By Tyler W.
February 08, 2021
Simple Email Encryption
Email is a pain, and not just because of the volume that is received, but because of the security flaws that exist within this medium. I am a firm believer that if we were to ‘re-write’ the internet today, email would not be a part of it. Think about the security risks that we all experience and where they stem from, email. Be that receiving a phishing email, malware / virus via an email attachment, or your email being leaked as part of a larger data breach. Add to it all correspondence is sent un-encrypted (like a postcard) as opposed to encrypted (like a letter in an envelope). Seriously, if someone mentioned they were thinking of inventing email, the trade off would want to be something pretty amazing, to get me to buy in, not just the ability to receive and send emails at any time, and instantly.
Rather than digress into my hatred of email in general terms, what I wanted to do was share three providers that you should look into and consider for improving your general email hygiene, and start encrypting your email correspondence.
When you encrypt your email, you protect the data in transit, as it cannot be intercepted and ‘read’ without the encryption keys, and if your receiver honours the encryption process by only forwarding / replying with encryption enabled then this conversation remains private and hidden forever. This is markedly different to the way email works now, as when you send email, through Gmail, Outlook, Office 365 and so on. One of the biggest and best differences when you use an ‘automatic’ encryption provider is the email is sent and received with zero knowledge, that being that the vendor cannot read the email, and at any stage of the conversation – composing, transit, and receipt. The three providers that I recommend for such a service are:
The encryption options with proven security.
I have accounts to all three and they all serve different purposes for me. However, simply choosing and using one of these will be sufficient for you. Protonmail is arguably the most popular of the trio, and you may be familiar with them as a result of their popular VPN offering too. As they are the most popular, the chances of your email remaining encrypted is enhanced, as the negative with any of these providers is that the email loses it’s end-to-end encryption as soon as it leaves their environment. For example, an email from one Protonmail user to another is encrypted the entire way, however an email from a Protonmail account to a gmail account / user is not encrypted. The Protonmail user’s email is encrypted at their end, however, as soon as the email is received by the Gmail servers the encryption ceases. This is the same across all platforms, as encryption is an environment controlled process.
That notwithstanding you can look to take matters into you own hands by using tools that allow any email to be encrypted using PGP (pretty good privacy) keys. Effectively you compose your email and sign it with your private key (a key that you never ever share) and the recipient uses your public key to unlock it. They then can reply, encrypting the email with their private key, for you to unlock using their public key. Such a process works regardless of vendor and does allow the above ‘issue’ to to be circumvented. However, this is a relatively sophisticated process, and requires discipline in signing every email composed.
It is for this reason that most users select a ‘pre-cooked’ option, as these solutions remove the user inertia. It is worth noting that each of the above providers also allow for custom domains, so you can use each of these solutions for your commercial purposes without losing any appearance of professionalism (E.g. my encrypted emails still come from the cyberwi.se domain). Whilst encryption will not solve all of the emails issues and concerns, it helps, and any improvement is a worthy one. The list above is by no means an exclusive list, but simply a push in what is hopefully a right direction for your use of email, and email in general. Please consider encrypting as much of your email traffic as possible. Protect your conversations, protect your business, protect the Internet.