Email continues to experience immense growth in popularity -- for business and personal uses alike. And as more and more individuals worldwide continue to navigate their transition to remote work -- however permanent or temporary that might be -- email has only become more heavily relied upon, replacing lengthy in-person meetings and in some cases, phone calls. As a result of this switch, the contents of emails are growing increasingly sensitive. With that being said, it is imperative that businesses, their employees, and business associates ensure that any private information sent or received via email is properly and thoroughly secured. With the help of email encryption, individuals can avoid the negative effects of phishing, spoofing, and malware that are, unfortunately, often mobilized via email. Overall, email encryption can provide users with the necessary security to protect this vector of communication from potentially dangerous vulnerabilities.
What is Email Encryption?
When individuals include sensitive information -- like bank account numbers, social security numbers, usernames, passwords, etc. -- in emails, this data can be vulnerable to malicious actors. In order to prevent this valuable data from landing in the wrong hands, individuals are advised to turn to an email encryption service. Through email encryption, an email’s contents are disguised, protecting them by making them illegible to hackers, cybercriminals, and other unintended parties. Thus, when enabled, email encryption makes it so that all encrypted emails can only be accessed by their intended senders and recipients.
Email encryption is carried out with the use of public key infrastructure (PKI), which effectively encrypts and decrypts email contents. Senders and recipients are assigned digital codes that serve as both public and private keys. Public keys encrypt email contents and are “stored on a key server along with the person’s name and email address, and can be accessed by anyone.” On the other hand, private keys decrypt email contents and are stored in a secure and private location within the sender’s device that is only accessible to that individual. Private keys can also serve as the sender’s digital signature and thus, confirm the email’s origins and provide the recipient with peace of mind.
Why is Email Encryption Important?
Email encryption is an individual’s first line of defense against email data breaches. When an email is encrypted, its contents become scrambled and entirely illegible to any and all individuals who are not intended to access them. With that in mind, even if an email is intercepted, the encrypted contents are rendered completely useless to malicious actors. According to Panda Security, more than 13 billion data records have been lost or have become victims of theft since 2013. Such data breaches can be extremely costly to individuals and companies, in terms of both time and money. This is due to the fact that pinpointing the source of a data breach can be an especially arduous task, and containing these breaches is typically not a much easier one. However, by enabling email encryption, individuals can secure their sensitive data and steer clear of such disadvantageous circumstances.
How to Secure Email Using S/MIME Email Encryption Certificates
There are many avenues of email encryption available to businesses and individuals. However, S/MIME email encryption is one of the two most popular variations of email encryption protocol. Already built into the majority of OSX and iOS, S/MIME email encryption depends on a central authority that determines particular encryption algorithms. Moreover, S/MIME is also a built-in feature supported by many web-based email providers, most notably Gmail, Apple, and Outlook. And S/MIME functions as a more automated option for email encryption, creating the necessary key code for the use, rather than requiring the user to create it.
How S/MIME Works
S/MIME, or Secure/Multipurpose Internet Mail Extensions, is an email signing protocol that serves as an incredibly effective way to encrypt emails that might contain confidential business or sensitive personal information. This is due to the fact that S/MIME email encryption “uses asymmetric encryption to protect your email data both in transit and when it’s at rest… [, meaning that] you use a public key to encrypt the email data and your recipient uses a matching private key to decrypt it.” So, when a sender creates an email that is encrypted using S/MIME, the unencrypted contents (text, files, documents, etc.) of that email are encrypted using the recipient’s public key. Once the email makes its way to its intended recipient, the recipient’s private key is utilized, to decrypt or unscramble the contents, reverting the email back to it’s original “plaintext” form. Consequently, S/MIME email encryption supplies data protection for emails, both while in flight and at rest.
Moreover, S/MIME encrypts email content via the utilization of certificates. These certificates act to secure email correspondence, utilizing cryptography to protect them from being accessed by hackers, cybercriminals, or other malicious actors. Additionally, S/MIME certificates validate sender-identity, for all practical purposes, by providing timestamped digital signatures. In doing so, S/MIME certificates encrypt emails prior to them being sent out, whether to a mail server or onto the World Wide Web, as well as decrypt those same emails once they arrive at their intended destination. Thus, by certifying file credibility and legitimacy, S/MIME certificates encourage, expedite, and secure the process of file sharing online.
Step by Step: How to Send Encrypted Email on Three Mail Clients
In order to protect confidential and delicate data from landing in the hands of a hacker, cybercriminal, or other malicious actors, it is crucial to enable email encryption. Lucky for modern device users, many web-based email providers are already equipped for S/MIME encryption. No matter the platform or provider used, first thing’s first: users are required to obtain an email encryption certificate. Such certificates can be purchased, either from a certificate authority or a trusted seller. Following the purchase, the certificate must be installed onto the email platform.
