How to Encrypt Emails
Emails are inherently insecure, but most of the time it doesn’t matter. However, occasionally it would be preferable if some emails could be sent safe in the knowledge that only the intended recipient can read them. For example, consider a scenario in which you are receiving the results of a blood test from your doctor via email. With a standard email, there is no guarantee that it will not be viewed by anyone else before it reaches your inbox. Our end-to-end encryption feature can provide that guarantee. On this page we will explain how to use this feature to encrypt the emails you send so that no-one other than the intended recipient can read them.
Design Goals
Before we explain how to encrypt emails, let’s consider a few design goals for such a system. Click here to skip this bit.
Privacy | No one but the intended recipient should be able to open the message; not even administrators or a junk filtering email system. |
---|---|
No Plugins | No plugin should be required to open the original message. It uses software that is commonly available on every computer or mobile device. |
Off-line Access | Recipients should not have to rely on external websites in order to view the message. They should be able to view the message even if Internet access is not available. |
Mobile Access | Recipients should be able to open the message on their mobile devices, running on iOS, Android or Windows. |
No Expiration | A previously sent message should never expire. |
SSL/TLS A misconception
Many individuals incorrectly think they can achieve end-to-end encryption when using SSL/TLS, but SSL can only encrypt in-transit data.
Consider the image below as an example:
Since SSL/TLS only encrypts in-transit data (represented by red lines in the diagram), it is potentially stored in clear once the message gets to the next SMTP server. Therefore, both humans and software can look into the message, defeating the purpose of having an end-to-end encryption system.
Prelude to the Rescue!
Set Encryption Passwords on the Fly
Compose your email as normal with your email client, e.g. Microsoft Outlook or Mozilla Thunderbird or any other web-based email client, and modify the subject line to append with the word encpass
followed by your chosen encryption password in brackets, for example:
Email subject line before being modified
Your tax returns for 2020
Email subject line after being modified
Your tax returns for 2020 encpass(magicWord2020)
In this example, magicWord2020 is the password that you must share with the recipients of the email by some other means so they can use it to open the email after they have received it. Don’t send the password in the body or attachments of the encrypted email as they won’t be able to see it. You must do this with each email that you want to encrypt. The password can be any text you choose and is specific to each email that is sent, but you can use the same password each time or different.
It is as simple as that. Of course, this can only work if we host your emails and if you send your emails using our mail servers, configured according to the instructions we provided.
For outgoing messages with encpass(yourPassword) at the end of the subject, Mailgate will extract the body and any attachments from the message, create an encrypted PDF document using 256-AES encryption and send the encrypted PDF instead. The PDF reader, either on desktop or mobile device, will prompt the recipient for the encryption password.
Set Predefined Encryption Passwords
If you want to do this regularly for specific recipients, e.g. your accountant or your clients if you are an accountant, it can be cumbersome to do this manually every time you send an email to these recipients. In this case you can associate a predefined password for specific recipients.
To enable this, log in to your Mailgate account, click here for instructions, and then do the folowing:
- Select End-To-End Encryption from the Home menu.
- Enter the recipient’s email address and the password you want to associate with it in the relevant boxes and press Add.
- Repeat for each email address as required.
Then, when you send an email to one of these recipients, compose your email as normal and do one of the following:
- Include the word
encpass
at the end of the subject, without a password in brackets.- Mailgate will automatically apply the predefined password to the encrypted email.
- Include
encpass(magicWord2020)
at the end of the subject, to apply a one-off password as explained above. - include neither of these to send a normal unencrypted email.
Ignore the references to sensitive data on the web page as it doesn’t apply.
Note that predefined passwords can only work with one recipient in the message, not multiple recipients.