Public-Private Key Pairs & How They Work

Oct. 14, 2020

1:00-2:00AM PST

Public and private keys serve as the foundation for public key cryptography and are heavily relied upon in end-to-end encryption. Also referred to as asymmetric cryptography, public key cryptography works because each public key exclusively matches a single private key. “Public key cryptography provides the basis for securely sending and receiving messages with anyone whose public key you can access.” When utilized together, public and private keys effectively encrypt and decrypt messages. In other words, if you encrypt a message by using another individual’s public key, they will be required to use their matching private key to decrypt that message successfully. Public and private keys help keep exchanged data secure when used in conjunction with one another. And someone cannot successfully decrypt a public key-encrypted message without its corresponding private key.

However, these public and private keys are not entirely keys, after all. Instead, they are massive prime numbers that are related to each other in a mathematical sense. As such, messages that a public key encrypts, the related private key alone can decrypt. Numerous vastly popular mathematical algorithms exist for generating public and private keys, including the widely respected RSA, DSS (Digital Signature Standard), and several elliptic curve techniques. And because an individual can’t guess the private key sheerly based on knowing the public key, users can share public keys deliberately and openly without concern.

What are Public Keys?

Enabling users to encrypt messages sent to other individuals on a given system, public keys allow users to confirm signatures signed by another person’s private key. Often described as being very similar to an organization’s address online, public keys are just that -- public. Any individual can look up your public key and share it among any number of users. And much like a mailing address or web address, someone can share a public key with each individual within a given system. Moreover, public keys serve to encrypt messages prior to being sent out to a specific recipient in public key cartography.

What are Private Keys?

Paired with the public key is a unique, distinct private key. A private key allows a user to decrypt a message that has been secured by their public key. Furthermore, individuals can sign their messages with their unique private key, confirming the sender’s identity for the recipient.


It can be beneficial to think of a private key as something that functions very similarly to the key to your business’s front door, and you possess the only copy. And so, one of the primary differences between public and private keys is that a private key empowers you alone to open that front door. In other words, your distinct private key, which you have exclusive access to, enables you to decrypt encrypted messages. As the intended recipient, you alone can decrypt the message.

Digital Signatures

In public key cryptography, a digital signature can be created using both public and private keys. A digital signature serves to guarantee that a user is who they claim to be, assuring the sender of the recipient’s identity. Most often, data is encrypted using a recipient’s public key. Then, the recipient decrypts that data by using their private key. Nevertheless, it is essential to note that there is no possible way to authenticate a message’s sender or source without utilizing digital signatures.

To put this into the form of an example: Since Person A’s public key is public, Person B can get ahold of it with ease and pretend to be Person A when sending a message to Person C. To circumvent this type of fraudulent behavior, Person A can use a digital signature to sign his message.

When using public and private keys, an individual can create a digital signature to sign emails sent with their private key. When the recipient receives the sender’s message, they can use the sender’s public key to authenticate the digital signature. Because a digital signature uses a sender’s private key, the sender is the only possible individual who can create the signature.

Advantages of Public-Private Key Encryption

Encrypting and decrypting messages using public and private keys affords recipients confidence in the legitimacy of the data they receive from senders. Taking it a step further, a recipient’s use of a public and private key attests to the authenticity, confidentiality, and integrity of the data they receive.

With public-private key encryption, each message transmitted by a sender to a recipient is signed with the sender’s private key, ensuring authenticity. Thus, when a sender signs a message with their private key, they guarantee the message’s authenticity, illustrating that they were indeed the message’s source. And in this way, the sender’s public key, which the recipient has access to, is the sole method of decrypting the sender’s message.

The content in a message secured with a public key may only be encrypted using the corresponding private key, ensuring confidentiality. In other words, public-private key encryption ensures that the intended recipient alone will ever be able to access the email’s contents.

An essential element of the decryption process mandates checking that the received message and sent message are a match, ensuring integrity. In effect, this guarantees that the contents of the message were not altered while in transit.


In Conclusion

Public-private key pairs provide a strong foundation for extremely robust encryption and data security during message transmission. Utilizing this pair of keys, public key encryption offers users seamless enhanced security. A sender encrypts their message using a public key, and the recipient decrypts that message using the sender’s private key.

With Trustifi, the easiest and most comprehensive email security solution on the market, users can rest assured that their messages will remain encrypted in transit. Easily deployed with Gmail, Outlook, or virtually any other email server, Trustifi’s NSA-grade end-to-end email encryption provides full inbound and outbound protection, keeping the contents of your messages safe and accessible solely to you and your intended recipient. And Trustifi allows users to recall, block, modify, and set expiration dates and times on previously sent and delivered emails. Contact Trustifi today to request a free quote!

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

How Does Email Spoofing Work?

October  10, 2020

1:00-2:00AM PST

Email technology has come such a long way since it originated in the 1970s. Even so, core email protocols still lack any built-in authentication measures. Consequently, it has become increasingly common for email users to fall victim to spam and phishing emails designed to deceive them, which is why having email encryption software is important to have so you don't fall victim to these cybercrimes. One such form of cybercrimes is email spoofing.

What is Email Spoofing?

Email spoofing, a popular Internet scam, is the act of an individual sending an email so that it appears as though another person sent it. Typically, an email spoofing scammer will forge a sender address to impersonate a credible, recognizable source like a newspaper, financial institution, or enterprise. However, these scammers can also imitate trusted individuals, such as a recipient’s close friends or family members. Unfortunately, when an email from an allegedly legitimate email address is received, more often than not, individuals tend to approach these messages with an unwarranted level of trust. And “by pretending to be someone the victim trusts, the scammer directs their victim to a fake website that collects their personal information.” This process is commonly known as phishing

You can read the difference between email spoofing and phishing here.

Only within recent years have security measures been enacted to protect individuals and businesses from email spoofing attempts. Although unrefined, many solutions like DMARC, DKIM, and SPF have cropped up, making it more arduous for email spoofing scammers to carry out their attacks. Nevertheless, such kludges are not invariably applied, and a substantial host of loopholes persist. Bolstered by the ease at which scammers can accomplish forgery online, email spoofing remains a pressing security issue for all email users.

What Does Email Spoofing Entail?

Regrettably, security was an afterthought for the innovators who created what we know today as email. It was not until 2008 that updated security standards featuring the modern email structure were written. This structure contains three components: (1) the envelope, (2) the message header, and (3) the message body. Although every email program manages email uniquely, each speaks a common language -- Simple Mail Transport Protocol (SMTP), which enables the three components of email structure to communicate with one another. And SMTP is in the absence of a means for address authentication.


By changing various email sections to conceal the sender’s true identity, email spoofing scammers can successfully carry out their attacks. The following fields are often modified accordingly:

  • FROM: Forged name and email address
  • REPLY-TO: Forged name and email address
  • RETURN-PATH: Forged email address
  • SOURCE IP: Illegitimate Internet Protocol (IP) address

Email spoofing scammers can easily alter the “From,” “Reply-To,” and “Return-Path” sections merely by utilizing available settings on platforms like Gmail and Microsoft Outlook. However, making adjustments to a user’s IP address is rather complicated and necessitates an advanced level of technical knowledge.


Generally, spoofed emails that aim to collect the target’s personal information will include a web link. The email may appear legitimate and may even feature a specific company’s logo familiar to the victim. As a result, recipients typically do not hesitate before clicking on the included link. However, when clicked, this link will immediately send the victim to the scammer’s website, usually asking them to share confidential information like their username and password. In turning over such credentials, victims enable scammers to login to their account on a real site and potentially steal money.


Alternatively, many email spoofing scammers operate unlawful companies. As such, the email messages they send typically get flagged as spam upon delivery. Thus, these scammers will spoof an email address to appear as an above-board party to successfully reach their targets. These messages can give the impression that they originated from an average individual, a legitimate enterprise, or even a government entity. With this type of email spoofing, scammers aim to trick recipients into opening messages and reading the enclosed spam advertisements.

Why Do Scammers Send Spoofed Emails?

Although most typically carried out for phishing purposes, there are a slew of reasons why scammers might target victims with spoofed emails. For one, scammers might send spoofed emails to conceal the identity of the actual sender. Moreover, some scammers may turn to email spoofing to circumvent spam blacklists. When frequently spamming, scammers will undoubtedly be quickly blacklisted. By switching email addresses, scammers can push their spam through to their targets. Another reason to send spoofed emails is to impersonate an individual the victim knows. In doing so, scammers can successfully obtain sensitive information or even gain access to personal assets. Scammers may also send spoofed emails to impersonate a business the target has a pre-existing relationship with, allowing them to acquire confidential personal data like bank logins. Furthermore, spoofed emails might also aim to sully the image of the supposed sender. And by allowing scammers to get ahold of a target’s medical and financial records, spoofed emails can even enable scammers to commit identity theft.

