Application Security IT Security Outsourced IT

Email Encryption

What is Email Encryption?

Email encryption is an authentication process that disguises the contents of messages so that only the intended recipients can access and read them. This is done by scrambling plain text so that the email can only be read by an authorized recipient with a private key. With Public Key Infrastructure (PKI), a sender can use a public key to encrypt the message and then the private key is used to decrypt it. Email encryption is important as it protects sensitive data, prevents data breaches, and helps organizations with regulatory compliance with laws and regulations like GDPR, CCPA, HIPAA, and GLBA. Email encryption types include:

Pretty Good Privacy (PGP). PGP is a security program that encrypts and decrypts email messages using cryptographic authentication and digital signatures to facilitate secure online communication. Encryption techniques used include a combination of cryptography, data compression, symmetric and asymmetric key technology, and other hashing techniques. PGP also uses PKI.

Transport Layer Security (TLS). TLS is a cryptographic protocol that enables messages to pass over a computer network securely. It is commonly used for email, instant messaging, and VoIP. A common form of TLS is STARTTLS which is a command that converts plaintext messages to encrypted communications while the messages are in transit.

Secure Multi-Purpose Internet Mail Extension (S/MIME). S/MIME is an Internet Engineering Taskforce (IETF) stand used to deliver public-key encryption and digital signatures. It is similar to PGP but requires user to obtain keys from a specified Certificate Authority (CA).

AES 256-bit encryption. AES 256-bit encryption is a method that applies the same key for both encryption and decryption. The key is large and difficult to crack.

The following instructions can help you to encrypt your outgoing email:


  1. Enable S/MIME encryption. This process involves getting a certificate or digital ID from your organization’s administrator and installing S/MIME control. Follow Office’s steps for setting up to use S/MIME encryption.
  2. Encrypt all messages or digitally sign all messages by going to the gear menu and clicking S/MIME settings. Choose to either encrypt contents and attachments of all messages or add a digital signature to all messages.
  3. Encrypt or remove individual messages by selecting more options (three dots) at the top of a message and choosing message options. Select or deselect “Encrypt this message (S/MIME).” If the person you are sending a message to doesn’t have S/MIME enabled, you’ll want to deselect the box or else the recipient will not be able to read your message.


  1. Go to advanced settings and switch S/MIME on.
  2. Change “Encrypt by Default” to yes.
  3. When you compose a message and lock icon will appear next to the recipient. Click the lock icon so it’s closed to encrypt the email.

Take note: If the lock is blue, the email can be encrypted. If the lock is red, the recipient needs to turn on their S/MIME setting.


  1. Enable hosted S/MIME. You can enable this setting by following Google’s instructions on enabling hosted S/MIME.
  2. Compose your message as you normally would. 
  3. Click on the lock icon to the right of the recipient.
  4. Click on “view details” to change the S/MIME settings or level of encryption.

Take note: The following color codes are used to indicate encryption levels:

  • Green- Information is protected by S/MIME encryption and can only be decrypted with a private key.
  • Gray- The email is protected with TLS (Transport Layer Security). This only works if both the sender and recipient have TLS capabilities.
  • Red- The email has no encryption security.