Email Encryption

Posted on 2005-04-26
Last Modified: 2010-08-05

I am wanting to encrypt the emails sent between 2 sites in the company i am working for. I dont know too much about encryption for email, and i was hoping you all could put forward some suggestions.

Currently what i have

I have 2 windows 2000 networks running as workgroups
I have 2 websites hosted by the same company each with email addresses, one will have SSL in 2 weeks.
Both sites are hosted on Linux servers and i believe use Squirel Mail (or something like that)
All clients use Outlook 2003
All clients are using Win XP Pro
We are on an ADSL internet connection

What i am wondering is:

What would be the most secure way to handle email encryption.
what would be the most cost efective way to handle email encryption.

Im sorry if this seems vague but as far as email encryption goes i dont really know where to start.

Gavin McMillan
Question by:gavinandrewmcmillan
    LVL 5

    Expert Comment

    This may be your answer...
    LVL 7

    Expert Comment


    actually you have two (more or less) costeffective possibilities:

    - Using PGP (or better GnuPG, as it's free) -->
    - Using X.509 certificates

    the former one can be implemented very quickly, just generate a private/public key pair on both sides and then cross-sign the public keys.
    Now you can use A's public key to encrypt and B's private key to sign B's mail destined for A.

    For using X.509 certificates, both sides have to sign up for a certificate on a well known certification authority (CA), for example Trustcenter, VeriSign,...
    As these certificates are bound to your identity and the CA guarantees that you are the person you pretend to be, you have to proof your identity against the CA, which is done via post-ident at your local post office in most cases.


    LVL 4

    Accepted Solution


    Those two are the ones i recommend.
    Both are different however. The first one automaticly encrypts every e-mail sent to the other, and when it arrives there, its decrypted (so while its on its way to the target, its unreadable text.) Its easy to use, but i dont exactly know how secure it really is.

    The second is more a heacy duty one. As the text explains, 1303 32 bits numbers are generated, of which 768 are selected to really do the encryption. As they claim (which is true, if you do a little mathimatical calculation) This is almost unbreakable, since not all data counts in. The only "Catch" however, is that both sides need the decryption key, and its a 1 time only key.

    Now, which one would i advice? well... depends on your needs. The first is a lot easier, but also less secure. The second is really hard to crack, but you need the key. It all depends on what you need, both how strong and how easy to use.
    LVL 51

    Expert Comment

    no new links, but a brief description of the difference of the previous given suggestions.

    First you have to tell us if you just wont to crypt the traffic between your own servers and clients (see 2. below), or also crypt traffic to any other recipient (see 1. below).

    1. if you need a general purpose solution, you best go with PGP and/or GnuPG
      While GnuPG is free, PGP is well integrated on (all) most M$ platforms.

    2. here you need to decide if you want to encrypt all traffic, or just the email content
      for traffic use VPN or other secure tuneling protocols (SSL, IPSec), that means that you just setup trusted tunnels between your (remote) servers
      If you want to encrypt the mail content you can use PGP/GPG as described in 1. above
      or probably more effectiv PGP's "PGP Universal" (see

    If you accept proprietary solutions the snapfile tools might do the work too.
    LVL 12

    Expert Comment

    Depending on the data traffic it might be a good idea to set up a VPN or go for the even more secure (but more expensive) private (rental) line.
    LVL 51

    Expert Comment

    > .. private (rental) line.
    == leased line ?
    what should be more secure on a leased line?
    Or does the provider realy enshure that it's a point-to-point wire without any posibility to just clip a sniffer on it somewhere? I doubt.
    IMHO there is no ig advantage for a leased line to a simple connection over internet.
    Encryption makes traffic more secure, in both cases.
    LVL 12

    Expert Comment

    >>Or does the provider realy enshure that it's a point-to-point wire
    >>without any posibility to just clip a sniffer on it somewhere?
    Nope LOL

    But at least that way you are protected from users from the internet. And clipping a sniffer is mostly too much of an effort.

    But you could always point back to "Nothing is 100% secure."
    LVL 51

    Expert Comment

    > .. clipping a sniffer is mostly too much ..
    hmm, I'm just thinking about my phone wires arround my house and in the street, there is no protection at all, and one of them then is the leased line. Click. Who cares?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now