How to Send Encrypted Emails: the old way and the Mailfence way
In today’s electronic world, sending information in emails forms the backbone of most businesses’ day-to-day activities. Emails may contain sensitive data such as company records, business plans, marketing strategies, contract bids, trade secrets, and other private data. Storing your information in email accounts makes you very vulnerable to online criminals. With a computer or even a smartphone and internet connection, cyber predators have all the tools needed to steal anyone’s unencrypted emails. Also, cyber hackers seek out everyday to steal account numbers, social security numbers, credit card numbers, money, identities, and many other forms of sensitive person-identifying information.
It can be catastrophic enough when a company is targeted, but often the same information of clients and business partners is targeted as well, which destroys any business’s reputation and can expose it to serious liabilities. To prevent the fastest growing criminal activity in the world, it is important that we adopt the modern techniques and research-proven tools. Sending encrypted emails is important to keep your electronic data unadulterated and free from online criminals, the NSA, viruses, and all sorts of Internet-based shenanigans.
To secure your email effectively from interception and theft, you should encrypt two things: the connection from an email provider, and email messages.
Encrypting Email Connections
Leaving the connection from your email provider to your computer, laptop, PC tablet or other device unencrypted while you check or send email messages makes you highly susceptible to a cybercriminal attack. To ensure that another person would not be able to eavesdrop on your Internet connection, you need to set up SSL (secure socket layer) or TLS (transport layer security) encryption. If you use an email client program like Outlook to check your emails, or if you use an email app, the principle of configuring SSL/TLS encryption is same for each email client.
To do it:
- Open your app or email program and navigate to the setting menu. There, your account will likely be labeled as IMAP/SMTP, POP/SMTP, HTTP or Exchange account. In the “Advanced” tab you can use encrypted connection (SSL/TLS) for the incoming as well as outgoing emails.
- Tick the check box “This server requires an encrypted connection (SSL/TLS)” which will change the port to 995.
- Make sure that you also select SSL/TLS from the drop down “Use the following type of encrypted connection” and set the outgoing server (SMTP) to 465.
- Click OK to return to the main window and click Next. Now a message will pop up with “View Certificate” option.
- Click on this option and then click on “Install Certificate”. Clicking this will take you to Certificate Import Wizard which will import certificate after you click Finish.
You have successfully setup the SSL (secure socket layer) or TLS (transport layer security) encryption and now your emails are being received and sent in a secure manner.
Encrypting Email Messages
Using email encryption makes a simple and effective way to reduce the risks of cyber thefts. Encryption uses a complex series of mathematical algorithms to protect information. You can encrypt your individual email messages by using an application that protects your email password and other credentials from possible interception by third-party software installed on your system or at any point between that application and your email server.
Sending Encrypted Emails Using an Email Client
To be able to send encrypted emails, you need an email client installed on your system, a plug-in that allows the encryption of emails, and software that allows you to generate a secret and public key and manage the public keys of your contacts.
Thunderbird (an email client) is free software which can be downloaded from the Mozilla project website. Unlike alternative approaches to email encryption services, Thunderbird provides effective security for sensitive data without infrastructure costs typically associated with secure email messaging. You need to configure it to send and receive the encrypted emails. When you launch Thunderbird for the first time, a wizard will pop up asking you to provide it with an email address. If you already have an email, choose “Skip this and use my existing email”. The software automatically configures and retrieves the data from widely used mail servers such as Yahoo, Hotmail, and Google.
PGP (pretty good privacy) is the format that is implemented in Thunderbird to encrypt one’s emails end-to-end. Your email message is encrypted from start to finish and only the receiver is able to decrypt it. PGP protocol does not encrypt the “subject” line and the other header fields of an encrypted email.
With asymmetric encryption, you have your own pair of keys (a public key that you give out and a secret one that you keep). You send your key to an individual who then uses it to encrypt messages he or she will send to you. Only you, with your secret key, can then decrypt a sender’s message. The sender, with his own pair of keys, in turn sends his public key to you, and you can then reply to his messages in complete privacy. Checking the public key and protecting the secret key are very important for maintaining the integrity of asymmetric encryption. Also, GnuPG is the most known command-line tool to generate a pair of keys and manage the encrypting keys of its correspondents. You can find its free GUI based implementations online such as Gpg4win.
After downloading and installing Gpg4win on Windows, install the Enigmail plug-in for Thunderbird. Go to the Thunderbird menu “Tools” and click “Add-ons”, which opens the plug-ins window. Next step is to type “enigmail” in the search bar present on the upper right corner and click the search button. It will display the enigmail plug-in with its version number. Click the “install” button. Once enigmail has been installed, relaunch Thunderbird.
PGP Key Generation
In order to encrypt your email messages, you need to generate a public key and a private key. This can be achieved easily in Thunderbird by choosing OpenPGP setup wizard. Once the wizard has been launched, choose the default option “Yes, I want to sign all of my email”. This will authenticate that all your outgoing emails use your private key. OpenPGP setup wizard will take you to Encryption window where you should select “No, I will create per-recipient rules for those that sent me their public key”. This will ensure that you enable encryption only for those who have your public keys. Click “Next” and it will take to Preferences window. Click “Yes” to change your email settings such as default formatting which allows OpenPGP work more reliably. If you have no PGP key, the next screen will ask you to create a new key pair. Select the radio button “I want to create a new key pair for signing and encrypting my email”. Next, OpenPGP setup wizard will ask you to create a key to sign and encrypt email, or to read emails that are encrypted. Enter a password in both fields. To launch the creation of your PGP key, click “Next”.
How to Send Encrypted Emails
To send an encrypted email in Thunderbird, click the “write” button to open a message window. At the bottom right of the window, there are two symbols, a pencil and a key. Click on the key to encrypt a message. If you click on “send” and you have not retrieved the receiver’s public key, Thunderbird will suggest you to “Download missing keys”. A window appears showing a choice of servers that host public keys. Choose one of the servers and click OK to download the key. You can also import addressees’ key by asking them to send it to your email address and provide you with the fingerprint. The fingerprint constitutes of a unique number that allows you to identify a public key. The receiver’s key will now appear in the list offered by the application. Select it and click OK. If you have protected your own key with passphrase (password), a mini window will ask you to enter your password to sign the message using your private key. Enter the password and click OK to send your email securely.
The above mentioned daunting list of tasks for generating OpenPGP keys and sending end-to-end encrypting emails are now being simplified and can be accessed from your very own Mailfence – a secure and private email service account, without any third-party add-on/plugin dependency.
A complete “how to/user guide” can be found here.