Email encryption is a method of securing the content of emails from anyone outside of the email conversation looking to obtain a participant’s information. In its encrypted form, an email is no longer readable by a human. Only with your private email key can your emails be unlocked and decrypted back into the original message.
Email encryption works by employing something called public key cryptography. Each person with an email address has a pair of keys associated with that email address, and these keys are required in order to encrypt or decrypt an email. One of the keys is known as a “public key”, and is stored on a keyserver where it is tied to your name and email address and can be accessed by anyone. The other key is your private key, which is not shared publicly with anyone.
This encryption process is commonly referred to as public key infrastructure (PKI). These key pairs can be created and distributed by various companies that operate as certificate authorities (CAs). They are trusted third party businesses that provide proper certification for the public key and then enter the public key into a large directory of other public keys. The private key on the other hand is always only known to the owner of that specific key.
When an email is sent, it is encrypted by a computer using the public key and the contents of the email are turned into a complex, indecipherable scramble that is very difficult to crack. This public key cannot be used to decrypt the sent message, only to encrypt it. Only the person with the proper corresponding private key has the ability to decrypt the email and read its contents.
There are various types of email encryption, but some of the most common encryption protocols are:
- OpenPGP - a type of PGP encryption that utilizes a decentralized, distributed trust model and integrates well with modern web email clients
- S/MIME - a type of encryption that is built into most Apple devices and utilizes a centralized authority to pick the encryption algorithm and key size
Email encryption can often be difficult for individual users, so companies that decide to employ email encryption usually set it up as an automatic process using an encryption service.
This way, companies don’t need to rely on their employees to carry out the process of using email encryption themselves and it takes the decision out of the user’s hands. With this type of software, emails are usually configured to pass through a gateway appliance that is set up to be compliant with the company’s security policies. Email encryption is a popular option for companies because of its ease of use. It usually requires no employee training and it is often much less expensive than alternative security options.
Email encryption services can be used to provide encryption in a few separate but related areas:
- The connection between email providers can be encrypted, preventing outside attackers from finding a way to intercept any incoming or outgoing emails as they travel between servers
- The content of the email can be encrypted, ensuring that even if an email is intercepted by an attacker, the contents of the email will still be entirely unreadable
- Old or archived emails that are already stored within your email client should also be encrypted to prevent attackers from potentially gaining access to emails that aren’t currently in transit between servers
Emails are an especially vulnerable access point for attackers looking to intercept messages and gain important information from them. Hackers can gain access to all of your most important personal information sent through email - like SSNs, bank account numbers or login information - but they also have access to any attachments or content that others have sent to you and have the ability to take complete control of your email account.
Emails are most vulnerable went sent over an unsecured, public network, but they can also be vulnerable within a more secure setting such as a company network. Encryption is an important added security measure that makes sure that even if a message is intercepted it’s information cannot be accessed. By utilizing the public/private key pair system, email encryption also helps verify the authenticity of the sender and recipient of the message.
How Barracuda Can Help
The Barracuda Email Security Gateway provides key email encryption policies such as Recipient-Based, Sender-Based, and Domain-Based to provide greater email protection from ever changing threats.
Barracuda Essentials for Email Security secures your mail by encrypting it during transport to the Barracuda Message Center, encrypting it at rest for storage in the cloud, and providing secure retrieval by your recipients through HTTPS Web access.
Do you have more questions about Email Encryption? Contact us now.