How To Secure Emails?

Questions and answers about email security.

There are two major ways to secure emails:

  • using an email client that provides the necessary security
  • using encryption to secure the content of the emails itself

It is always best to receive and send emails in pure text format as it was intended during the initial days of email and email communications design. With the addition of HTML or in other words multimedia emails, there is always a risk of receiving some malicious code along with the text of the email. Most email clients are known to stop such kind of malicious code but it seems safer to receive emails only in textual format. If HTML can be eliminated from emails, half of the work is done.

The other half of the issue is with the attachments that come along with emails. To protect from attachments that might be malicious, below are some basic rules:

  • Make it a rule not to open any attachments included in unexpected emails
  • Make it a rule not to open any executable file until and unless there is 100% confidence in the file and the source of the email
  • Make it a rule not to open any attachments from unknown senders
  • When posting on forums and subscriptions, use free webmail accounts

It is not always enough to use a secure client, using only text based emails, and choosing not to open attachments from unknown sources. There must be additional layers of security to be put in place to effectively stop spam and to block attachments that are infected. The use of antivirus, anti-spyware and spam filtering solutions along with the above three mentioned points would definitely increase the security of the computer system along with effectively blocking malicious email attachments, spam and unwanted emails. With the use of a multi-layered defensive approach, almost 99% of emails will be secured and the email security will be kept at the highest level.

The use of digital certificates while composing emails is one way to encrypt them before sending them out. There are options of either signing the email to just make the receiver aware of the authenticity of the email or to encrypt the complete email so that only the intended recipient can decrypt the email and read the contents. There are alternatives to buying an individual digital certificate wherein a Public Key Cryptography (PKI) infrastructure can be deployed to encrypt and sign emails for confidentiality and integrity purpose. Many organizations at present have started adopting PKI and have been harvesting the benefits of PKI like encryption, non-repudiation, integrity protection, etc.

Another option for securing emails is to use PGP (Pretty Good Privacy). PGP involves sharing keys between two users before they can send or receive emails. PGP is free and is widely used across the glove for encryption emails before being sent.

The final option is to use third party email security solutions that allow for encryption of emails before they are sent to the recipient through the use of SSL (secure socket layer) technology which is provided over HTTPS protocol.

More security questions & answers