Solved

I need suggestions for programs to use to encrypting email from Outlook 2013

Posted on 2014-10-18
15
183 Views
Last Modified: 2014-12-20
I need suggestion for software that I can use with Outlook 2013 to encrypt email.  There is no exchange server involved

Not really sure what other information to post, so if you need more information let me know

Thanks
0
Comment
Question by:c7c4c7
  • 5
  • 3
  • 2
  • +3
15 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40389523
You know that the receiving party has to have the same program so they can decrypt the email to read it?
0
 

Author Comment

by:c7c4c7
ID: 40389535
No, my understanding was if they had access to the public key they would be able to decrypt the message.  Are you saying there is no standards for encrypting and decrypting email and everyone does their own thing?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40389554
s/mime encoding using a certificate and pretty good privacy (symantec) come to mind.
0
 
LVL 2

Assisted Solution

by:FocIS
FocIS earned 250 total points
ID: 40389559
is it your intention to encrypt during transmission, or encrypt so it arrives encrypted and only someone with a password can read it?

if you want to encrypt during transport, there are a few really nice 3rd party providers who will mailbag your outgoing emails (you send to them by SSL) and retransmit those emails ONLY by SSL to the mail server of your recipient - if the recipient doesn't support SSL transport, it'll send them a plaintext email with a link to where they can download what you sent (by SSL in a browser).

this should satisfy HIPPA/PCI compliance but doesn't keep it locked/private once received (or in your own sent folder)

also, you said "if they had access to the public key they would be able to decrypt the message" - your thinking is backwards - everyone has access to the public key, that's how they ENCRYPT an email TO YOU.  you would encrypt your message to them by using their public key

your public key and your sent email only proves you sent the email it doesn't encrypt it
0
 
LVL 2

Expert Comment

by:FocIS
ID: 40389562
one 3rd party mailbag service i reviewed last month is www.mycloudstar.com - it looks really slick and the average cost is around $5/user/month

this ensures encrypted transmission from you to outside parties but doesn't leave it encrypted in your sent folder or in their inbox, only during transport

on the plus side, no passwords, keys, exchanges, etc... which means you can send to literally any email address on the fly

plus you can set rules in their control panel - encrypt only if the subject/body contain keywords, sensative info patterns (ssn/cc) etc
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40389581
There are several methods for encrypting emails.  The same method must be used at both ends.  There isn't just one standard method.

HIPPA/PCI compliance can not be satisfied on a computer or server that "non-authorized" people have access to.  Both standards require physical security as well as encryption of transmissions.
0
 

Author Comment

by:c7c4c7
ID: 40389582
I tried symantec but had a problem when sending an email that had a mix of recipients, 1 encrypted and 1 unencrypted.  The problem was that if both recipients went through Gmail the encrypted email was thrown away because both messages had the same message id and Gmail thought the second was a duplicate, which always seem to be the encrypted email.

I'll have to ask about the email being in the inbox and sent box unencrypted, but it is interesting.  Does the person receiving the link have to authenticate to see the email

We wanted the email to be encrypted when it sent and arrives and while it was in the client so we didn't have to worry about laptops.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 2

Expert Comment

by:FocIS
ID: 40389588
"I'll have to ask about the email being in the inbox and sent box unencrypted, but it is interesting.  Does the person receiving the link have to authenticate to see the email"

you can choose this in the control panel of the 3rd party - default is no, because you would still need to get the password to them, and presumably if they have access to the inbox which would have received the email in the first place where they got the link... they would have seen the email anyway

this setup doesn't encrypt the emails in sent or inbox, only during transmission - though you should already be using a form of whole-disk encryption on the laptops anyway (truecrypt, bestcrypt, drivecrypt, etc)
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40389691
OK, probably best if we take this from the top.

For almost all email security solutions (including S/Mime, which is *built into* outlook so you don't need to buy any other product) the recipient must first generate a keypair, send the public key to the sender, and keep the private key. For S/Mime, CAs would usually advise that you go with purchasing those from them, but in fact, the Microsoft CA can auto-generate certificates for exchange users (so if your correspondent has exchange, they can go this route) or you can generate your own with the free tool HERE

However, the key (no pun intended :) is to have the public key for your intended recipient before you begin; for this therefore, you should verify with those recipients what solutions they support, and obtain their public key (if they already have pgp, then you may need to purchase this to be compatible with their current usage, but usually they will be happy enough to go with self-generated S/Mime certificates)

Now, you *can* also go for the forms of mail encryption that don't require this; symantec (with their pgp universal), cisco (with ironport CRES), zixmail (with a range of products from single-host software to appliances) and Microsoft (with their hosted encryption solution recently renamed to Office365 encryption) all have offerings in this space - they aren't cheap, but they rely on the recipient setting up a login to decrypt their encrypted mail after receipt; for all but the symantec solution, that account will be with the vendor (who therefore has access to the mail stream should they choose to abuse that) - symantec's pgpu has an appliance on your own site that handles that for you locally.

But all that said... your next step is to go have a word with your recipients, suggest that if they don't have a solution already that they adopt S/Mime (because its free and they already have the software!) and get back to us if you have any problems with either that, getting your keys generated, or need advice on getting some other solution to work that your recipients have already adopted.
0
 
LVL 6

Expert Comment

by:Wylie Bayes
ID: 40390002
0
 

Author Comment

by:c7c4c7
ID: 40393674
Email has to be encrypted in the sent and inbox.  If it is on a laptop and gets stolen it cannot be in plain text
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 250 total points
ID: 40393750
Then you need hard disk encryption on the laptop
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 40394301
Really, as David suggests you should be looking at FDE for laptops - there will be other sensitive data on there as well as email. However, it is worth nothing that S/MIME encrypted messages are stored encrypted and decrypted only when displayed - you can set the client to prompt for a password before that happens also if you specify this when importing the pfx file containing certificate and secret key.

You can try this *for free* for yourself - download the xca tool and create two pfx (pkcs#12) files - one for your email account, one for a second (test) account.  Import each into a separate laptop (literally, you can just double-click the things) and try sending encrypted mail back and forth from outlook.

Note, to send encrypted mail with outlook/smime you need the recipient's certificate first. easiest way to get the certificate to a remote user is to send a signed email, but in this case, you can simply export a pem copy of the certificate (again, from xca) and import that when importing the pfx.
0
 

Author Comment

by:c7c4c7
ID: 40394968
FDE is under way separate from the email question, like you say there is other sensative data on the machines.

 I am going to take Dave and Wylie's suggestion and work on the s/mime implementation.  It will take me a few days to work through the testing and then I will be back

Thanks
0
 

Author Closing Comment

by:c7c4c7
ID: 40511348
Went with the 3rd party and FDE encryption due to the number of different people we have to deal with and not being able to control what the other party wanted to use to ebcrypt email

Thanks for the help and sorry I didn't get back to you earlier
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now