Email encryption - password protect

We are using gmail with our own Domain name.

How do we encrypt Outlook 2007, 2010, 2013, 2016 emails so the recipient has to enter a password to open email (w/ or w/o attachments)?

Also, can we do the same within Gmail emails itself via web browser?

Thanks
LVL 1
April33Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AlanConsultantCommented:
Hi,

You can't stop someone from opening an email, but you could encrypt the payload so they cannot read the contents (only the metadata headers etc) without a key (password).

As an example, you could zip your message up and put a password on it, and the recipient needs the password to decrypt the zip file.

Not very user friendly, but you could do that.


If you ran your own servers, and so did your correspondent, you could ensure that all email transactions are encrypted between the servers, but not require a password to actually open the email (say).  Exchange will opportunistically do this by default (at least recent versions will).

If you are concerned that Google can read your emails, then yes - they can.  Whether they would, and in what way (human versus a program / algorithm for example), is another question of course, but they *can*.

Alan.
0
Ricardo Jose Jr. PalmaNetwork and Security ConsultantCommented:
Hi,

You can try to checkout PGP or S/MIME.

If you need a hardware appliance, you can checkout Sophos Mail Appliance.


https://www.openpgp.org/software/
https://en.wikipedia.org/wiki/S/MIME
1
David Johnson, CD, MVPOwnerCommented:
There already is an industry standard called s/mime where both parties exchange certificates, or using Pretty Good Privacy.  Other than that you have to roll your own. With Office 365 you can use Content Protection where the user has to log into a website to view the message.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

AlanConsultantCommented:
Hi,

I was just editing to say about PGP when Ricardo posted, so I won't repeat that again, but just to add that you can also use Addins to Outlook to add that functionality such as this (just one example):

https://www.encryptomatic.com/openpgp/


Alan.
0
Christ HaroldSoftware EngineerCommented:
Dear Author,

In Outlook you can definitely encrypt all of your outgoing emails.

Read this article which explains how to encrypt Outlook Emails in version 2016, 2013, 2010, 2007.

https://support.office.com/en-us/article/encrypt-email-messages-373339cb-bf1a-4509-b296-802a39d801dc

But for Gmail message, you have to install third-party add-ons to encrypt Gmail emails. But I would advise you to use Outlook for same

Thanks & Regards
Christ Harold
Software Engineer
0
arnoldCommented:
To encrypt the recipient has to provide you their public key (pgp, GPG, etc.) or in s/mime they need to provide their personal public certificate licensed for email function. as others pointed whether PGP, GPG or their own certificate, the recipient will dictate how they open whether they have to provide a passphrase or password to allow outlook or their email client to access their respective private key to decrypt the message you sent.

To your more direct question.
Open an editor, create whatever it is you want to email either require a password for the document if available or  zip the document/package as other referenced (payload, item of importance) with a password.
create the email and attach it.
Depending to whom you are sending this, if they have a corporate policy to inspect archives, the password protected will not pass and might not be authorized, captured as a spam, etc.

Many suggestions were included by prior comment, please define more clearly what it is you hope to achieve with your implementation.

The other option, is setup your own secure interface to access emails, and send notices to the recipients who would then have to access your portal to view the message.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jason CrawfordTransport NinjaCommented:
Well when you think about it you do already enter a password before opening an email, sometimes twice.  Once when signing into Windows and possibly a second time when logging on to OWA or Outlook.  If further encryption is required there are a plethora of 3rd party encryption services both on-prem and in the cloud.  Personally I prefer a cloud option like Mimecast or Proofpoint.   The way these work is through the use of an "encryption gateway" outbound email is diverted to either by containing sensitive information or in your case every outbound email.  The recipient receives a notification email and a link to the encryption gateway where they must first register for an account and sign in to retrieve the message.  That's about as close to a password-protected email as you're going to get without using certificates.
1
April33Author Commented:
Thanks for all the replies....  

After looking at the various options I think we are going to just zip all the sensitive information and password protect before emailing out.  

I liked the OpenPGP for Microsoft Outlook by Encryptomatic option but it posed 2 problems for us; not everyone uses Outlook (found out most use browser based gmail)   and the recipient need the software addin in order to decrypt the email.

They already tried Cisco Secured Email and Secured Google Mail.  Neither fully suited their needs.

So with all this, what would be a good zip/encrypt software to use?

Thanks
0
AlanConsultantCommented:
Hi,

Yes - PGP / GPG is excellent, but it does require both parties to be using it and to be somewhat technically adept.

For zipping and encrypting, I would recommend 7-Zip:

https://www.7-zip.org/

It is open source, been around for years, and is rock solid.

You can encrypt the zip files using AES256 which is also a well known and trusted encryption system.

Remember to communicate the password 'out of band' - not using email.

I normally suggest using a string of three or four common words, and pass them over by phone, but anything that works for you and your correspondent is fine.

Alan.
0
April33Author Commented:
Everyone had good ideas but I think Arnold's suggestions of zipping and encrypting was the best for our situation.  
Alan, thanks for the information in 7-Zip. I gave you Assisted points for it and your comments on Encryptomatic Solution.

The Experts Rock!
0
April33Author Commented:
Thanks!
0
AlanConsultantCommented:
Thanks April - Although zipping and encrypting was actually my first suggestion :-)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.