Email leaks over the last five years have caused rising concern among email users about the privacy of their communications. We need to protect our emails. When looking at secure email vs. encrypted email, is there any difference?
Secure email and encrypted email are not the same. Secure email is the security of the connection used to send or receive emails, and every step has to be secured to make it effective. Encrypted email is when the message itself is encrypted so that the intended recipient alone can open it.
As with all types of security, why use only one method to secure your data when you can use more than one technique and ensure even better security? Secure and encrypted emails are equally important components to keep your email messages safe and private conversations private. So what is the difference between secure email and encrypted email really?
Secure Email – Sending And Receiving Email Over A Secure Network
There are essentially seven steps in the process of sending and receiving email:
- The sending device (your computer, smartphone, etc.)
- The internet (between your device and the email server)
- Your outgoing email server (usually called an SMTP server)
- The internet again (between your outgoing server and the recipient’s incoming server)
- The recipient’s incoming mail server (often called a POP3 or IMAP server)
- The internet, yet again (between the recipient’s incoming mail server and the recipient’s device)
- The receiving device (recipient’s computer, smartphone, etc.)
You can configure your email client (the email software installed on your own devices) to use secure email. Using either SSL or TLS technology ensures that the email is sent securely between your device and the mail server. Most mail servers also use TLS or SSL connections to send email securely between the two servers, keeping your mail safe while in transit over the internet.
The problem with secure email is that it has two significant points of weakness:
- Most email servers still store emails in plain text format. This means that, even if your email is sent over a secure SSL or TLS connection, anyone who can access the server itself can access and easily read your email messages. The secure connection alone does not ensure that the emails are entirely secure while they’re on either of the servers.
- Your connection may be secure, but there’s no guarantee that the recipient’s email client software is configured to use secure email. This means that the email can be exposed over the internet at any point between the recipient’s incoming mail server and their device. Since there are often other servers along the path, there’s ample opportunity for a leak.
The good news is since we’re looking at secure email vs. encrypted email, these points of weakness can be resolved using encrypted email.
Encrypted Email – Make The Email Unreadable Except To The Recipient
Encrypted email essentially means that instead of being sent in plain text, the email message is first encrypted (scrambled) on your device’s email client using an encryption key. The encrypted message is then sent over the internet (preferably still using secure email connections), from step 1 to step 7, while keeping its encryption. It is only decrypted to be read once it arrives on the recipient’s device.
Using encrypted email means that your message is secure, no matter at what point the security of the email connection may fail. Even if someone manages to access one of the mail servers or hijack the connection to intercept communications, the email message will be unreadable unless they break the encryption, which can be more complex than many think.
Making Sure That You Are Using Encrypted Email
Many email services automatically use encrypted email if you are sending it to another address using the same service. These include Protonmail, Tutanota, iCloud Mail, Gmail, and Microsoft 365 Exchange (formerly Microsoft Office 365). If you’re using one of these services and sending mail to someone else on the same service, your email will automatically be encrypted.
There are also dedicated services like Mimecast to encrypt your email messages. Mimecast will control the email and ensure it is encrypted from start to finish while also sending it using secure email to add extra security. This is a paid third-party email service, but it’s well worth the expense for businesses or if you’re dealing with highly sensitive conversations in your emails.
Most modern email clients, like Microsoft Outlook, can also send encrypted email using an email encryption protocol like S/MIME, PGP, or TLS. The crucial thing to keep in mind if you activate this option is that the email recipient’s mail client software has to support the same email encryption protocol, or they won’t be able to access or read the email either.
The process of enabling encrypted email in your client will differ from software to software and between different operating systems. In Microsoft Outlook, for example, you can go to your Account settings, choose the email account, click on security, and tick the “Always encrypt outgoing messages” box. This way, all your outgoing emails will be encrypted automatically.
Making Sure That You Are Using Secure Email
This process will also be different for each email client and operating system. Using Outlook as an example, you can go to your account settings, select the account you want to check, and choose Server Options. If the incoming and outgoing servers are both set to use SSL or TLS, then you are fine; you are sending and receiving emails using secure email.
If not, you should rather change it. Find out from your email provider or ISP what the correct port numbers are, but usually, the secure ports are:
- SMTP (Outgoing Mail): port 587
- IMAP (Incoming mail): port 993
Remember that most specialized email services, like Microsoft 365 Exchange, iCloud Mail, or Gmail use their own port numbers. Often, there is no configuration necessary – it is automatically set to use secure email and encrypted email. If you can’t find the settings, it may already be secure by default. Just check with your email service provider to make sure.
Secure Email Vs. Encrypted Email – Which Is Most Important?
Asking this question is like asking, “Wearing my seatbelt or inflating my car tires, which is most important?” Both can ensure that you reach your destination safely but in very different ways. Similarly, both encrypted email and secure email are essential because though they aim to achieve the same purpose, their methods are very different.
At the very least, you should use secure email. The limited protection it offers is much better than no protection at all. But if you can, you should use encrypted email, especially if you have sensitive conversations. Unless the recipient definitely won’t be able to open encrypted emails, in which case you probably shouldn’t be sending them sensitive emails after all.
Why use one layer of protection when you can have two? Secure email and encrypted email are two very different things, and to get the best security, you really should use both. Using a third-party encrypted email platform like Mimecast may be the absolute best option to keep your email conversations private, but if you can’t do that, at least use the options that you already have.