How Can I Avoid Being a Target of Email Spoofing?

Among an individual’s best defenses against email spoofing is suspicion. If there is any doubt surrounding the validity of an email or sender’s legitimacy, it is best to delete it and contact the trusted sender’s email address straight away. It is imperative to avoid clicking the links included in such emails and refrain from entering any login credentials. Additionally, individuals should also avoid opening any file attachments included in these messages. Another element to keep an eye out for is an abundance of errors. Bad spelling and poor grammar, paired with an email address that is faintly incorrect, tend to give away scammers. Overall, “email spoofing is trivially easy, and the technical skills required to engage in this kind of attack are extremely low, and potentially hugely profitable.” So, email users should remain skeptical of any emails that seem too good to be true or that, conversely, seem dubious.


Keeping anti-virus and anti-malware up-to-date will also help individuals to steer clear of email spoofing. With Trustifi, the easiest and most comprehensive email security solution on the market, businesses ranging in size from small, mid-size, and enterprise will receive first-rate protection against all email spoofing and phishing schemes. Trustifi’s advanced threat protection services include spoofing, phishing, and fraud detection, stopping scammers in their tracks and keeping users’ personal, financial, and medical information secure.

Try Trustifi Today

For Business

See if Trustifi Is Right for Your Organization

Mimecast vs. Trustifi

September. 05, 2020

3:00-4:00AM PST

For businesses looking to keep their networks and sensitive, private data protected, email security is crucial. And the issue of email security only continues to grow more significant as organizations become more dependent on email, which is now widely considered the primary form of professional communication. Effective in preventing both incoming and internal email threats from damaging business networks, “Secure Email Gateways” (SEGs) can significantly improve upon a business’s email security measures. One such SEG vendor is Mimecast, which is best suited to organizations mid-sized or larger, accommodating businesses with more than 250 users. Mimecast offers users numerous advanced email security features like reporting, as well as protection against viruses, phishing, and spam. However, Trustifi provides an alternative option of email security, putting forth a comprehensive suite of email tools for advanced threat protection, data loss prevention, and enterprise email encryption. With its user-friendly email-encryption software, Trustifi is unrivaled in its ease of use, flexibility, and cost-effectiveness. 


Having found popularity amongst larger organizations, Mimecast is an email security provider that provides customers with strong social engineering security, particularly against malicious attacks such as phishing and impersonation style attacks. Highly customizable, Mimecast also offers impressive spam protections. With a robust, comprehensive reporting system that supplies users with increased visibility of both email security and volume, Mimecast provides a user-friendly email security solution.


Easily and quickly deployable on Gmail/GSuite, Outlook, and virtually any email server, Trustifi is the most comprehensive, convenient, and easy-to-use email security solution on the market. Trustifi provides organizations with top-notch advanced threat protection, data loss prevention, encryption, and real-time reporting and tracking. Operating as an extra layer of protection, Trustifi can seamlessly boost an email provider’s existing security measures and give users full control over email security. Trustifi is an incredibly versatile and customizable solution that can be tailored to meet the needs of each organization, helping to minimize human error and maintain user security.

Here are our other email security platform breakdowns:

Mimecast vs. Proofpoint

Trustifi vs. Proofpoint

Features Breakdown

It can be challenging to determine which email security solution will best suit your organization’s needs. When looking to make the most advantageous choice for your organization, it can be beneficial to learn about the fundamental elements supplied by a reliable email security provider, such as features and cost.

Threat Detection

As one of the most central characteristics of a comprehensive email security solution or SEG, exhaustive threat protection is undoubtedly a critical feature. Both Mimecast and Trustifi offer users an expansive selection of threat protection features. Moreover, each of these solutions is more effective than Office 365, particularly in terms of their abilities to block viruses, spam, and other malicious content successfully.

Providing “AV sandboxing (powered by LastLine), URL scanning (powered by Vade Secure) and URL reputation checking,” Mimecast leverages third party threat intelligence vendors to fuel their threat protection efforts. On the other hand, Trustifi controls and operates a broad set of advanced threat protection offerings. Trustifi also offers a range of blacklisting and whitelisting options. Expertly detecting malware, ransomware, spoofing, phishing, and fraud, Trustifi prevents, protects, and alerts organizations of all potential malicious attacks that may try to damage or steal valuable data and information. 

Spam Filtering

Stopping spam in its tracks is another essential element of email security. And both Mimecast and Trustifi do well to tackle the issue of spam, providing businesses with options for comprehensive spam filtering. Along with inbound and outbound spam protection, Mimecast offers a Service Level Agreement (SLA) that promises to catch 99% of spam before it can find its way to your organization’s email inboxes. Similarly, Trustifi commits to detecting spam before it can reach your inbox.

Admin Features

A robust selection of admin features is incredibly essential for admins, assisting them in preventing and remedying email security breaches. Both Mimecast and Trustifi can be easily incorporated with Office 365 and Outlook thanks to Azure Active Directory integration, allowing all users to sync to either the Mimecast or Trustifi platform automatically.

In addition to Single Sign-On, per-user policy management, and self-service security options, Mimecast empowers system admins to control extensive file-sharing capabilities fully. And Mimecast presents complex routing scenarios that enable enterprises with several globally distributed mail servers to send mail to the server most local to the user. Alternatively, with seamless integration as an add-on to a user’s Gmail or Outlook, Trustifi does not necessitate any technical admins. 


Critical to email security, reporting assists admins to pinpoint the source of threats and, as a result, take stronger action to address and rectify them. Mimecast delivers PDF reports which detail all inbound and outbound emails, as well as per user reports and breakdowns. These reports enable admins to gather more minute, specific information about individual users and groups. Taking things a step further, Trustifi provides real-time reports notifying users when emails have been received, opened, and read.

End-User Features

End-user self-service features work to assist end-users in maintaining productivity, allowing them to recover lost emails, free emails from quarantines, and block or authorize unique senders and recipients. Mimecast sends end-users an email digest, which notes any emails that spam filtering features have blocked. Instant replay capabilities, which only exist on Mimecast for 14 days, allow users to retrieve lost or accidentally deleted emails. Mimecast also permits end-users to restore emails, as well as to send and block specific recipients and senders. However, with Trustifi, users can recall, block, modify, and set expirations for already sent and delivered emails at any time. 

Data Loss Prevention

A key feature of email security, data loss prevention is most definitely not an area to overlook. Both Mimecast and Trustifi offer email encryption tools, which are critical to a comprehensive approach to data loss prevention. However, Mimecast only offers email encryption as an ad add-on service that comes at an additional cost, whereas Trustifi supplies users with easy and cost-effective encryption options. Trustifi equips its customers with NSA-grade end-to-end email encryption, with full inbound and outbound protection. Furthermore, Trustifi provides two-factor authentication on the recipient (even without registering). Trustifi also supplies secure mobile relay for complete protection on any device. And 100% compliant with guidelines and regulations like HIPAA/HITECH, PII, GDPR, FSA, FINRA, LGPD, CCPA, etc., Trustifi expertly protects all user data.

Pricing Breakdown

Cost is understandably an important factor for those determining which email security solution will best meet the needs of their organization. Mimecast is a costly option, more expensive than many of its competitors. And Mimecast charges a set-up fee for their products, as well as extra fees for technical support. Conversely, Trustifi is an extremely cost-effective option, offering data loss prevention, advanced threat protection, and encryption services at a fraction of their typical costs. And as a cloud-based email security solution, Trustifi provides all of the convenience and money-saving benefits of the cloud. Trustifi understands that each business has its unique security needs and will work with you to customize the most effective solution for your organization. Visit Trustifi’s website today for a quick, free quote!

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

6 Benefits of Email Encryption

August. 21, 2020

3:00-4:10AM PST

Each day, companies worldwide utilize email to communicate, both internally and externally, often sending email messages and/or attachments that contain valuable and sensitive data, so there are many advantages to having email security. When properly implemented, the best email encryption protects email content, ensuring that it is only accessible to its intended recipient(s). If left unencrypted, emails intercepted by malicious actors like hackers and cybercriminals can be read and leveraged -- making any information present within such emails completely vulnerable. On the other hand, through a technology most commonly referred to as end-to-end encryption, encrypted emails are only legible to those in possession of the correct decryption key. With end-to-end encryption, a public key is mobilized by the sender to encrypt the email, and then a private key is used by the recipient to decrypt the message. Here's more information on Public-Private Key Pairs & How They Work.

The theft of delicate data via email can result in irreparable damages for a business, at times even dramatically compromising a business’s ability to securely communicate with customers, peers, investors, employees, etc., but with robust encryption, this data can remain protected with email security. It's important to use reputable encryption methods and solutions to prevent email threats and fully secure your email accounts.

