How to Send Encrypted Emails: the old way and the Mailfence way

mailfence secure encryption

Table of Contents

Share this article:

In today’s electronic world, sending information in emails forms the backbone of most businesses’ day-to-day activities. Emails may contain sensitive data such as company records, business plans and other private data. Storing your information in email accounts makes you very vulnerable to online criminals. With a computer or even a smartphone and an internet connection, cyber predators have all the tools they need to steal anyone’s unencrypted emails. Also, cyber hackers seek out everyday to steal forms of sensitive person-identifying information. Such as credit cards and social security numbers.

Mailfence - Get your free, secure email today.

4.1 based on 177 user reviews

Mailfence - Get your free, secure email today.

4.1 based on 177 user reviews

When a company is targeted, often the information of clients and business partners is targeted too. As a result, this destroys any business’s reputation and can expose it to serious liabilities. To prevent the fastest growing criminal activity in the world, we must adopt modern techniques and research-proven tools. Send encrypted emails to keep your electronic data free from online criminals and all sorts of Internet-based shenanigans.

To secure your email effectively from interception and theft, you should encrypt two things: the connection from an email provider, and email messages.

Encrypting Email Connections

Leaving the connection from your email provider to your devices unencrypted while you check or send email messages makes you highly susceptible to a cybercriminal attack. To ensure that another person won’t eavesdrop on your Internet connection, you need to set up SSL (secure socket layer) or TLS (transport layer security) encryption. If you use an email client like Outlook to check your emails, or if you use an email app, the principle of configuring SSL/TLS encryption remains the same.

To do it:

  • Open your app or email program and navigate to the setting menu.  There, your account will likely be labeled as IMAP/SMTP, POP/SMTP, HTTP or Exchange account. In the “Advanced” tab you can use encrypted connection (SSL/TLS) for the incoming as well as outgoing emails.
  • Tick the check box “This server requires an encrypted connection (SSL/TLS)” which will change the port to 995.
  • Make sure that you also select SSL/TLS from the drop down “Use the following type of encrypted connection” and set the outgoing server (SMTP) to 465.
  • Click OK to return to the main window and click Next. Now a message will pop up with “View Certificate” option.
  • Click on this option and then click on “Install Certificate”. Clicking this will take you to Certificate Import Wizard which will import certificate after you click Finish.

You have successfully setup the SSL (secure socket layer) or TLS (transport layer security) encryption and now your emails are being received and sent in a secure manner.

Encrypting Email Messages

Using email encryption makes a simple and effective way to reduce the risks of cyber thefts. Encryption uses a complex series of mathematical algorithms to protect information. You can encrypt your individual email messages by using an application that protects your email password and other credentials from possible interception by third-party software installed on your system or at any point between that application and your email server.

Sending Encrypted Emails Using an Email Client

To send encrypted emails, you need an email client installed on your system, a plug-in that allows the encryption of emails. and software that allows you to generate a secret and public key and manage the public keys of your contacts.

Thunderbird (an email client) is free software that you can download from the Mozilla project website. Unlike alternative approaches to email encryption services, Thunderbird provides effective security for sensitive data without infrastructure costs typically associated with secure email messaging. You need to configure it to send and receive the encrypted emails. When you launch Thunderbird for the first time, a wizard will pop up asking you to provide it with an email address. If you already have an email, choose “Skip this and use my existing email”. The software automatically configures and retrieves the data from widely used mail servers such as Yahoo, Hotmail, and Google.

PGP (pretty good privacy) is the format that Thunderbird implements to encrypt one’s emails end-to-end. Your email message is encrypted from start to finish and only the receiver is able to decrypt it. PGP protocol does not encrypt the “subject” line and the other header fields of an encrypted email.

How to encrypt emails with an email client

With asymmetric encryption, you have your own pair of keys (a public key that you give out and a secret one that you keep). You send your key to an individual who then uses it to encrypt messages he or she will send to you. Only you, with your secret key, can then decrypt a sender’s message. The sender, with his own pair of keys, in turn sends his public key to you, and you can then reply to his messages in complete privacy. Checking the public key and protecting the secret key are very important for maintaining the integrity of asymmetric encryption. Also, GnuPG is the most known command-line tool to generate a pair of keys and manage the encrypting keys of its correspondents. You can find its free GUI based implementations online such as Gpg4win.

After downloading and installing Gpg4win on Windows, install the Enigmail plug-in for Thunderbird. Go to the Thunderbird menu “Tools” and click “Add-ons”, which opens the plug-ins window. Next step is to type “enigmail” in the search bar present on the upper right corner and click the search button. It will display the enigmail plug-in with its version number. Click the “install” button. Once enigmail has been installed, relaunch Thunderbird.

PGP Key Generation

In order to encrypt your email messages, you need to generate a public key and a private key. This can be achieved easily in Thunderbird by choosing OpenPGP setup wizard. Once the wizard has been launched, choose the default option “Yes, I want to sign all of my email”. This will authenticate that all your outgoing emails use your private key. OpenPGP setup wizard will take you to Encryption window where you should select “No, I will create per-recipient rules for those that sent me their public key”.

This will ensure that you enable encryption only for those who have your public keys. Click “Next” and it will take to the Preferences window. Click “Yes” to change your email settings such as default formatting which allows OpenPGP to work more reliably. If you have no PGP key, the next screen will ask you to create a new key pair. Select the radio button “I want to create a new key pair for signing and encrypting my email”. Next, OpenPGP setup wizard will ask you to create a key to sign and encrypt email, or to read emails that are encrypted. Enter a password in both fields. To launch the creation of your PGP key, click “Next”.

How to Send Encrypted Emails

To send an encrypted email in Thunderbird, click the “write” button to open a message window. At the bottom right of the window, there are two symbols, a pencil and a key. Click on the key to encrypt a message. If you click on “send” and you have not retrieved the receiver’s public key, Thunderbird will suggest you to “Download missing keys”. A window appears showing a choice of servers that host public keys. Choose one of the servers and click OK to download the key.

You can also import addressees’ key by asking them to send it to your email address and provide you with the fingerprint. The fingerprint constitutes of a unique number that allows you to identify a public key. The receiver’s key will now appear in the list offered by the application. Select it and click OK. If you have protected your own key with a password, a mini window will ask you to enter your password to sign the message using your private key. Enter the password and click OK to send your email securely.

Pingback/Update: 

The above mentioned daunting list of tasks for generating OpenPGP keys and sending end-to-end encrypting emails are now being simplified and can be accessed from your very own Mailfence – a secure and private email service account, without any third-party add-on/plugin dependency.

A complete “how to/user guide” can be found here.

Follow us on twitter/reddit and keep yourself posted at all times.

Reclaim your email privacy.
Create your free and secure email today.
Picture of Patrick De Schutter

Patrick De Schutter

Patrick is the co-founder of Mailfence. He's a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.

Recommended for you