Time to Start Encrypting Your Email?
Interest in secure, encrypted email has skyrocketed since 2013 when Ed Snowden revealed the NSA’s widespread surveillance of electronic communications. And more recently, there has been an epidemic of data breaches and ransomware attacks that can expose sensitive data. Here is the low-down on email encryption, and some free tools to help you send and receive secure emails...
How To Encrypt Your Email Messages
Unencrypted email is a sitting duck for eavesdroppers; your message is sent in plain text that can be read by anyone who intercepts it. Like a postcard that travels from one post office to another, an email message bounces from one server to another, often many times, on its way from sender to receiver. Administrators at any of these relay points can read any email they choose (although they’re usually too busy). Search warrants or national security letters can force email service providers to open their stored copies of your email to the government.
So encryption is essential if you want any assurance of email privacy. There are three things that need to be encrypted to protect your email fully.
First, the connection between you and your email server should be encrypted. For webmail users (Gmail, Yahoo, Outlook.com, AOL, etc.) this is done for you automatically. When you're logged in, you’ll see “https” instead of “http” in your browser’s address bar, and a lock icon that indicates you have a secure encrypted connection.
Desktop email clients such as Windows Mail, Apple Mail, Outlook, and Thunderbird can secure connections to email servers using SSL/TLS, too, if the server supports it. Consult your Internet Service Provider or your email program's help files for details on how to enable secure connections.
The Next Step
Second, each email message should be encrypted before it is sent to protect its contents from prying eyes while it resides on other people’s servers, including your email service provider. This is important because even though your email travels over a secure, encrypted connection, it's stored in plain (non-encrypted) text once it arrives. If your email service provider (or the recipient's) is served with a court order to give up your mail, with encryption they'll hand over only a file of unreadable gibberish. The email service provider should not have the key that decrypts your encrypted email.
Before you can exchange encrypted email, both sender and receiver must have digital certificates and they must know each other’s public encryption keys. Yes, I know that sounds VERY geeky. In the past, setting up email encryption has been a challenge for most users so it wasn’t typically done. Now there are services that make email encryption easy.
Virtru provides add-ons and apps that do the heavy lifting of email encryption. It supports Gmail and Microsoft Outlook email clients on desktop browsers, Apple’s iOS and Android devices. Once installed, Virtu lets you encrypt any email you choose before it is sent. Virtru never sees your email’s contents and your email service provider never gets the key that decrypts your mail. However, recipients do not need the Virtru software or a public key; they just have to verify their identities once by registering with Virtru. Virtru’s basic end-to-end email encryption for Gmail and Outlook is free.
ProtonMail goes beyond Virtru to provide email service as well as encryption of email. Like Virtru, ProtonMail cannot decrypt any of its users email. Better still, ProtonMail provides email servers that are beyond the reach of the NSA and other governments’ spies. ProtonMail’s servers are in Switzerland, where strong privacy laws keep all governments out of email and other personal electronic data. ProtonMail is available via the Web, and on Android and iOS (iPhone/iPad) mobile devices. Free accounts offer 500MB of message storage, and can send up to 150 messages per day. A ProtonMail Plus account (about $5/month) gives you 5GB of storage, up to 5 email addresses, the ability to use a custom email domain, and 1000 messages per day.
You may have read about the recent incident in which ProtonMail was criticized for providing the IP address of a French activist, who was subsequently arrested. The company doesn’t log customer IP addresses unless compelled to do so by a court order under Swiss law. Importantly, the actual contents of emails sent and received via ProtonMail are encrypted, and are not subject to requests from law enforcement.
SendInc is a web-based email service that lets you send and receive emails protected by military-grade encryption. There's no software required for you or your recipients, and you can use your existing email address. Sendinc does not store encryption keys, so only your recipients have the ability to decrypt your messages. If you are a Microsoft Outlook user, there is a Sendinc extension that enables you to send and receive encrypted email.
The free version of Sendinc offers 7-day message retention, with up to 100MB of message storage. You can send encrypted messages to up to 20 recipients per day, with a 10MB max message size. The PRO version offers unlimited message retention, 10GB of message storage, a 200MB max message size, 200 message recipients per day, custom message expiration, and message retraction.
PreVeil offers encrypted email that's compatible with Outlook, Gmail, and Apple Mail. Your messages and attachments are encrypted on your computer before sending, and can only be decrypted by the recipient. PreVeil creates a new set of mailboxes for your encrypted messages. A Web interface allows users to send and receive encrypted email without installing any software. This can be useful when one party is using a work or public computer that doesn't allow software to be installed.
What About Your Locally Stored Email?
Third, email stored on your local device should be encrypted in case the device is lost, stolen, or accessed without your permission. (Remember what I said about ransomware and frequent data breaches?) If you're on a mobile device, Apple iOS has supported device encryption for years, and Android does too.
Bitlockeris an encryption tool built into Windows 10 Pro edition. It's not available to Windows Home edition users, but there’s something similar called device encryption for Home users.
FileVault is the Mac OS X equivalent. Windows, Mac and Linux users can encrypt their hard drives using the free open source VeraCrypt utility.
Some (perhaps most) users feel that encrypting email is not necessary or just too much trouble. If you feel that way, I'm not trying to change your mind. But for those who feel the need to be more proactive about email privacy, or those who want to send an occasional encrypted message, here are the tools you can use.
Your thoughts on this topic are welcome. Post your comment or question below…
This article was posted by Bob Rankin on 28 Sep 2021
|For Fun: Buy Bob a Snickers.|
Geekly Update - 22 September 2021
The Top Twenty
Geekly Update - 29 September 2021
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Time to Start Encrypting Your Email? (Posted: 28 Sep 2021)
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Time to Start Encrypting Your Email?"
29 Sep 2021
Thank you for all that you do to keep us current and safe.
The clincher is still "..both sender and receiver must have digital certificates and they must know each other’s public encryption keys..."
I find it much simpler NOT to share OR trust my personal and sensitive data unless encrypted end-to-end. Yet, most definitely, not with anyone using google services; no matter how secure google servers maybe. Simply because the strength of google security is for google servers and not for my content.
29 Sep 2021
It all sounds just too damn difficult.
When suggesting SW to automate the process you should always indicate the cost.
29 Sep 2021
Anyone reading the vast majority of my family's email would find it akin to watching paint dry.
However, I do have a concern for banking / insurance messages, and the like, but as you write Bob, both sender and receiver need to participate for encrypted messages to be enabled.
We recently had cause to deal with an insurance company in the United Kingdom (UK) and we were delighted to find all messages from them were encrypted and involved us having to jump through several hoops before being able to decrypt and read their messages.
I wonder if we will ever find such an idea used here in the US?
30 Sep 2021
Lucy, in my experience, what you describe is quite common in the USA as well, when dealing with financial, medical or insurance companies.
01 Oct 2021
I could not find a free version on Virtru
04 Oct 2022
Thank you so much for the information shared. Regards ''CharleneIzere''