Protect Secret Information

One major benefit of having email security in place is to protect secret information. All businesses, regardless of industry, want to maintain the privacy of valuable company data. From intellectual property to financial records, to top-secret company information and trade secrets, email encryption secures information intended to remain private, protecting it from landing in the hands of unauthorized parties. And so, through encrypting, or disguising, email contents, email encryption solutions work to successfully protect secret information from being accessed and read by anyone outside of the intended audience.

Email Security for Compliance

Business dealing with financial data, student records, medical records, credit card information, etc. must abide by certain compliance guidelines. Many of these guidelines, specifically HIPAA, CJIS, and CFPB, require encryption, while others like GDPR strongly encourage it. Although there are various compliance metrics that either mandate or recommend email encryption, they all require that organizations protect employee and customer data such as electronic Personal Health Information (ePHI), Personal Identifiable Information (PII), or Nonpublic Personal Information (NPI). Email encryption serves to help individuals and businesses accomplish this, “preventing accidents, and preventing data breaches in the case of a hacker breaking into your system.”

Cost Efficiency

Not only does email encryption serve to protect private user data with unmatched security, but it can also yield economic benefits. Email providers and platforms that allow for the seamless integration of encryption tools through their servers negate the need for users to purchase extra equipment. Trusted third-party serves often are far less costly than individual servers, which are often unnecessary.

Nullify Message Replay Possibilities

Email encryption can also help users to avoid message replay attacks -- in which a malicious actor manages to intercept a secure network communication and either fraudulently delay or resend the message in order to trick the recipient into carrying out the attackers intended plan. Without encryption, messages can potentially be saved, altered, and later re-sent by malicious parties. Encryption services utilize expiration times/timestamps, random session keys, and one-time passwords that are immediately discarded in order to reduce the risk of message replay.

Avoid Identity Theft

It is not uncommon for businesses to send out emails that contain sensitive content, including but not limited to Social Security numbers, bank account numbers, credit card numbers, financial terms, and additional highly-valuable personal financial information. When these credentials are shared via email and are left unencrypted, individuals are incredibly vulnerable to identity theft. Moreover, if a malicious actor manages to access an individual’s username and password, gaining access to their email server, that attacker will be able to access sent messages and send fraudulent messages disguised as the account owner. With email encryption, emails are rendered unreadable to all parties except the intended recipient.


By implementing an email security system, companies can help their employees to better differentiate authentic, legitimate senders from spam or phishing email -- which continues to plague inboxes on a global scale. Authentication prevents malicious actors from performing attacks, like stealing private keys or tricking the sender into using an incorrect public key, through the use of digital signatures. These signatures are unique digital codes that are entirely specific to each distinct user. Users can purchase digital certificates and unique codes from certificate authorities (CAs), which will serve to verify each party and automatically handle encryption key management. By protecting both private and public encryption keys from bad actors, encryption authentication maintains the security of all encrypted messages and attachments.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Forrester Puts Forth New “Now Tech” Report Detailing Enterprise Email Security Providers

August. 16 2020

1:00-2:00AM PST

On July 14, Forrester published its “Now Tech: Enterprise Email Providers, Q3 2020” report, helping individuals and organizations to best understand the differing data security features offered by various vendors. In this report, Forrester selected vendors to include based on market presence and functionality, two key elements for analyzing the enterprise email security market.

Prior to delving into the advantages provided to organizations that enlist the services of enterprise email security providers, analysts Joseph Blankenship and Claire O’Malley posit a definition of the enterprise email security market in this report.:


“Technologies that protect organizations’ email communications in order to mitigate and

lessen the impact of email-borne attacks. These consist of on-premises or cloud-based email gateways and solutions that integrate with cloud-based email infrastructure. Capabilities include antispam, antimalware, antiphishing, data loss prevention (DLP), encryption, phishing education, business email compromise (BEC) and spoofing protection, malicious URL detection, and email authentication.”

Source: Forrester, “Now Tech: Enterprise Email Providers, Q3 2020”

Leveraging Enterprise Email Security Solutions

Enterprise email security vendors provide customers with efficiency and security-boosting advantages, like:

  • Intercepting and blocking phishing attacks - Although a key business function, email can make organizations vulnerable to phishing attacks. To help combat this, enterprise email security vendors supply a slew of antiphishing features.
  • Avoiding costly business email compromise (BEC) attacks - A form of phishing that imitates users, BEC attacks can bring chaos upon business, regardless of their size. DMARC authentication capabilities, BEC protection, and spoofing protection help to prevent these costly attacks.
  • Enhancing security team efficiency - With built-in automation and incident response features, enterprise email security providers can rapidly address security vulnerabilities.
  • Initiating and preserving trusted communications - To avoid encountering spoofed company email addresses, enterprise email security solutions can put a stop to account takeovers, preserving trusted communications.

Four Segments of Enterprise Email Security Functionality

Forrester breaks down functionality into the numerous features popularly supplied by various vendors within the enterprise email security market.

  1. SEG (Secure email gateway) - Positioned in front of either an email infrastructure provider or on-premises email infrastructure, and incorporated into the cloud, hardware, or software, these provide several email security capabilities -- both inbound and outbound.
  2. Email infrastructure provider - Vendors that equip organizations with email infrastructure and APIs and permit enterprise email security providers to supply supplementary security capabilities.
  3. Cloud-native API-enabled email security (CAPES) - Working with email infrastructure providers to bolster native security offerings, CAPES solutions help to provide protection against malicious attacks like phishing. Some CAPES can be incorporated with collaborative tools like Slack or Microsoft Teams for strengthened communication channel security.
  4. Email authentication provider - Vendors that supply authentication services and management, guiding organizations through the implementation and maintenance of DMARC -- protecting against BEC, spoofing, and fraud.

Each of these enterprise email security provider types has their own specific functionality segments. SEGs, for example, have higher functionality in antimalware, malicious URL detection, Data leak protection (DLP), and threat intelligence; they have low functionalities in messaging cloud integration, authentication, and phishing education. Email infrastructure providers offer no phishing education functionality and low authentication functionality. On the other hand, while email authentication solutions lack functionalities like messaging cloud integration, antimalware, encryption, threat intelligence, etc., they supply users with high email cloud integration, authentication, and BEC and spoofing protection functionalities.

While recognizing Trustifi’s vertical market focus as legal, healthcare, and financial services, Forrester identifies Trustifi’s primary functionality segments as Cloud-native API-enabled email security (CAPES). Forrester considers CAPES to have high functionality in terms of email cloud integration and phishing protection -- with additional moderate functionalities such as messaging cloud integration, malicious URL detection, incident response, and BEC and spoofing protection.

Forrester’s Recommendations for Bolstering Email Infrastructure With an Enterprise Email Security Vendor

As more and more organizations make the transition from SEGs and on-premises hardware, the native security features of email infrastructure providers are being supplemented by CAPES and cloud-based email security solutions.

“Security pros know that despite best efforts, malicious emails will inevitably get through, so they need a layered approach that includes both prevention and response measures.”

Source: Forrester, “Now Tech: Enterprise Email Security Providers, Q3 2020”


Forrester recommends that security professionals:

  • Implement DMARC under expert guidance - Although difficult to set up, the advantages of DMARC can make all of the necessary effort worth it. This is due to the fact that DMARC serves as the first layer of defense, stopping BEC and spoofed emails in their tracks. When properly implemented, DMARC ensures that customers, suppliers, and partners exclusively receive authenticated emails.
  • Equip employees with phishing education - Even with the most robust security measures enacted, malicious messages will still find their way into your employees’ inboxes. For this reason, enterprise email security solutions that offer SA&T (security awareness and training), as well as phishing education, can help to train employees to recognize, report, and avoid phishing attempts.
  • Devise a worst-case scenario incident response - In the event that a malicious email finds its way into an individual’s inbox, security teams should be prepared to detect and respond to malware infections, ransomware, and data theft as quickly as possible. Many enterprise email security providers offer assistance to security teams, helping to rapidly recognize and address security emergencies -- sometimes with automated responses.

Accessible to Forrester clients or available to others for purchase, the Now Tech: Enterprise Email Security Providers, Q3 2020 report can be found on their website.

Trustifi: A User-Friendly, Comprehensive Email Security Provider

As a user-friendly and comprehensive email security provider, Trustifi supports a variety of client needs, spanning advanced threat protection, data loss prevention, and encryption. In terms of advanced threat protection, Trustifi supplies detection, prevention, protection, and alerts regarding malware and ransomware viruses, detection of spoofing, phishing, and fraud, as well as options for whitelisting and blacklisting. Moreover, Trustifi’s services provide organizations with heightened security while remaining in 100% compliance with numerous regulations, including HIPAA/HITECH, PII, GDPR, FSA, FINRA, LGPD, and CCPA. And with recipient-side two-factor authentication and real-time certified email delivery and tracking services, Trustifi’s robust data loss prevention tools are only strengthened.

