Sign in with
Sign up | Sign in

Why You Need to Use Encrypted Email

By - Source: Tom's Guide US | B 8 comments

For most of us, the email messages we send wouldn't be classified as sensitive. They can be personal, yes, and once in a while you'll want to make sure the content of a message is kept confidential between sender and receiver.

But sometimes, sending sensitive information — Social Security, passport or credit-card numbers, for instance — via email is necessary. At such points, consider sending an encrypted email message.

Standard email messages are sent in plain text, so it's possible for someone else to snoop on you and read them. When you encrypt mail, on the other hand, it makes the messages completely unreadable to anyone who doesn't possess a decryption key.

MORE: 10 Desktop Password Managers

"It's like locking a message in a safe, then shipping that safe," said Terence Spies, chief technology officer of Voltage Security, an enterprise-security company in Cupertino, Calif. "If you trust the safe, you no longer need to trust the people moving it."

Methods of encryption

There are several ways to encrypt email. The simplest way is to use a bit of extra software that plugs into your existing email client, such as Microsoft Outlook or Mozilla Thunderbird.

Many security-software companies offer such plug-ins, with some of them being free and others being available under a commercial license.

Andrew Schrage, of the Chicago-based personal-finance news site Money Crashers and a frequent user of encrypted email, recommends instead that you download and install an email certificate from a site like Comodo. PGP (Pretty Good Privacy) is the most common encryption certificate standard. 

"It only takes a few seconds, and once your certificate is installed, you will receive instructions to configure it to your email account," Schrage said. "With this certificate come a public key and a private key. Your public key is what you send to people who want to send you encrypted emails, and your private key is what you use to decrypt them."

MORE: Is Tor's Anonymous Internet Still Secure?

Public-key certificates are great because neither you nor the intended recipient of your encrypted email need to exchange secret information beforehand.

"Historically, when you wanted to send secret information to someone, you'd first need to agree on some kind of cipher or password and exchange that with them in some very secure manner," explained Charles McColgan of Telesign, a communications-authentication firm in Marina del Rey, Calif. "Using certificates, I can send part of my key to everyone, and you can encrypt whatever you want to send me with that part of my key."

Another option is to use the website of a third-party encryption email service, which may be ideal for those who aren't terribly computer savvy and who don't feel the need to frequently send encrypted emails.

Such sites, such as JumbleMe.com, make sending encrypted mail as simple as writing out someone's email address, and are usually fairly safe to use.

Potential pitfalls

However, if you are encrypting an email message using a third-party service, you need to make sure that the person to whom you are sending the message has the tools to be able to decrypt it and read it, pointed out Michele Neylon of Blacknight Solutions, a Internet-hosting provider in Carlow, Ireland.

"Otherwise, the recipient could end up getting emails that he either won't be able to open or will be random characters without any meaning," Neylon said.

MORE: How to Encrypt Your Files Using TrueCrypt

"In most scenarios, the person receiving the email will have to have similar software installed on their computer so that they can use the sender's public key to 'unlock' the email."

Sending email through a webmail service like Gmail is secure in that your computer's connection to the service is encrypted, but the email message you sent out from that service is not encrypted.

"'Encrypted' means complex cryptography is used make your messages unreadable when they're stored and traveling in clouds from the likes of Google, Microsoft and Yahoo," explained Kevin Bocek, vice president of marketing at CipherCloud, a data-protection firm in San Jose, Calif.

"Secure email offered by online providers is usually not encrypted when it's stored," Bocek said. "Without encrypting your email, an employee, support vendor and hackers might be able to read your personal messages."

Email is a fantastic technology, but you need to be careful about what you use it for.

"Consumers using email to conduct personal business should at least consider email encryption as a way to keep data private," Spies said. "As people are using email as an efficient way to exchange high-value documents, it's a good, prudent way to avoid being bitten by many of the breach problems that are so prominent these days."

Follow us @tomsguide, on Facebook and on Google+.

Display 8 Comments.
This thread is closed for comments
  • 0 Hide
    _Cosmin_ , September 16, 2013 12:14 PM
    You should not encurage users to send encrypted e-mails only with sensitive data.
    Anyone who survey their computer will see a pattern and will be encouraged to try to decrypt them! And with Amazon server farm you can rent at low costs anyone can brute-force them in little to no-time (think how fast NSA will do it)... and have access to ALL YOUR CRITICAL INFO.
    On the other hand, when you encrypt all your mails and they try to decode them only to find plain talking... they will loose interest and chances are that your sensitive info will pass un-noticed.
  • 0 Hide
    eodeo , September 16, 2013 12:57 PM
    I dislike NSA with great intensity. If it weren't for their illegal spying I wouldn't care to try to encrypt anything. I wish they would arrest themselves already...
  • 1 Hide
    pjmelect , September 16, 2013 4:46 PM
    Why is it that Hotmail and other email providers do not let you send or receive encrypted ZIP or RAR files?
  • 0 Hide
    shin0bi272 , September 16, 2013 10:22 PM
    I got tired of google reading all of my emails and got hushmail instead. They dont read your emails and you can encrypt them if you choose to with the whole security password thing mentioned in this article.
  • 0 Hide
    Gherard12 , September 17, 2013 12:33 AM
    I use mail1click It's easy but strong, it's amazing!! I have it in my Android devices also.more information in http://www.indiegogo.com/projects/free-and-secure-email-service/x/4730828
  • 0 Hide
    SuckRaven , September 17, 2013 8:51 AM
    The guy's name is Spies? HAHAHAHAHAHAH "chief technology officer of Voltage Security" HAHAHAHAHAH. I wonder who hired him.
  • 0 Hide
    pbrandoli , September 20, 2013 1:13 PM
    We are tackling the email encryption problem on a different level: we are writing a completely new protocol where public keys are distributed automatically via a DHT and the mails are always encrypted without user intervention.
    The system is peer to peer (doesn't need any central server) and uses the Distributed Hash Table to distribute the keys & the list of available mails. When the recipient is offline then the mails are stored temporarily on other peers and then transferred using a bittorrent-like protocol when the recipient is back online.
    More info here: http://igg.me/at/flowingmail/x/3978171
  • 0 Hide
    phpexp1 , November 10, 2013 10:50 AM
    aesencryption.net a site where you can encrypt an decrypt a text using costume key
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter