Can I Have Encrypted Emails Please?

We are often asked if it is possible to have encrypted emails. It’s a simple question. If only the answer were as simple …..

There are two types of encryption available for emails: “transport level” and “end-to-end”.

Transport Level Email Encryption

Transport level encryption is easy to set up (you are probably already using it). The way it works is this …

If you are sending an email to me, your email goes in “hops” from your computer/phone/etc to your domain server to intermediary servers to my domain server and to my computer etc. Transport layer encryption works by encrypting each hop. Your computer will encrypt the email and your domain server will decrypt it and then encrypt it again and the intermediary server will decrypt it and encrypt it again and so on.

While it is easy to set up, your email is converted to plain text at each intermediary (hop) point and so it is at risk of being read by a hacker etc. In addition, if I chose not to set my computer to use an encrypted connection then the email would be in plain text between my domain server and my computer. Transport level encryption is better than no encryption but is probably not what you are after.

End-To-End Email Encryption

End-to-end encryption works on the basis of the email being encrypted by your computer and remaining encrypted until my computer decrypts it.

This is much more secure but a pain in the bum to set up!

For this to work, your computer would need to know the “public encryption key” for my email address and use that to encrypt it. My computer would then use my email’s “private encryption key” to decrypt it. Therefore, before you send an encrypted email to me, I would need to set up a public key and you would need to install that public key on your computer. I would then be able to read your email once I have installed the private key. Therefore, it takes time and communication between each person you want to send encrypted emails to before it will work. To make matters worse, the installation of these keys is not as simple as it could be and most people give up trying to work out how to do it!

We recommend only going down this path if you have specific people that you are going to be regularly needing to send encrypted emails to. It is too complex for occasional emails to people.

So, what can you do?

Option one is to use an encrypted email service.

The way that these typically work is that you log on to their website and compose something on their screen that looks very like an email. When you click on the send button, an email is sent to the recipient to say that there is a message for them and they have to log on to the same server to read it. In this way, the message never actually leaves the service provider’s servers so can easily be kept in encrypted form.

The downside of this is that you have no record of the email within your normal email client (Outlook etc) and the recipient does not get sent your email, they get sent a message to say that they need to login to read your message so it is more cumbersome to use. These services also normally have a monthly charge and if you ever cancel the service you will have lost all of these emails.

Option two is to encrypt the content

What I mean by “encrypting the content” is that you encrypt the email content, not the whole email and you attach the encrypted content to the email. Your email would now simply say something like “Hi Fred, As promised, please open the attachment, Regards, Jim”. That message is unencrypted and any hacker could read it without gaining access to any sensitive information. The attachment is, however, encrypted and password protected so all a hacker would see if they tried to hack into it would be gibberish. So it achieves end to end encryption of the content.

Doing this is surprisingly simple. You create a Word document for your email content, then when saving it you simply ask Word to “protect” it and give it a password. This encrypts it and sets it so that it cannot be opened without the password. You then email the Word document to the recipient and tell them (by phone or text message?) what password they need to use to open the document.

This is our recommendation and is what most small and medium businesses do.

Let us know if you have further questions about this.