encrypted email

I need to encrypt our email. We do not have Microsoft exchange.  Is the encryption done from the web hosting provider? or from the tool people use to send their email? Outlook express, outlook, smartphomes, Iphones?

Thanks, Tom
Who is Participating?
Dave HoweConnect With a Mentor Software and Hardware EngineerCommented:
As always, the key to encrypted mail isn't what you can send, but what the intended recipient can recieve.

Contact your intended correspondents, and find out what forms of security they can support. The elephants in the room are

a) S/MIME (built into almost all email clients)
b) PGP (theoretically more secure, but in practice works much like s/mime, but needs an add-on to be used)
c) TLS (don't encrypt email, encrypt the transmission of email between your servers and theirs.

of course, having [c] requires you have some form of mail server to do that for you - that's not a major issue (exim for example is free, can be appropriately configured, and will run on windows if you install cygwin) but you may have a non-exchange mailserver already, the question doesn't say :)

In any case, step one is to contact those you wish to exchange secure mail with, and find out what they can support. then you can make an informed choice or choice(s) (I know we here have to support several methods, as not all our correspondents share a single choice)
Paul MacDonaldConnect With a Mentor Director, Information SystemsCommented:
Daniel HelgenbergerCommented:
As DaveHowe did a very good listing of your options, let me add something:

his option [a], S/MIME is in my opinion the only feasible way to implement real mail encryption -for instance and with mobile phones you cannot just install PGP while I have yet to find a mail client which does not support S/MIME.

Most mailservers do a TLS transport encryption nowadays but emails are stored in plain text.
PGP and s/mine will change that, the emails may then be stored in an encrypted format; using certificates (PKI) to encrypt/decrypt messages. I recommend S/MIME, since as DaveHowe pointed out
But there is one major drawback: Since the encryption is done by the mail client obviously, you will not be able to read encrypted mails in a web browser any more or on a Web App. Exchange tried to do that, but it was only working on IE with a special plugin. OWA 2013 does not support S/MIME any more.

To make it work you need to setup a PKI, or enroll in often free certificates from a CA provider. StartSSL and Comodo offer free email certificates.

Here is a good (and free) way to setup s/mime on an iPhone (use google translate, its german...):
Dave HoweSoftware and Hardware EngineerCommented:
which is why tls (and using imaps/pop3s rather than unencrypted protocols; most phones support those) is a good choice - the mail is stored plaintext, so no cryptokeys to support for regulatory processes, easier backups, and so forth.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.