Email encryption is one of the most misunderstood and complex fields of data security, with many companies either using it incorrectly or not using it at all. However, it remains the most secure way to send data across the Internet, with various protocols securing data against cyberattackers and other threats.
Today, there are five main types of email encryption, which fall into two distinct categories.
Marketing Technology News: Mediaocean and Boostr Partner to Accelerate Deal Workflow
Transport Level Encryption
This type of encrypted email secures data during transport but not necessarily before or after transit. This constitutes the most affordable type of email encryption but is slightly less secure than end-to-end.
This type of encrypted email secures data at both the source and the destination. This means emails are encrypted before they are sent out and then unencrypted by the receiver at the other end. This is the most secure type of encrypted email but is generally more expensive.
Marketing Technology News: MarTech Interview with Michael Kraut, VP of OEM for Automotive at Experian
Encrypted Email — The 5 Protocols
Each of the two main encryption categories contains several different protocols designed to secure data. Here, we look at each in more depth.
1. PGP and S/MIME
The most widely used and, arguably, the most important protocols in end-to-end encrypted email, PGP and S/MIME can be found within many email clients. First released in 1991, PGP (Pretty Good Privacy) is the benchmark that other protocols measure themselves against.
It works by encrypting data with a random key, subsequently encrypted with the receiver’s own public key. These are then sent together, allowing the receiver’s private key to unlock the data to enable random key decryption.
PGP is a decentralized approach to encrypted email; however, S/MIME (Secure/Multipurpose Internet Mail Extensions) builds on this with a centrally managed public key model. This type of email encryption means obtaining a key directly from a certificate authority (CA).
Using TLS (Transport Layer Security), STARTTLS can upgrade plain text into an encrypted email. It does this by requesting encryption while messages are in transit, so both the sender and recipient don’t need to take any encryption steps to enjoy better security.
While this approach helps protect emails against passive monitoring, it can leave data vulnerable to “man in the middle” attacks. However, there are measures that can be taken to protect against this as well.
3. DANE or MTA-STS
While STARTTLS can be a great baseline for email encryption, it is possible to add further layers of protection while messages are in transit. Maximizing the security of STARTTLS is DANE (DNS-Based Authentication of Named Entities) and MTA-STS (Message Transfer Agent Strict Transport Security).
Simply put, DANE prevents STRIPTLS attacks, where cybercriminals “strip” away the TLS protocol to access data. MTA-STS does something similar, however, it relies on a certificate authority and TOFU (Trust On First Use) systems.
Bitmessage is intrinsically tied to Bitcoin. The system is based on the currency’s design and features powerful security tools, including decentralization, hermetic encryption, hidden sender and recipient, trustless frameworks, and POW (Proof of Work) requirements.
Offering end-to-end encryption, it uses peer-to-peer authentication just like the cryptocurrency and is extremely popular with individuals and small businesses.
5. GNU Privacy Guard
GnuPG (GNU Privacy Guard), often shortened to GPG, is a hybrid encryption model that uses both a public key and symmetric key cryptography. This increases speed and ease of use, generating a pair of asymmetric keys distributed to both sender and recipient.
Free to use but open to threats when public keys are shared, safe identity protection must be practiced when using this protocol to increase security.
Encrypted Email – The Bottom Line
These five encrypted email tools and protocols are currently the go-to options for both individuals and businesses around the world. However, new technologies are being developed all the time, so it’s a good idea to check out what is currently on the market before diving in.
Marketing Technology News: In a Privacy-First World, A Data Management Strategy is Essential