Additionally, Trustifi offers clients NSA-grade end-to-end email encryption equipped with complete inbound and outbound protection. And secure mobile relay makes for comprehensive protection, regardless of the device. Organizations using Trustifi can recall, block, modify, and set expiration times on previously sent and delivered messages. Furthermore, Trustifi’s open API allows for easy incorporation with Gmail, Outlook, and several other email platforms while maintaining consistent functionality for the user. Cost-effective and customizable with all of the convenience of the cloud, Trustifi provides users with unparalleled ease and flexibility.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Three Ways To Send A Secure Email In Outlook

August. 10, 2020

5:00-6:00AM PST

As email security challenges continue to present themselves, email providers like Microsoft Outlook -- which has experienced widespread, longstanding popularity in the professional sector -- are continuing to adapt, putting forth robust encryption offerings intended to protect both the platform and the emails that live within it. Compatible with three different email encryption methods -- ranging from built-in options to third-party add-ins, the platform offers users great flexibility in terms of how to send a secure email in Outlook, and receiving secure, protected messages. When weighing one’s options for email encryption, there are lots of elements and information to consider. It is critical to consider the identity of the recipient, as well as the email account one intends to send encrypted emails from. Overall, the best-fit encryption method for a given individual is largely dependent on factors such as ease of use, costs, available features, and compatibilities.

Method 1: Using Certificates to Encrypt Emails (S/Mime)

A more dated option for encrypting an email not available to those who are looking to send encrypted emails to users utilizing free webmail platforms like Gmail and Yahoo, S/Mime encryption can only successfully encrypt emails when both the sender and the recipient have installed and shared their encryption certificates -- which has potential to be incredibly costly. Moreover, S/Mime is not a widely supported encryption method. It is made available to any individual with an email account incorporated into Outlook but does necessitate that one’s intended recipient is also an Outlook user or a user of an email platform that is similarly compatible with S/Mime. Unfortunately, this method to encrypt an email can be “vulnerable to outside attacks, like message takeovers; it also increases risk because users need to exchange encryption keys used to encrypt emails. If that key is compromised for any reason, your emails are no longer secure.”

Initial Setup for Encrypting Emails with S/MIME

To set up email encryption with S/Mime on Outlook, individuals should:

  • Acquire an email encryption certificate for oneself, import it into Outlook, and then share it with the intended recipient(s).
  • Verify that each intended recipient has purchased and installed an email encryption certificate into Outlook or an alternative S/Mime compatible email platform. This certificate should be shared with the sender.
  • Gain an understanding of the necessary steps required to send an encrypted email.

An email encryption certificate can be acquired from numerous certificate authorities (CAs). With that being said, Microsoft does encourage individuals who wish to encrypt email to utilize one of its preferred CAs: Comodo, GlobalSign, or IdenTrust. No matter which CA the user chooses to go with, it is imperative to ensure that the email security certificate (also referred to an S/Mime encryption certificate or secure email certificate) is purchased, not the SSL certificate -- which is often more noticeably advertised.

Once the certificate is purchased, the individual will receive both the certificate and the password necessary for encrypting emails to import it into Outlook. The user is should hold onto a backup of this certificate and its corresponding password. If the user’s computer or hard disk incurs damages, or Outlook email encryption must be set up on a new device, this certificate and password will be needed once again. If misplaced, previously sent and received encrypted emails will not be able to be accessed. Moreover, if a new email encryption certificate must be obtained, recipients will be required to undergo the most tedious task of updating the user’s old certificate with their new one.

Once purchased and backed up, the certificate can be imported into Outlook by completing the following:

  • Click File (located in the top left of the Outlook window).
  • Next, click Options.
  • Then, click Trust Center (in the new window that appears).
  • Next, click Trust Center Settings.
  • In the left pane, click Email Security.
  • Then, click Import/Export (located beneath the heading Digital IDs (Certificates).
  • Alternatively, if the certificate has been installed onto the device by an organization’s IT staff, click Settings instead. Based on guidance from the IT staff, select the correct certificate from the ones listed.
  • In the new window that appears, confirm that the option to Import existing ID from file is selected. Click Browse to select the certificate file. Following this, enter the password linked with the certificate file and press OK.
  • Finally, the Import/Export window will close on its own. To close the Trust Center window, click OK.
  • The certificate will have been successfully imported.

To share one’s certificate with an intended recipient, a digitally signed message must be sent to each recipient who one may -- at some point -- wish to send encrypted messages to. To complete this task successfully:

  • Begin composing a new message in Outlook.
  • In the top menu bar of the new message window that appears, click Options.
  • Then, click the small icon beside More Options.
  • Click Security Settings... (located in the new Properties window that appears).
  • Next, select Add digital signature to this message (located in the Security Properties window that appears).
  • Alternatively, click Change Settings to access the specific certificate being used to digitally sign the message. This certificate should be the newly imported one. On this window, click OK and then click Close (located on the Properties window).
  • Send the message to the intended recipient(s).

As a result of completing these steps, the public key associated with one’s certificate will have been sent. This allows others to encrypt messages that will be sent to the individual. To decrypt messages received, one needs a private key -- exclusively accessible to the user/intended recipient and imported only within that user’s Outlook application.

How to Send Encrypted Emails In Outlook Using S/Mime

To send an encrypted message, the public key portion of the intended recipient’s certificate is required. Once recipients have acquired encryption certificates and have sent a digitally signed email message via Outlook or an alternative S/Mime compatible email platform, their certificates can be added to one’s contact data. To do so:

  • Open the digitally signed message sent by this specific recipient.
  • Right-click the sender’s name and then click Add to Outlook Contacts (located where the From information corresponding to this message appears).
  • If this recipient is already a contact, the Edit/Update option can be utilized rather than creating an entirely new contact.
  • Next, click Certificates (located in the top ribbon of the contact card that appears).
  • Then, select the proper certificate for this contact from the list of certificates that appear.

Once this is completed successfully, encrypted messages can be sent to this contact by following these steps:

  • Begin composing a new message.
  • Click Options (located in the top menu of the new message window that appears).
  • Next, click the small icon located beside More Options.
  • Then, click Security Settings (located in the Properties window that appears).
  • Next, a Security Properties window will appear. In this window, select Encrypt message content and attachments. Click OK on this window. Then, click Close on the previous window.
  • Please note that message subjects are not encrypted. So, it is strongly advised that senders refrain from including sensitive material in subject lines.
  • Complete the email and add any attachments necessary. Click Send as one normally would. This email will be encrypted.

How Your Recipient Opens Your Encrypted Email

To open an encrypted email, a recipient may need to be on their desktop computer and use their Microsoft Outlook application -- which will decrypt the message for them automatically. If the recipient decides to reply to this message and they have added the sender’s encryption certificate to the contact card, this reply will be automatically encrypted.  

Receiving Secure Email from Clients (Replies, New Emails)

After performing the initial setup process, recipients will have acquired all of the necessary encryption certificates, allowing them to seamlessly send encrypted replies with the utmost ease. Additionally, new encrypted messages can be sent by following the required steps to send an encrypted email. 

Features and Cost of S/MIME to Encrypt Emails In Outlook

Once the initial setup has been completed and certificates have been properly shared, email encryption using S/Mime in Outlook is relatively user-friendly. “However, if you are considering encryption options for your business email, we recommend this option only for cases where your recipient explicitly asks for such encryption. That is only likely the case if your business or professional practice serves large enterprise clients or government agencies.” Companies working with small businesses or independent individuals are not likely to be able to use S/Mime, as these parties typically utilize free webmail accounts on platforms like Gmail and Yahoo, and may lack both the resources and knowledge necessary to purchase and set up this encryption option.

If S/Mime is used, it is important to note that users cannot access encrypted emails outside of the Outlook application. Moreover, recipients may be unable to forward encrypted emails to other users. And S/Mime is not compatible with G-Suite email accounts using GSSMO. Such G-Suite email accounts must instead use IMAP.

The cost of S/Mime varies greatly. In 2019, the certificate prices of Microsoft’s recommended CAs ranged from $39 to $369 annually. This is a recurring fee that has to be renewed each year, or every 2-3 years if multiple years are paid ahead of time. Furthermore, this is the cost of a single certificate for a specific user. Thus, each user within an organization must obtain a unique certificate.

Method 2: Office 365 Message Encryption (OME)

Without requiring the installation of certificates, Office 365 Message Encryption (OME) -- an exclusive option available to Office 365 email account users -- permits the sender to send encrypted emails to any recipient. Likely the most financially burdensome option, OME necessitates the installation of the Outlook application in conjunction with an Office 365 subscription. Also, OME requires the recipient to carry out several extra steps each time they receive a new message -- like requesting a special code and using that code to decrypt the email.

