Ask Your IT Services Provider: Encrypting Your Emails

IT Services
8/21/2017

In our last blog post, we discussed how emails are not secure. In today’s post, we’re going to look at what you – and your IT services provider – can do about it: encryption. Encryption has been around for hundreds of years and uses mathematical principles to encode your message, allowing intended recipients to “decode” it with a password, key, or other credentials. Of course, this description vastly simplifies what is a very, very complex subject that should be discussed – in depth – with your IT provider prior to implementation. To help clarify things, however, we are going to look at two common ways that email is encrypted: message encryption and connection encryption.

Message encryption

Commonly achieved with PGP keys, message encryption scrambles the content of your emails so that only the correct recipient can unscramble it. Offering the highest level of obfuscation between the two options presented in this article, the contents of encrypted messages never touch a public server as plain text. This means, that the message is not “exposed” at any point in its journey. Message encryption does have some pitfalls, however, and the primary issue is often a deal breaker: convenience.

Encrypting and decrypting messages to and from a large number of senders can require hundreds of unique keys. In addition to this, encrypted messages are difficult to search, sort, and – frankly – work with.

Connection encryption

Utilizing a technology that many people use every day called “Secure Sockets Layer” (SSL), connection encryption is now utilized by a large number of online retailers, businesses, and entities to secure their websites. Applying the same principles to email servers allows users to ensure a secure connection between them and their email provider. That is an important phase: between them and their email provider.

While connection encryption is great at preventing Wi-Fi sniffers and questionable servers on the way to your email provider, it ceases to provide protection after it has reached the provider. Is your recipient using a secured connection to receive and reply? If not, many of the measures you’ve taken have been undermined.

Tunnel encryption

If the circumstances are right, an encrypted connection – or tunnel – can be set up between two specific end points. Typically a mail server on your network and a mail server on another company’s network, the connections between these two specific points can be encrypted during transit, protecting the message on public networks. This solution leaves the messages unaffected by the sender and the recipient, essentially providing the protections of encryption without usability drawbacks, as nothing special is required of either the sender or the recipient.

The main drawback of this setup is that every connection – from one company to another – must be set up individually. While time consuming, it does provide the greatest amount of protection with the lowest impact on day-to-day operation and user friendliness.