How to Send an Encrypted Email in Gmail
Unfortunately, Gmail has failed to fulfill its promise of end-to-end email encryption for its users. But, luckily for Gmail users, this web-based email provider already has S/MIME built-in. However, it is crucial to understand that Gmail supplies users with hosted S/MIME, meaning that the provider hosts users’ S/MIME certificates on its own servers. And this capability is only available to paid users who subscribe to G Suite Enterprise.
For G Suite Enterprise users, which encompass those utilizing either G Suite Enterprise or G Suite Enterprise for Education, S/MIME can be enabled can easily be enabled through the Google Admin console, and your certificate easily uploaded. In order to encrypt and digitally sign all outgoing G Suite Enterprise emails, users must:
- Compose an email as they regularly would, designating a recipient, including attachments, etc.
- Click on the padlock icon, located in the top right corner of the screen (to the right of the recipient and next to the CC and BCC fields).
- Click on “View Details” in order to alter S/MIME settings and see if the designated recipient has enabled encryption.
- When making changes to the S/MIME settings, users are urged to take notice of the color-coded encryption levels: green conveys that S/MIME encryption has been enabled, yellow signifies that emails are only protected by TLS (Transport Layer Security), and red indicates a total lack of encryption.
- Select “Settings,” click on “Enhanced Encryption (with digital signature)”, and confirm your choice by clicking “OK”.
- Finally, complete the process by pressing “Send”.
How to Send an Encrypted Email in Outlook
Like Gmail, Outlook also has built-in capabilities for S/MIME email encryption. Enabling S/MIME on Outlook is also rather simple once the user has obtained and installed their certificate. The user must acquire a certificate from their organization’s administrator. Following this, S/MIME control can be installed onto Outlook.
In order to encrypt all outgoing emails, as well as equip those emails with a digital signature, the user must:
- Go to the gear menu and click on “S/MIME Settings”.
- This is where the user has the opportunity to encrypt the contents and attachments of all emails sent. And this is also where the user can add or enable their timestamped digital signature.
- Click on “More Options” (signified by three side-by-side dots) located at the top of the new composition and choose “Message Options”.
- Doing so will enable the user to encrypt or remove specific email correspondences.
- Select or deselect “Encrypt this message (S/MIME)”.
- When prompted to install S/MIME control by running or saving the file, click “Run”.
- Users will once again be prompted to verify their intention to run the software. Click “Run” again to proceed.
- Also, note that users will be required to close and then reopen Outlook in order to fully enable S/MIME.
Individuals who receive an S/MIME encrypted email but do not have S/MIME enabled will be prompted by Outlook to install it. Moreover, it is important for users to be aware of the fact that S/MIME encryption is only effective if both the sender and recipient have it enabled. If an intended recipient does not have S/MIME encryption enabled, then any messages that they receive that are S/MIME encrypted will remain encrypted -- permanently scrambled and illegible.
How to Send an Encrypted Email in Yahoo
By default, Yahoo protects accounts with an SSL, or Secure Sockets Layer. In order to enable S/MIME encryption on Yahoo, a third-party service is required. However, this is not to be considered a downfall. Third-party encryption tools, like Trustifi, offer an added layer of protection for both the sender and the recipient, supporting both parties with a reliable, trustworthy, and user-friendly option for email security. By linking an email provider with the Trustifi app, users can easily send encrypted responses. As previously described by Trustifi, “once the reader has successfully opened an encrypted email from a source that they are sure is legitimate, they can also respond back to the email through a pre-existing platform.” Thus, full-coverage, NSA-grade protection is facilitated on both ends of email correspondence.
Businesses, across nearly every industry, are encountering an increasing need to operate seamlessly in the digital world, only deepened by the bustling trend of remote work. By taking precautions and being proactive regarding email security, companies will do well to avoid a potential onslaught of cybersecurity threats. By obtaining or purchasing an S/MIME certificate and installing S/MIME control onto the email platform used, users can leverage timestamped digital signatures, as well as a capacity for advanced encryption.
Going one step further, businesses and their employees are highly encouraged to seek out the assistance and expertise of a third-party encryption service. Whether a company is a small business or an extremely large corporation, preventing malicious attacks like phishing and spoofing scams can save an immense amount of precious time and money. This can all be avoided with the help of a third-party encryption tool like the Trustifi app. Easy to use and reputable, the Trustifi app enables senders and recipients alike to rest assured that they will receive the highest level of privacy protection, securing the utmost confidential and sensitive messages and attachments that might be sent via email.
Crane, Casey. “How to Send Encrypted Email on 3 Major Email Platforms.” Hashed Out by The
SSL Store™, 3 June 2019,
Panda Security. “How to Encrypt Email (Gmail, Outlook, IOS, Yahoo, Android, AOL).” Panda
Security Mediacenter, 7 Feb. 2019,
Try Trustifi Today
Our Free Trial Is Forever Free
See if Trustifi Is Right for Your Organization