Initial Setup for Office 365 Message Encryption

To utilize OME, individuals must upgrade their subscription to a plan that offers OME. It is crucial to be aware that the widely popular Office 365 Business Essentials and Business Premium plans do not include OME. The only plans that include OME are Office 365 Enterprise E3 or E5, Microsoft Enterprise E3 or E5, Microsoft 365 Business, Office 365 A1, A3, or A5, or Office 365 Government G3 or G5. Another option would be to add Azure Information Protection Plan 1 to one’s O365 subscription, but this can be extremely complicated and costly.

Individuals looking to upgrade their Office 365 subscriptions should closely follow these steps:

  • Visit, click Sign In, and log in with an Office 365 admin account.
  • Click Admin (located in the options titles that appear).
  • Next, click Billing (located in the left pane) and then click Subscriptions (located beneath that).
  • Finally, click Switch Plans to upgrade the subscription.

After upgrading, OME availability can be verified via one of the following methods:

  1. Visit and sign in to one of the accounts linked with the Office 365 subscription. Begin composing a new email. Encryption is enabled if the Encrypt button (located in the top menu above the new message composition form) is not grayed out.
  2. Start/Re-start the device’s Outlook application. This application should be Outlook ProPlus. Begin composing a new email. Click Options (located in the top menu). The Encrypt button should be enabled.



How to Send Secure Messages In Outlook Using OME

Encrypted emails can be easily sent using OME, especially when compared with the lengthy process that S/Mime requires. Outlook offers an Encrypt button found within the Options tab on the new window that appears when composing a new message. So, to successfully send an encrypted message using OME:

  • Begin composing a new message.
  • In the top menu, click Options. Then, click Encrypt.
    • Additionally, users have the option of preventing forwarding of this encrypted message at this point by simply selecting the small arrow located beneath the Encrypt button.
  • A message should appear notifying the sender that encryption will be applied to the message.
  • Complete the email and click Send as one normally would.

How Your Recipient Opens Your Encrypted Email

When a recipient receives an email encrypted with OME, the initial email does not include any of the actual email content or attachments. Instead, they will be prompted to verify their identity via Office 365. After clicking Read the message, recipients will choose to do so with either a one-time passcode or by logging in to a school or work account. Users of free webmail services like Yahoo and Gmail may be prompted to log-in to their accounts on those platforms. Unless the recipient has an Office 365 account associated with the same email address that the email was sent to, recipients should choose the one-time passcode option, which will be delivered via a separate email from Microsoft Office 365 Message Encryption. After this code is copied and pasted into the initial webpage that requested it, the email contents will be decrypted. However, it is important to note that all attachments must be manually downloaded to be opened. 

Receiving Secure Email from Clients (Replies, New Emails)

By clicking either the Reply All, Reply, or Forward options on the secure message, the recipient begins an encrypted response. However, OME offers no option for recipients to send a new secure email to the initial sender. And secure responses cannot be sent as responses to non-encrypted emails.

Features and Cost

User-friendly and providing accessibility of encrypted messages outside of Outlook, OME certainly has its advantages. Moreover, OME does not require the backup of certificates or certificate passwords. Secure messages can be maintained on any device, so long as Outlook is installed and an Office 365 account is logged in to. And recipients can also forward secure messages to others, regardless of email address without the worry of certificates and passwords. However, the difficulties that OME poses for the recipient (e.g. passcode system), the need for Outlook ProPlus, and the inability to set expiration dates on secure messages are certainly flaws in OME.

The cost of OME is the cost associated with upgrading one’s Office 365 subscription. Depending on the subscription an individual starts with, this upgrade can vary in additional cost. Overall, OME is recommended for business email needs, specifically when dealing with vendors or parties required to abide by specific security requirements.

Method 3: Outlook Encryption Add-ins

The most seamless option for small organizations without large IT staff, Outlook Encryption Add-ins allows for secure emails to be sent to any users, even those who lack encryption themselves. This method does not require any setup, installation, or sign-in on the part of the recipient. Additionally, this approach is likely to be the most cost-effective option.

Initial Setup

The initial setup of an email encryption add-in is typically the install. After visiting the add-in’s website, download the installer. Installation should take a minute or so and will vary slightly depending upon which browser is used (Internet Explorer, Google Chrome, Firefox, etc.).

Start/restart the Outlook application and begin composing a new email. At this point, the Secure Send button should be visible at the top left of the window. If so, encrypted emails can then be sent from Outlook to any recipient’s email address, regardless of the platform used.

How to Send Encrypted Messages

To send an encrypted email, click the New Email button in Outlook. Compose an email, adding in any attachments necessary, that should be encrypted. Next, rather than clicking Send, click the Secure Send button. This will encrypt both the email’s contents and attachments.

How Your Recipient Opens Your Encrypted Email

The subject of the email won’t be encrypted, but the body of the email will. Rather than opening your email and viewing its contents and attachments, the recipient will view a page prompting them to access the encrypted email. To sustain the heightened level of security, an external passcode is not required. Instead, the sender may set a time of expiration.

Receiving Secure Email from Clients (Replies, New Emails)

The web page that shows the secure message to the intended recipient may also offer an option for them to send a secure reply. Moreover, depending on the Encryption Add-in used, recipients may be able to send secure responses to non-encrypted messages.

Features and Cost of Outlook Email Encryption

Features and pricing differ greatly from provider to provider. Trustifi, for example, empowers users to fully control their email security, tailoring services to each individual’s and organization’s needs. Trustifi’s NSA-grade encryption and full inbound and outbound protection offer an unmatched email encryption solution. Moreover, Trustifi allows users to easily and efficiently recall, block, modify, and set expiration times -- even on previously sent and delivered emails. And because Trustifi offers customized solutions, plans and pricing can be tailored to each organization’s needs and resources.


By using digital certificates (S/Mime), Office 365 Encryption (OME), or encryption add-ins, organizations are now positioned to best protect the content and attachments sent via Outlook. Combining the advantages of both S/Mime and OME, encryption add-ins offer the greatest ease of use and least economic burden. Compatible with any email account as the sender or recipient, Encryption Add-ins like Trustifi supply users with unmatched convenience and protection.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Proofpoint vs. Mimecast

July. 22, 2020

1:00-2:00AM PST

As businesses across the world become increasingly reliant on email as their primary form of communication, the issue of email security continues to grow more and more crucial. One way to improve upon email security is through the implementation of a “Secure Email Gateway” or SEG. Secure Email Gateway can effectively protect a company’s network from both incoming and internal email threats. Proofpoint and Mimecast are two popular Secure Email Gateway vendors. Specifically geared towards the needs of organizations mid-size and larger, Proofpoint and Mimecast can accommodate businesses with over 250 users. Furthermore, each of these corporate email encryption services offers advanced email security features such as protection against spam, viruses, and phishing attacks.


An innovative cloud-based email security solution, Proofpoint caters to organizations of 5 to 1000 individuals via Proofpoint Essentials. With Proofpoint Essentials, “small and medium enterprises [are protected] from advanced threats including phishing, malware, spam, and other forms of dangerous content.” Moreover, by preventing data theft, Proofpoint Essentials maintains the security of organizations’ most delicate, valuable, and proprietary information. Through its integrated Archiving and Continuity elements, Proofpoint presents businesses with accessible and cost-effective means of abiding by regulatory measures, as well as fostering business continuity. And after accumulating more than 100,000 Proofpoint Essentials users, this solution became the largest email security provider in the world. With simple, streamlined set-up and management, Proofpoint’s user-friendly infrastructure makes for a high-level email security solution.


A rather popular email security provider, Mimecast has found popularity amongst larger organizations. Mimecast offers strong social engineering security, specifically against phishing and impersonation attacks. Furthermore, Mimecast supplies users with effective protection against spam. Offering incredible ease of use and heightened visibility, Mimecast puts forth an extremely customizable solution that is bolstered by a comprehensive reporting system -- depicting both email security and volume.

Features Breakdown

Deciding which SEG solution is the best fit for your organization can be challenging. In order to make this choice, users are encouraged to familiarize themselves with integral elements that a reliable email security provider should supply, specifically features and pricing.

Threat Detection

Widely considered to be one of the most imperative elements of an email secure gateway, comprehensive threat protection is crucial. As a result, both Proofpoint Essential and Mimecast offer users an expansive breadth of threat protection features. The two solutions have been found to be more effective when compared to Office 365, specifically in terms of their ability to block malicious content like spam and viruses. 

However, Proofpoint claims to be superior to Mimecast, citing email testing performed internally that caught 1,152 phishing and spoof emails which Mimecast has previously deemed clean. Furthermore, Proofpoint claims to invest more money in emerging threat research -- with 20% of revenue into research and development as opposed to Mimecast’s 12.5% investment.

Additionally, the two providers have their unique, respective approaches to threat protection. While “Proofpoint utilizes their own internal treat protection technologies, including MLX & CLX, multiple AV engines and custom filters for inbound and outbound emails…[,] Mimecast utilizes third party threat intelligence vendors to power their threat protection platform.” Moreover, Mimecast provides users with LastLine powered AV sandboxing, Vade Secure-powered URL scanning and URL reputation checking.

