What is email encryption and how does it work?
Email encryption is the process of scrambling the content of email messages so that it’s impossible to read them without a decryption code or key. Only the authorized recipient has access to a “key” to decrypt the email in order to read the message or open the attachment. With email encryption, information passed between the sender and recipient stays private.
Email encryption works via public key cryptography. Often powered through the Rivest–Shamir–Adleman (RSA) algorithm, this method of cryptography requires two separate keys, a private and a public key. While the sender can encrypt the message with a public key, the recipient must decrypt it with a private key to read the message.
Public key cryptography is more easily scalable than other forms of cryptography, as the public key can be widely shared without compromising security. Certificate authorities issue digital certificates, which confirm ownership of public keys, and authenticate the entities involved in the transfer. These certificates allow the authenticated parties to securely use email encryption.
An illustration of public key cryptography and how it works in email encryption.
How to encrypt and send secure emails
Encrypted email may sound complicated, but many of the most common email clients and services have encryption built right in. If it’s not built in, encrypting your email can get a little technical, but if you follow the steps, you’ll have encrypted email in minutes.
A password, as the standard email protection method, only prevents someone from accessing your inbox; it won’t stop someone from intercepting the message in transit or on the recipient’s end. Encryption is an ironclad way to protect the information contained in your email.
It’s also important to keep track of encryption methods. As cryptography evolves, not all so-called encryption protocols remain in use. For example, the MD5 hashing algorithm, which was once used as an encryption tool, is now mainly used for authenticating files.
Here’s how to encrypt emails in some of the most popular email clients:
How to encrypt emails in Gmail
A form of encryption, S/MIME, is already built into Gmail with a paid Google Workspace account. As long as both sender and receiver have it enabled for Gmail, the emails will be encrypted. Here’s how to ensure that your email is encrypted:
-
Enable hosted S/MIME by following Google’s instructions.
-
Compose your message as you normally would.
-
Click the lock icon to the right of the recipient.
-
Click view details to change the S/MIME settings or level of encryption. (Note: When changing the level of encryption, different color codes will appear. Green is information protected by S/MIME encryption and can only be decrypted with a private key. Gray indicates that the email is protected by TLS, which only works if both the sender and recipient have TLS capabilities. And red indicates that the email has no level of encryption security. For the highest security, go green.)
How to encrypt emails in Outlook
Outlook also has S/MIME encryption capability. If you want to ensure that your email is encrypted in Outlook, check that the S/MIME is enabled to reinforce your email security.
-
Enable S/MIME encryption in Outlook by following Microsoft’s instructions.
-
Encrypt all messages or digitally sign all messages by opening Settings (the gear icon) and clicking S/MIME settings. Choose to either encrypt contents or attachments of all messages or add a digital signature to all messages.
-
Encrypt or remove messages by selecting more options (three dots) at the top of the message and choosing message options. Select or deselect Encrypt this message. If the recipient doesn’t have S/MIME enabled, deselect encryption or they may not be able to read your message.
How to encrypt emails on iPhone
S/MIME capability is already enabled on iPhone — you just need to download a certificate from a certificate authority or get one from your organization to get it to work. Once you’ve downloaded a certificate, take the following steps to activate S/MIME encryption.
-
Open Settings, go to Mail, and tap Accounts.
-
Select the account where you want to encrypt your email, then tap the account again.
-
Choose Advanced then tap Encrypt by Default.
-
Turn on Encrypt by Default. Any future messages you send through your iPhone’s linked Mail account will be encrypted.
How to encrypt emails on Android
Android supports S/MIME as well as PGP/MIME, but to use either of these encryption capabilities on your Android device, you’ll need to download a third-party app to enable it. Or, if you have a Gmail account, you can follow the steps above for enabling S/MIME encryption in Gmail so that any and all messages you receive on any device are secured and encrypted.
How to encrypt emails on other platforms
Other platforms don’t have a built-in S/MIME protocol, so if you want to encrypt your AOL, Yahoo, or any other email account, you’ll need to use a third-party tool to use the S/MIME or PGP/MIME protocol.
There are also other ways to make your email even more secure. If you’re sharing files over email, consider password-protecting them so only the recipient can view them. To ensure even more security and privacy in email communications, make your email anonymous and set up and use a VPN before sending your emails.
Email encryption apps and software
There are a few different apps and software tools that you can use to encrypt your email no matter what device you use. Among email service providers, you can use ProtonMail or CipherMail to ensure end-to-end email encryption. Among applications and extensions, you can choose between Mailvelope, Virtru, and Lockmagic.
