de | English
IT Security Apr 29, 2020

E-mail encryption – Why you should stop sending business postcards.

When the world’s first e-mail popped up in 1971, no-one could have imagined what a critical business tool this would become. Protecting e-mail content wasn’t really an issue then, and the original e-mail protocols came without mechanisms that would enable encryption – that has changed in the meantime. Read this blog to find out what standards have been established for e-mail encryption.

Share article

sven-richter.png
Sven Richter
Professional Consultant

Would you scribble sensitive information on a postcard and send it around the globe? No? Us neither.

 

Today, there are a number of standards to make sure that e-mail has at least some protection as it travels through the internet. Your e-mail client has a TLS-protected connection to your mail server, which in turn has a TLS-protected interface to the next target.

 

But can you trust these defaults? TLS is not properly configured on every mail server, and e-mails can easily slip through the cracks of a faulty encryption mechanism. To make sure this can’t happen, you’ll have to configure your mail server so that TLS is enforced for certain recipients. Still, your e-mail will then be plain to see on their servers, word for word.

TLS.

TLS (Transport Layer Security), formerly known as SSL (Secure Sockets Layer), is an encryption protocol to secure internet traffic. It’s primarily used to securely deliver websites (HTTPS).

End-to-end encryption.

The only way to stay on the safe side is complete end-to-end encryption that scrambles all your outgoing e-mail and makes sure they are not pieced back together until they’ve reached the intended recipient. Internet highwaymen will not be able to make sense of your traffic.

 

Today’s standards that support end-to-end encryption include S/MIME and PGP. However, implementing these is often complex and prone to error. And what about recipient systems that don’t support them?

S/MIME.

S/MIME is used to encrypt and sign content, mostly for e-mail. The required digital certificate is issued by a trusted certificate authority that verifies the identity of the requester.

The solution: central e-mail encryption gateways.

The answer is to offload the complex management of configurations and keys into a centralised solution.

 

E-mail gateways not only support standard encryption technologies, but also modern web portals to deliver secure e-mails to recipients that cannot support the same standards.

PGP.

PGP (Pretty Good Privacy) relies on a public key to encrypt and sign content such as e-mails. Each participant has their own key, as well as public key that is shared among participants. However, there’s no technical guarantee that the key itself is trustworthy.