Resources

Email Encryption Basics

New to Email Encryption? Learn the fundamentals from our collection of articles for beginners.

Why Use Email Encryption?

Using encrypted email prevents others from reading or tampering with your messages. This protects your privacy and counteracts a wide range of threats. Encrypted mail safeguards your security, defends against government spying, and prevents bad actors from impersonating you or your contacts.

Encrypted Email Protects Privacy
When you send an email, it travels from your computer to your email server, and from there to another server, until it reaches your recipient’s email server and, finally, their computer. This process is not secure by default. Unless you’re using encrypted email, hackers can monitor the traffic going through a server and intercept your email. Encrypted mail prevents hackers from deciphering your private communications.

Encrypted Mail Defends Against Security Threats
Email spying doesn’t just compromise your privacy — it also puts you at risk of other security threats. Many hackers don’t stop at stealing the data from an unencrypted email. Instead, they use it to gain access to company accounts and databases, and more vulnerable information. Safeguarding sensitive messages with encrypted email can often prevent much bigger, more damaging security incidents.

Defeating Government Spying Requires Data-Centric Encryption
Foreign and domestic governments sweep up vast amounts of information, using sophisticated hacking tools to learn everything they can about you. Although default encrypted email is becoming more common, it’s not good enough to defeat sophisticated government surveillance.

Most of the big email providers use TLS — a type of point-to-point encryption. Each server along the way attempts to establish an encrypted connection with the next server to send the message securely. The recipient decrypts the message, then attempts to creates a new secure connection with the next server. Unfortunately, TLS can fail if a server isn’t properly configured, or the recipient’s email server doesn’t support it. Additionally, the United States government, Chinese hackers and others have gotten very adept at breaking TLS and intercepting supposedly encrypted messages.

Strong, data-centric encrypted mail is far less vulnerable than TLS. Emails are protected as soon as they leave the sender’s computer and are only decrypted when they reach the recipients. That means a broken or hacked server can’t compromise security. Additionally, it avoids implementation flaws in some older versions of TLS that allow government agencies to hack it.

Encryption is Essential for Email Compliance
Encryption is either recommended or required by all major regulatory regimes that affect data security. For example, CJIS Security Policy explicitly mandates any data leaving a secure location be encrypted, and HIPAA requires organizations to implement either encryption or an equivalent technology. Encryption is also considered a security best practice across industries.

Encrypted Email Aids Authentication
One of the biggest dangers of online communication is the potential for undetected third party tampering. In a man-in-the-middle attack, a hacker intercepts an email or other communication on the way to its recipient. The hacker can use this attack to impersonate one of the parties, misrepresenting them or even tricking the recipient into disclosing confidential information.
Spear phishers also exploit the difficulty of confirming the identity of the sender. By crafting messages that appear to come from trusted people or organizations, they trick users into downloading malware or sharing confidential information. Encrypted mail can authenticate messages, verifying that the sender is who they say they are. Using techniques like federated identity management and confirmation emails, modern encryption helps ensure you can trust a message before you open it.

Encrypted Email Aids Authentication
One of the biggest dangers of online communication is the potential for undetected third party tampering. In a man-in-the-middle attack, a hacker intercepts an email or other communication on the way to its recipient. The hacker can use this attack to impersonate one of the parties, misrepresenting them or even tricking the recipient into disclosing confidential information.