ProtonMail
ProtonMail is an email service provider that prides itself in offering more private communications. The service enables end-to-end encryption and stores all emails using zero-access encryption, meaning that even ProtonMail engineers can’t read your emails. ProtonMail includes support for OpenPGP encryption and uses TLS encryption for messages in transit.
The service offers varying payment tiers, as well as a free option, depending on the number of domain names needed and the number of messages sent per day. ProtonMail is compatible with both Android and iOS devices.
CipherMail
CipherMail is similar to ProtonMail in that it offers its own encrypted email service, but CipherMail is more versatile in terms of the encryption capability. With CipherMail, you can encrypt email through S/MIME, OpenPGP, TLS, and PDF. CipherMail has a free open-source based service and two different paid tiers, but it’s only compatible with Android on mobile.
Mailvelope
Mailvelope, compatible with Chrome, Firefox, and Microsoft Edge, encrypts your preferred email account with PGP. The service works with webmail providers such as Gmail, Microsoft Outlook, Yahoo, and various others.
Mailvelope’s software is open-source, and the Germany-based service is already cooperating with many webmail providers in the country. Its basic browser extension is available for free, with more comprehensive encryption provided at paid tiers.
Virtru
Virtru focuses more on the business case for encryption, including confidentiality and data protection. As a result, Virtru’s email encryption service focuses mainly on Gmail and Microsoft Outlook, though they also offer comprehensive protection for Google Workspace, Microsoft 365, and more. Virtru is user-friendly, hosting keys and managing exchanges so you don’t have to.
Because of the business focus, Virtru works on a different encryption system and offers only paid tiers depending on the size of the business. Its service may be one to turn to if you’re running a business and need more all-around data protection and not just email encryption.
Lockmagic
For Gmail only, you can get the Lockmagic browser extension, which allows for easy email encryption. Lockmagic also lets users set expiration dates on emails, allowing only the sender to view emails after a certain date. Using patented identity-based client-side email encryption, its passwordless functionality makes it more seamless for users.
If you want to expand your online privacy protection beyond email, take a look at the best free encryption software on the market. Encrypting all your communications — including text messages and files sent over the internet — will help ensure your information remains private and secure.
To protect all your online information, consider Avast BreachGuard. Avast BreachGuard offers 24/7 privacy monitoring and alerts you if your data is discovered as part of a data breach. BreachGuard also provides smart privacy advice to help you tighten up all aspects of online privacy protection.
The two types of email encryption
One of two types of encryption is used to encrypt emails:
These extensions work a little differently to achieve the same result of more secure email communication.
Secure Multipurpose Internet Mail Extensions (S/MIME)
S/MIME relies on a centralized authority to pick the encryption algorithm used in the communication. This protocol is built into most OSX and iOS devices, and is supported by Gmail and Outlook. But to use S/MIME, users must download a certificate from a certificate authority, whether private or public. As it’s already built into large service providers, such as Apple and Microsoft, S/MIME is the most used protocol.
Pretty Good Privacy/Multipurpose Internet Mail Extensions (PGP/MIME)
PGP/MIME uses a decentralized trust model to carry out its encryption protocols, in contrast to S/MIME’s reliance on centralized certificate authorities. PGP/MIME was developed to address plain text message security issues, and can now be used for email as well.
Its decentralized nature makes PGP/MIME more flexible to use and users have more control over how to encrypt their emails, but this also means it’s not as efficient as S/MIME. PGP/MIME requires a third-party encryption tool, as many service providers do not offer automatic compatibility with this protocol.
Why is it important to encrypt your emails?
Encrypting your emails keeps sensitive personal or financial data you share secure, as it helps prevent intrusive actors from reading your email. These intruders include data breachers, different types of hackers, ad trackers, or outright scammers. It’s even more important to encrypt your email today as data breaches have become more frequent.
With so much communication online, sending emails is often seen as a mundane, riskless activity. But with data trackers, spam, and several other spying or scamming tactics afoot, encryption is more important than ever.
Email encryption helps prevent hacking, data breaches, phishing, and other cyber attacks.
You can even encrypt your Wi-Fi router and use a higher-security protocol such as WPA or WPA2 to make it more secure. And there’s still more you can do to make your email accounts, and online activity overall, more private and secure.
Use a solution for end-to-end encryption
Thankfully, there’s a solution out there that can help protect your overall internet connection: a VPN. Avast SecureLine VPN uses bank-grade encryption, ensuring rock-solid protection of your online communications and browsing data, and strengthening your security while using any Wi-Fi network.
Avast SecureLine VPN is super easy to use, and you can change your IP address for better online privacy in just one click. In addition to desktop compatibility, our VPN works with Android and iOS devices, so you can enjoy private browsing on your phone, too. Level up your online security today.