Encrypting all email communications is not an easy task
The problem is that most cryptographic tools that can be used for e-mail have serious flaws. Let’s figure out which letters should be encrypted when sending and how best to do it.
GMail and other large services can encrypt outgoing mail using SSL, TLS, S / MIME protocols. But this does little in terms of security. First, letters are protected only along the route from the user’s device to the server. The information they contain is available to employees of the company that provides e-mail services. It can be transferred to law enforcement agencies upon request, or sold to third parties.
Secondly, when sending a letter to several recipients, the message is encrypted according to the capabilities of the mailbox with the weakest cryptographic protection. That is, if encryption is not supported by the mail of at least one of the respondents, your outgoing message will not be encrypted at all.
What emails should be encrypted
Let’s figure out what information should be encoded:
- Data of commercial value.
- Personal confidential information, especially related to payment services.
- Documents, photographs.
- Data that can be used as compromising material.
Actually, it is better not to trust this information to e-mail services at all.
How you can encrypt emails
Common disadvantages of cryptographic services and applications:
- Hardware and software limitations. That is, if a Chrome extension is used, the recipient must also have a Google browser with the same extension installed. Mobile apps and desktop tools have the same problem.
- Binding to a specific device. That is, if you work with a PC program, you can only receive and send encrypted messages on this computer. It is easier with online services, but they are insecure by themselves.
- The need to send a decryption key to the recipient. If you send the code in clear text by mail, attackers can gain access to protected information. If you transmit it through a more reliable communication channel, then why not use this channel for the information contained in the letter?
Here are the most popular cryptographic tools for sending email if you still need to use this method of transmitting information:
- ProtonMail online service and mobile apps for iOS and Android. The service does not support POP3 and SMTP, but you will have to work with it through a VPN.
- SecureGMail and FlowCrypt extensions for Google Chrome.
- The Encrypted Communication extension for Firefox works with web-based email services.
- Mailvelope extension for Chrome and Firefox.
- PGP application for Windows.
As we said, it is best not to send critical information by email at all. Even though it is protected in transit, hackers can gain access to it using a public Wi-Fi network or using spyware installed on your device or computer of one of the recipients of the correspondence. There are other potential threats that translate the issue into the complex security of the sender’s and recipient’s work environment.