Spam Filtering

Putting a stop to spam is another key aspect of email security. Both Proofpoint and Mimecast work to address this issue, offering their users comprehensive spam filtering. Furthermore, both of these SEG providers put forth a SLA (Service Level Agreement) committing to blocking 99% of spam before it can enter the user’s inbox. The two providers also supply inbound and outbound protection against spam, preventing organizations from receiving spam, as well as from being utilized as a mode of spam dissemination. 

Admin Features

Robust admin features are vital, as they enable admins to be instrumental in the prevention and rectification of email security breaches. Both Proofpoint and Mimecast may be incorporated with Office 365 and Outlook. Specifically, incorporation of either of these solutions is rather simple for Office 365 admins, as Azure Active Directory allows for automatic syncing to either Proofpoint or Mimecast.

With that being said, this is the category in which key differences between Proofpoint and Mimecast begin to emerge. Although both platforms offer Single Sign On, Proofpoint continues to advance and supply alternate options for single-sign, particularly for MSPs and Reseller customers. And even though it provides options for per-user policy management, Proofpoint provides advanced end user control options, offering a user digest that enables users to access emails that may have been deleted or retrieved.

On top of self-service security options, Mimecast also allows admins to manage the sharing of large files. And unlike Proofpoint Essentials, Mimecast currently supplies complex routing scenarios that allow for organizations with various mail servers spread out globally to direct mail to the user’s local server. With Proofpoint, this feature is exclusive to the Enterprise platform.


Reporting assists admins in narrowing down the source of threats so that they might properly address and correct them. Both Proofpoint and Mimecast deliver PDF reports that detail emails’ origins. While “Proofpoint provides real time mail flow reports…[, Mimecast] provid[es] reports on inbound and outbound emails.” And Reports and breakdowns per individual user are offered by both platforms, which allows admins to gather more focused and detailed information regarding specific users and groups.

End-User Features

Equally important, end-user features help end-users to maintain productivity, allowing them to recover lost emails, free emails from quarantines, and blow or allow unique senders and recipients. With both Proofpoint and Mimecast, end-users are provided an email digest, detailing spam emails that were blocked. Moreover, both providers allow for lost or accidentally deleted emails to be retrieved, while simultaneously offering access to the user’s email archive -- where past email correspondences are collected in a single location.

However, in terms of end-user self-service, Proofpoint outranks Mimecast. This is due to the fact that Mimecast holds emails for retrieval for a mere 14 days, while Proofpoint holds such emails for 30 days.

Data Loss Prevention

Data loss prevention is one of the most critical elements of email security. Provided by both Proofpoint and Mimecast, Outbound Filtering stops malicious actors from distributing spam via your organization’s network. Each of these platforms also offers DLP content filtering, which can effectively block particular emails containing sensitive, personal information and/or attachments. Furthermore, these providers both provide security through continuity, enabling the sending and receiving of emails in the event of a network failure. However, in this respect, Proofpoint provides a stronger solution -- supporting 30 days of email continuity as opposed to Mimecast’s 7 days.

Email encryption is an integral element of comprehensive data loss prevention, prohibiting access to emails by unintended recipients. And although each of these providers offers encryption services, Proofpoint provides much stronger encryption options, all included in Proofpoint Essential: user-based or user-enforced encryption. On the other hand, Mimecast’s email encryption offering comes at an extra cost, operating as an additional feature that is added onto their general email security features.

Pricing Breakdown

When determining which email secure gateway provider is the best fit for your organization, pricing is typically a major consideration. When comparing Proofpoint and Mimecast, Proofpoint Essentials is certainly the more cost effective option for businesses ranging from small to mid-size. With a starter package totalling 27% more than Proofpoint’s Business package, and M3R and M3RA packages totalling 50% more than Proofpoint’s comparable Advanced and Pro packages, Mimecast cannot compete in terms of cost. And to top it off, users incur charges for set-up and technical support when utilizing Mimecast.

The Best Alternative: Trustifi

Although each of these leading SEG providers has its pros and cons, the best alternative is -- without a shadow of a doubt -- Trustifi. Trustifi is an extremely user-friendly, convenient and comprehensive email security solution that offers top-notch advanced threat protection, data loss prevention, encryption, and real-time reporting and tracking. Easily incorporated with Gmail or Outlook in a matter of minutes, Trustifi can operate as an extra layer of protection, boosting your email provider’s existing security measures and giving user’s full control over their email security. Alternatively, Trustifi can help minimize human error and maintain user security. And thanks to an Open API and email relay options, Trustifi does not require any platform architecture changes. In addition, Trustifi provides expert advanced threat detection that users can depend on, with crucial fraud, spoofing, phishing, malware, and virus detection. With unmatched email security software, Trustifi provides users with NSA-grade end-to-end email encryption with the click of a button. Versatile and customizable, Trustifi can be tailored to each organization’s needs. And with all of the features included in the highest level of protection provided by both Proofpoint and Mimecast, Trustifi outperforms its competitors at a lower monetary cost.

Try Trustifi Today


See if Trustifi Is Right for Your Organization

How Does Email Encryption Work?

July. 7, 2020

1:00-2:00AM PST

Are you wondering how email encryption works? The majority of people do not encrypt their emails, assuming their firewall will protect them from hackers and cybercriminals from the internet. The problem is, once that email leaves your network, it is no longer hidden behind your firewall. Encrypting your email is the only way to ensure your information is protected when it leaves your network, but the concept of encrypting emails can sound complicated and difficult to some. So how does email encryption work? Let's explore what end-to-end email encryption is, how it works, and why you should be using it. 

What is end-to-end email encryption?

End-to-end email encryption is a method of sending emails that encrypt the message so that only the sender and the recipient can read them. Here's how email encryption works: The sender's system will encrypt it upon sending and the recipient's system decrypts it; this makes it so that nobody can tamper with or read the email, giving you complete security and confidentiality.

What is not end-to-end email encryption?

Let's take a look at what is not end-to-end email encryption, to give you a better idea of what it does and why end-to-end encryption is better than relying solely on your email provider.


Someone with a Yahoo account sends a message to someone using a Gmail account. By sending an email with  SMTP over TLS between two secure email providers, the message is encrypted between the two servers, as long as the servers that both the sender and the intended recipient use supports  SMTP over TLS. While this is a good start for email security, this is not the ultimate solution to email privacy and security that many claim it is. Not all servers support SMTP over transport layer security, and both servers have access to the email, so it can still be read and tampered with.


When you visit your Gmail inbox, the URL has HTTPS in front of it, which means that SSL/TLS without S/MIME (which would need a certificate authority) was used to encrypt data between the Gmail servers and your computer to create encrypted messages, protecting user data. SSL/TLS is commonly used on many websites these days, because it is more secure than HTTP and it helps protect against malware. While Gmail does encrypt the data, it is only encrypted between your computer and the servers. Also, Gmail has the ability to decrypt the data if necessary.

How does end-to-end email encryption work?

Now that we know what end-to-end encryption does not do, we can better examine how it works.

Both the sender and recipient are required to have a pair of cryptographic keys, one of which is public, and the other key is private. The sender will use the recipient's public key to encrypt the message on their device, then the recipient will decrypt it on their device with the private key.

Here is an easier way to look at the process on how email encryption works:

  1. Fred (sender) and Bill (recipient) generate their keys and send each other their public keys; the private keys stay private.
  2. Fred encrypts the email with Bill's public key and sends it to Bill.
  3. Bill receives the email and decrypts it with his private key.

How are public keys made public?

Keys are made and distributed by a certificate/certification authority (CA), which is an online entity that issues digital certificates and created the public key infrastructure. The CA is considered to be the trusted third party, and it provides certification for both the public and private keys.

The public key is given to the owner and the CA enters it into a public directory. The private key is given to the owner and is not available anywhere else.

With the public key, anyone can send the certificate owner an end-to-end encrypted message. They can get the public key through the directory the CA created or by simply asking the owner for the key. The public directories can usually be searched by name or email to find the public key. This is how the email encryption process works, which helps prevent phishing attacks and security vulnerabilities.

Advantages of End-to-End email Encryption

Privacy is one of the biggest advantages of using end-to-end email encryption. The content of every email you send — along with its attachments — is protected from anyone seeing them except the person you are sending them to. You do not need to worry about mass surveillance either; end-to-end encryption will keep any prying eyes away from your private messages. This allows you to protect sensitive information such as your social security number, username and password, and your bank account numbers.

Security is the other big advantage of using end-to-end email encryption. It can be combined with digital signing, which authenticates that you are truly the sender of the email, not a hacker pretending to be you to install a virus on their computer. Digital signing also gives you another layer of protection in that it will help guarantee that your message sends from your email address was never tampered with.

Final Thoughts

This type of email encryption has been around for years, but it has a fairly low adoption rate because many mainstream email service providers rely on ads and selling their users' data. End-to-end email encryption is also uncommon because it prevents the government to keep an eye on our communications. The final reason email encryption has such a low adoption rate is that it can be hard to use or understand until you get comfortable with it; it can also be hard to implement.

No matter what security you have in place on your computer, email is still one of the most vulnerable areas to attack. Without end-to-end email encryption, your emails can be intercepted by hackers and scammers, which is especially bad if you have sensitive information in those messages. Sending an unencrypted email with sensitive information in it can be the equivalent of writing that information on a postcard and mailing it. Anyone can see it as it travels, and then that important information is in the wrong hands. This is bad for both personal and business reasons.

It is important to keep in mind that once you have decrypted an email, if you do not re-encrypt it, the information in it can be accessed. Depending on how sensitive the information in the email is, you may want to make a habit of re-encrypting emails with sensitive content once you have read them, to ensure that information stays protected.

Trustifi offers a number of email security services, including email encryption. Contact us today to get started making your inbox more secure with email encryption.

Try Trustifi Today


See if Trustifi Is Right for Your Organization

How to Send Secure Email Attachments in Gmail

June. 26, 2020

1:00-2:00AM PST

Sending secure email attachments in Gmail has become very important, but sending an encrypted email in Gmail without an encryption extension can present security vulnerabilities for the email recipient.  Users don't realize how unsafe Gmail can be, and how the user's emails in transit can be intercepted by unethical third parties. With more than 1.5 billion active users worldwide, Google's Gmail currently dominates the email provider market and has grown leaps and bounds since its inception in 2004. Who doesn't have a Gmail address? And professionally, Google's G Suite service is utilized by more than 5 million companies, empowering businesses across countless industries to communicate, collaborate, and share important files, documents, etc. every day. In 2020, the Gmail platform is both frequented and beloved for the convenience and efficiency that it offers users.

Unfortunately, Gmail does not provide adequate data protection measures in their email service. By performing regular scans of user emails and gathering data to inform advertisers, Google ultimately puts users' utmost valuable and sensitive information in jeopardy. Although many users have come to brush this fact off, in some cases, deeming it a harmless, unavoidable part of technological life, emails in transit that don't utilize S/MIME encryption or transport level security can become intercepted by third parties with the potential to become leveraged for malicious purposes and phishing attacks. Although seamless and built-in, Gmail's S/MIME (Secure/Multipurpose Internet Mail Extensions) and TLS encryption options are lacking, only working correctly if both the sender and recipient are equipped with it. Without proper email encryption enabled, confidential attachments pertaining to business, financial, and even personal information might fall into the wrong hands. Thankfully, third-party encryption software is available to ensure the security of all attachments and messages transmitted.

Confidential Mode in Gmail

To boost email security offerings, Gmail rolled out its confidential mode option in 2018, allowing "users to send emails that recipients can't forward, copy, print, or download." Although the name of this security method evokes a sense of heightened data safety and confidentiality, in actuality, it effectively provides neither. With confidential mode enabled, users are also empowered to generate passcodes, activate message expiration dates, and rescind recipient access to specific emails. Thus, their confidential mode thwarts any sharing -- whether accidental or otherwise -- on the part of the email's recipient. And a recipient that intends to share an email's messages or attachments with unintended viewers is not prevented from doing so with ease via a simple screenshot. Furthermore, this security mode does not offer end-to-end encryption, permitting Gmail and additional providers to scan and collect email contents.

How to Encrypt Your Emails and Attachments In Gmail

So how do you send a secure email attachment in Gmail? The attachments shared via Gmail are often just as sensitive, or potentially more so than their corresponding messages. End-to-end encryption masterfully encrypts an email's contents while in flight and at rest, ridding emails of most security vulnerabilities. Undoubtedly, this makes end-to-end encryption the most secure method of Gmail encryption, as it protects the user's valuable messages, files, documents, etc. Although Google has often entertained the conversation around implementing end-to-end encryption, it has failed to do so as of yet. Gmail offers users a few added security options at a price. Still, to fill the void left behind by Google's Gmail, several third-party encryption services have stepped up to offer their own applications and extensions so users can properly send secure Gmail attachments.

Upgrade Your Gmail Account

In order to upgrade the data security which operates within your email account, one might consider upgrading their Gmail account from the free model to one of the platform's paid offerings. Both the G Suite Enterprise and G Suite Education plans provide S/MIME encryption. A step up from the standard TLS encryption provided by Google, which performs automatic encryption on all outgoing emails, S/MIME encryption enables users to encrypt emails with keys unique to the user and are required to be shared with the intended recipient. Users of either of Gmail's paid models can discern the level of encryption being employed by any given email.

With this being said, S/MIME encryption can only be successful if exercised by both the sender and the recipient. In other words, an email, even if sent utilizing S/MIME encryption, will remain unencrypted if the intended recipient uses an email provider free of encryption. And to top it off, S/MIME does not prevent Google's scanning of emails for advertising data collection. 

Find Another Email Provider For Advanced File Encryption

For those transmitting highly sensitive, confidential, or classified data, Gmail might not be a suitable fit. Although creating and transitioning to a new email account can be burdensome, it may help to achieve the level of security that is necessitated by your business, personal affairs, etc. It is critical to be incredibly diligent when researching a new email provider to ensure that this switch will be permanent and provide the desired privacy and data protection. Along with end-to-end encryption, the most secure provider should offer guaranteed encryption, no matter the recipient's provider, as well as a zero-knowledge policy.

Use Gmail Encryption Software from Trustifi

Gmail attachments must be encrypted before being sent. By doing so, in the event that an email is intercepted and/or forwarded by a malicious actor, the attachments in Gmail will remain encrypted, rendering them useless to cybercriminals, hackers, and other third-party entities. However, discovering the most streamlined, user-friendly, and efficient method of email encryption does not have to be a daunting task. While the encryption solutions provided by Google seem to miss the mark and most third-party plug-ins are challenging to use, users who intend to stick with Gmail can seek the assistance of an encryption software provider. 

Trustifi is a comprehensive email security platform that offers cost-effective and versatile Gmail encryption options to a variety of clients, spanning virtually all industries, including highly regulated ones like Pharmaceutical, Healthcare, Financial, Legal, and Real Estate. As an add-on Gmail extension, Trustifi integrates seamlessly with it. And with NSA-grade end-to-end encryption and secure mobile relay, Trustifi delivers user-friendly, complete protection for both incoming and outgoing messages to all clients. Trustifi secures data with a private key which can only be decrypted with a private key, which the intended recipient has; the private key is validated with a Certificate Authority. Moreover, Trustifi's customizable encryption solutions enable clients to recall, block, modify, and set expirations on previously sent and received emails, making it the best user experience compared to any other option. Trustifi also allows clients to prevent the printing and removal of metadata from attachments. Overall, Trustifi's encryption solutions provide Gmail users with unmatched visibility and security measures, enabling increased oversight and peace of mind.


Email messages and attachments landing in the wrong hands is not an uncommon occurrence. Highly sensitive data in the form of business presentations, contracts, agreements, mock-ups, and the like are sent and received via email every day. And typically, once such emails are sent out, users lose control over these attachments entirely.

Fortunately, email encryption software and solutions like those provided by Trustifi are here to help, serving as the user's first line of defense against data breaches and malicious interceptions. With Trustifi's NSA grade end-to-end email encryption services, clients can rest assured that any attachments sent and received via Gmail will be secured, protected, and only accessed by intended viewers.

Try Trustifi Today


See if Trustifi Is Right for Your Organization

How to Send a Secure Email

June. 16, 2020

1:00-2:00AM PST

Encrypting emails to protect sensitive information when sending a message or attachment has become so important. Email continues to experience immense growth in popularity -- for business and personal uses alike. And as more and more individuals worldwide continue to navigate their transition to remote work -- however permanent or temporary that might be -- email has only become more heavily relied upon, replacing lengthy in-person meetings and in some cases, phone calls. As a result of this switch, the contents of email messages are growing increasingly sensitive. With that being said, it is imperative that businesses, their employees, and business associates know how to send a secure email, and ensure that any private information sent or received via email is properly and thoroughly secured. With the help of email encryption, individuals can avoid the negative effects of phishing, spoofing, and malware that are, unfortunately, often mobilized via email. Overall, encrypting emails can provide users with the necessary security to protect this vector of communication from potentially dangerous vulnerabilities.

What is Email Encryption?

When individuals include sensitive information -- like bank account numbers, social security numbers, usernames, passwords, etc. -- in emails, this data can be vulnerable to malicious actors. In order to prevent this valuable data from landing in the wrong hands, individuals are advised to turn to an email encryption service. Through an encryption algorithm using end to end encryption technology, an email’s contents are disguised, protecting them by making them illegible to hackers, cybercriminals, and other unintended parties. Having emails encrypted makes it so that all encrypted emails can only be accessed by their intended senders and receivers. Encrypting email is critically important, whether you're apart of government agencies or apart of a large company.

Email encryption is carried out with the use of public key infrastructure (PKI), which effectively encrypts and decrypts email contents. Senders and receivers are assigned digital codes that serve as both public and private keys. Public keys encrypt email contents and are “stored on a key server along with the person’s name and email address, and can be accessed by anyone.” On the other hand, private keys decrypt email contents and are stored in a secure and private location within the sender’s device that is only accessible to that individual. Private keys can also serve as the sender’s digital signature and thus, confirm the origins of email messages and provide the recipient with peace of mind.

Why is Encrypting Emails Important?

Email encryption is an individual’s first line of defense against data breaches. When an email is encrypted, its contents become scrambled and entirely illegible to any and all individuals who are not intended to access them. With that in mind, even if an email is intercepted, the encrypted contents are rendered completely useless to malicious actors. More than 13 billion data records have been lost or have become victims of theft since 2013. Such data breaches can be extremely costly to individuals and companies, in terms of both time and money. That's why many businesses opt for enterprise email encryption software to protect against cyber security. This is due to the fact that pinpointing the source of a data breach can be an especially arduous task, and containing these breaches is typically not a much easier one. However, by enabling encryption, or hiring some type of email encryption services, individuals can secure their sensitive data and steer clear of such disadvantageous circumstances caused by security vulnerabilities.

How to Secure Email Using S/MIME Email Encryption Certificates

There are many email encrypt options available to businesses and individuals. However, S/MIME email encryption is one of the two most popular variations of encryption protocols. Already built into the majority of OSX and iOS, S/MIME encryption depends on a central authority that determines particular encryption algorithms. Moreover, S/MIME is also a built-in feature supported by many web-based email providers, most notably Gmail, Apple, and Outlook. And S/MIME functions as a more automated option for email encryption, creating the necessary key code for the use, rather than requiring the user to create it.

How S/MIME Email Encryption Works

S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an email signing protocol that serves as an incredibly effective way to encrypt emails that might contain confidential business or sensitive personal information. This is due to the fact that S/MIME email encryption “uses asymmetric encryption to protect your data both in transit and when it’s at rest… [, meaning that] you use a public key to encrypt the email data and your recipient uses a matching private key to decrypt it.” So, when a sender creates an email that is encrypted using S/MIME, the unencrypted contents (text, files, documents, etc.) of that email are encrypted using the receiver's public key. Once the email makes its way to its intended recipient, the receiver's private key is utilized, to decrypt or unscramble the contents, reverting the email back to it’s original “plaintext” form. Consequently, S/MIME email encryption supplies data protection for emails, both while in flight and at rest. The recipient must have both the public and private encryption keys in order for it to work.

Moreover, S/MIME encrypts content via the utilization of certificates. These certificates act to secure email correspondence, utilizing cryptography to protect them from being accessed by hackers, cybercriminals, or other malicious actors. Additionally, S/MIME certificates validate sender-identity, for all practical purposes, by providing timestamped digital signatures. In doing so, S/MIME certificates encrypt emails prior to them being sent out, whether to a mail server or onto the World Wide Web, as well as decrypt those same emails once they arrive at their intended destination. Thus, by certifying file credibility and legitimacy, S/MIME certificates encourage, expedite, and secure the process of file sharing online.

Step by Step: How to Send Secure Emails on Three Mail Clients

In order to protect confidential and delicate data from landing in the hands of a hacker, cybercriminal, or other malicious actors, it is crucial to enable encryption. Lucky for modern device users, many web-based email providers are already equipped for S/MIME encryption. No matter the platform or provider used, first thing’s first: users are required to obtain an email encryption certificate. Such certificates can be purchased, either from a certificate authority or a trusted seller. Following the purchase, the certificate must be installed onto the email platform. The top three email providers are Gmail, Outlook, and Yahoo. Some other notable email services are Protonmail and Hotmail. Some companies offer a browser extension to implement email encryption methods. They offer an "encrypt button" with a lock icon when the email is fully secured.

How to Send an Encrypted Email in Gmail

Unfortunately, Gmail has failed to fulfill its promise of end-to-end email encryption for its users. But, luckily for Gmail users, this web-based email provider already has S/MIME built-in so you can send secure attachments in Gmail. However, it is crucial to understand that Gmail supplies users with hosted S/MIME, meaning that the provider hosts users’ S/MIME certificates on its own servers. And this capability is only available to paid users who subscribe to G Suite Enterprise.

Here's everything you'd need to know about Gmail encryption.

For G Suite Enterprise users, which encompass those utilizing either G Suite Enterprise or G Suite Enterprise for Education, S/MIME can be enabled can easily be enabled through the Google Admin console security settings, and your certificate easily uploaded. In order to encrypt and digitally sign all outgoing G Suite Enterprise emails, users must:

  1. Compose an email as they regularly would, designating a recipient, subject line, including attachments, etc.
  2. Click on the padlock icon, located in the top right corner of the screen (to the right of the recipient and next to the CC and BCC fields).
  3. Click on “View Details” in order to alter S/MIME settings and see if the designated recipient has enabled encryption.
  4. When making changes to the S/MIME settings, users are urged to take notice of the color-coded encryption levels: green conveys that S/MIME encryption has been enabled, yellow signifies that emails are only protected by TLS (Transport Layer Security), and red indicates a total lack of encryption.
  5. Select “Settings,” click on “Enhanced Encryption (with digital signature)”, and confirm your choice by clicking “OK”.
  6. Finally, complete the process by pressing “Send”.



How to Send an Encrypted Email in Outlook

Like Gmail, Microsoft Office's Outlook also has built-in capabilities for S/MIME encryption. Enabling S/MIME on Outlook is also rather simple once the user has obtained and installed their certificate. The Microsoft Office user must acquire a certificate from their organization’s administrator. Following this, S/MIME control can be installed onto Outlook.

In order to encrypt all outgoing emails in Microsoft Office, as well as equip those emails with a digital signature, the user must:

  1. Go to the gear menu and click on “S/MIME Settings”.
  2. This is where the user has the opportunity to encrypt the contents and attachments of all emails sent. And this is also where the user can add or enable their timestamped digital signature.
  3. Click on “More Options” (signified by three side-by-side dots) located at the top of the new composition and choose “Message Options”.
  4. Doing so will enable the user to encrypt or remove specific email correspondences.
  5. Select or deselect “Encrypt this message (S/MIME)”.
  6. When prompted to install S/MIME control by running or saving the file, click “Run”.
  7. Users will once again be prompted to verify their intention to run the software. Click “Run” again to proceed.
  8. Also, note that users will be required to close and then reopen Outlook in order to fully enable S/MIME.

Individuals who receive an S/MIME encrypted email but do not have S/MIME enabled will be prompted by Outlook to install it. Moreover, it is important for users to be aware of the fact that S/MIME encryption is only effective if both the sender and recipient have it enabled. If an intended recipient does not have S/MIME encryption enabled, then any messages that they receive that are S/MIME encrypted will remain encrypted -- permanently scrambled and illegible.

How to Send an Encrypted Email in Yahoo

By default, Yahoo protects accounts with an SSL, or Secure Sockets Layer. In order to enable S/MIME encryption on Yahoo, a third-party service is required. However, this is not to be considered a downfall. Third-party encryption tools, like Trustifi, offer an added layer of protection for both the sender and the recipient, supporting both parties with a reliable, trustworthy, and user-friendly option for security. By linking an email provider with the Trustifi app, users can easily send encrypted responses. As previously described by Trustifi, “once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform.” Thus, full-coverage, NSA-grade protection is facilitated on both ends of email correspondence.

Final Thoughts On Sending Secure Emails

Businesses, across nearly every industry, are encountering an increasing need to operate seamlessly in the digital world, only deepened by the bustling trend of remote work. By taking precautions and being proactive regarding email security, companies will do well to avoid a potential onslaught of cybersecurity threats. By obtaining or purchasing an S/MIME certificate and installing S/MIME control onto the email platform used, users can leverage timestamped digital signatures, as well as a capacity for advanced encryption.

Going one step further, businesses and their employees are highly encouraged to seek out the assistance and expertise of a third-party encryption service. Whether a company is a small business or an extremely large corporation, preventing malicious attacks like phishing and spoofing scams can save an immense amount of precious time and money. This can all be avoided by educating employees about how to send a secure email, and with the help of a third-party encryption tool like the Trustifi app. Easy to use and reputable, the Trustifi app enables senders and recipients alike to rest assured that they will receive the highest level of privacy protection, securing the utmost confidential and sensitive messages and attachments that might be sent via email.

Try Trustifi Today


See if Trustifi Is Right for Your Organization