custom email domain, and 1000 messages per day.
SendInc is a web-based email service that lets you send and receive emails protected by military-grade encryption. There's no software required for you or your recipients, and you can use your existing email address. Sendinc does not store encryption keys, so only your recipients have the ability to decrypt your messages. The free version offers 7-day message retention, with up to 100MB of message storage. You can send encrypted messages to up to 20 recipients per day, with a 10MB max message size. If you are a Microsoft Outlook user, there is a Sendinc extension that enables you to send and receive encrypted email.
What About Your Locally Stored Email?
Third, email stored on your local device should be encrypted in case the device is lost, stolen, or accessed without your permission. If you're on a mobile device, Apple iOS has supported device encryption for years, and Android does too. Bitlockeris an encryption tool built into Windows, but is only found on Pro, Ultimate, and Enterprise editions of Windows Vista, 7, 8.1 and 10. It's not available to Windows Home edition users. FileVault is the Mac OS X equivalent. Windows, Mac and Linux users can encrypt their hard drives using the free VeraCrypt utility.
Some (perhaps most) users feel that encrypting email is not necessary or just too much trouble. If you feel that way, I'm not trying to change your mind. But for those who feel the need to be more proactive about email privacy, or those who want to send an occasional encrypted message, here are the tools you can use.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 9 Jan 2017
|For Fun: Buy Bob a Snickers.|
When White Hats Collide
The Top Twenty
Hey, Is This Your Money?
There's more reader feedback... See all 21 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Should You Encrypt Your Email? (Posted: 9 Jan 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved