Email encryption

How does email encryption software work?

by Egress
Published on 17th Sep 2021

Email encryption is an information-security control used to protect the contents of an email, like the message body and attachments, from unauthorized access. It refers to messages in transit to recipients over the internet or through a public or private network. When encrypted, an email is non-accessible, and the message scrambles into unreadable text.  

Two main encryption methods

You can set up email encryption using email encryption software, either from a third-party software provider or built into the email system. In terms of the types of methods for email encryption, the two main ones are transport layer security (TLS) and end-to-end encryption. 

While both methods use cryptography to make email data non-accessible, their processes are slightly different. For TLS, an email is encrypted by a sender and then decrypted at the email server. It also requires the recipient to use TLS for continuous encryption until they receive it as the end-user.

For end-to-end email encryption, the email encryption is continuous until the end user's device receives it (hence the end-to-end), where it then must be decrypted by the user. End-to-end generally requires more effort but offers a more secure email transit.    

Private and public encryption keys

The email encryption process works by requiring the sender and recipient of an email to have what's known as a "key" to receive, access, and send the email. Essentially, the key is how an email is encrypted and decrypted. It's good to think of the encryption key as a physical key that locks a door (encrypts) to prevent unauthorized access, then unlocks the door (decrypted) when they need access. 

The key is a series of numbers and letters a sender and receiver must enter for email access. Email encryption also requires using two types of keys, a public and a private one. The public key is known by both parties, while the private keys are each only known to their owner (sender or receiver). The public key is randomly generated and must be shared with both parties. The sender uses the receiver's public key to encrypt the email, and the recipient decrypts it using a private key. 

Email encryption example 

Jim is looking to send a sensitive email to Jane. He drafts his email, adds Jane as the recipient then elects to send it encrypted. (Please note that the steps to use email encryption can differ depending on the email system and encryption software in use). 

Upon sending the email, a public key is generated for both parties that must be shared. Once shared, Jim uses Jane's public key to encrypt the email, then Jane can decrypt it with her private key.  

How to overcome email security challenges with encryption  

Email encryption is primarily used to protect the confidentiality of sensitive information to ensure that unauthorized parties cannot view or alter the data in any way. One extended benefit of using encryption is that if the data can't be accessed, it can't be altered, keeping its integrity. Another security benefit of encryption has to do with the use of digital certificates.  

Encryption uses public key infrastructure (PKI) to manage digital certificates and public keys. Because of this system, email accounts can be assigned digital certificates that authorize that the sender is whom they say they are. 

This system can help prevent targeted business email compromise (BEC) scams,, where a sender pretends to be someone else to acquire credentials or have money transferred to them. BEC scams are typically incubated through email account "spoofing" or through malware deployment. 

Of course, by now, you may have seen an issue with using public keys as it requires the sender and receiver to exchange public key sequences. Generally, a phone call or separate message would be safer to exchange this type of information. However, there is another optimal solution.    

Symmetric keys

Encryption software products like Egress Protect alleviate these issues by using a symmetric key, which means companies use the same key for encryption and decryption. The key is also automatically shared between the email sender and recipient, making the entire encryption process easy and secure.

Egress Protect can also take this security to another level by adding multi-factor authentication and policy controls for additional layers of email security. Interested in learning more about Protect? Check it out here, or claim a free demo and give it a spin yourself.


What happens when you encrypt an email?

Once encrypted, an email is inaccessible, and the message's plain text remains scrambled until it is decrypted at the email server (TLS encryption) or the end user's device (end-to-end encryption).  

How does encryption work in simple terms? 

Email encryption works by requiring the sender and recipient of an email to have a key, which is just a sequence of numbers and letters used to decrypt a message before receiving, accessing, and (or) sending the email and its attachments. 

How does end-to-end encryption work? 

End-to-end encryption works by having the email sender encrypt the message using a key. It remains encrypted until the end user's device (recipient) has received the message, and the recipient has used their key to decrypt it.

Related articles