eMAIL Encryption with SSL

Email encryption is encryption of email messages to protect the content from being read by other entities than the intended recipients. Email encryption may also include authentication.

Email is prone to disclosure of information. Most emails are currently transmitted in the clear (not encrypted). By means of some available tools, persons other than the designated recipients can read the email contents. Email encryption has been used by journalists and regular users to protect privacy.

Email encryption can rely on public-key cryptography, in which users can each publish a public key that others can use to encrypt messages to them, while keeping secret a private key they can use to decrypt such messages or to digitally encrypt and sign messages they send.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are methods of encrypting traffic from one point to another, similar to the way your data is transmitted from your browser to your bank’s website. TLS is the successor to SSL, but the differences between the two are negligible in most cases, and as a result the terms are commonly fused together. For the most part, normal email communications are not encrypted at all. By using SSL email or TLS email, a layer of security can be added to your messages.

If you send your emails without encrypting them then you’re basically sending them in plain text. If the mail happens to be intercepted when en route, it could be easily read by anyone. Using the transfer protocol TLS (Transport Layer Security), the successor of SSL (Secure Sockets Layer), lets you encrypt emails. The user simply presses the ‘send’ button that turns the message into code. After reaching its recipient, the message will then be made legible again with assistance from the matching key.

Secure emails: a question of encryption

Without encryption the contents of an email are about as safe as the contents of a postcard. If the postcard falls into the wrong hands, the whole text can easily be read. Efficient encryption systems were developed for this reason and can either produce an encrypted email or encrypt the sending of an email.

In order to encrypt the email yourself, there are useful programs such the open source software PGP (Pretty Good Privacy), which uses asymmetric encryption. Whereas traditional methods for coding and decoding access the same key, asymmetric encryption uses two keys – a private and a public one. The public key can be forwarded uncrypted to the intended contact without worry since only the private key opens the protected emails. Conversely, the user must keep the public key of the contact in order to do their part in encrypting the email.

Alternatively (or additionally) you can use the transfer protocol SSL, or rather TLS, to encrypt the transfer of emails. This method of email encryption is explained more in the following paragraphs.

Secure email-transfer with the SSL protocol

Whether it be a computer, a tablet or a smartphone, sending and receiving emails always requires data exchange between the email server and the appliance in question. By default the emails are sent unencrypted and are therefore in plain text. Even a password for the email program isn’t enough to prevent an attacker from getting their hands on the electronic mail and reading its contents. For this reason you should encrypt business and private emails so attackers have no chance.

The transfer protocol Transport Layer Security (TLS) is the universal tool required for sending email content in a secure fashion. This tool is better known under its former name, Secure Sockets Layer (SSL). An email with SSL or TLS encryption is characterized by its content not being able to be decoded by third parties since they don’t have access to the key required for encryption. Therefore it doesn’t matter whether the email is sent or retrieved through an email client, such as Outlook, or through a web browser. This is due to the encrypted emails being illegible to any snoopers during the whole transfer process between mail server and client (internet browser). The contents are then converted back into plain text when received by the recipient.

Differences between SSL, TLS and StartTLS

Nine months after the release of the first web browser, Netscape Communication released the first version of the encryption protocol SSL (1.0) in 1994. The 2.0 and 3.0 SSL versions followed until the protocol was renamed TLS in January 1999. The new TLS 1.0 had a few small differences compared to the previous SSL 3.0. These incongruences lead to some confusion, and as a result TLS 1.0 was unofficially known as SSL 3.1. In contrast to to SSL and TLS, which are both protocols, StartTLS is an extension that can initiate encryption with assistance from the TLS protocol.

Both protocols are often used synonymously and given the name SSL even though the TLS protocol comes with the following important functions, in contrast to the previous SSL version:

• The TLS protocol uses a pseudo-random function whereby the transmitted data is harder to intercept.
• TLS uses the Digital Signature Standard as a key exchange as well as the Diffie Hellmann algorithm, which make sure that the code is more difficult for the attacker to decode than was the case with the algorithm of the older SSL protocol.
• TLS is split up into different protocols, therefore an attacker must subsequently intercept all six protocols in order to piece everything together.
• Master secret: The data of a TLS encryption is a lot more difficult to decipher than via an SSL encryption due to complex calculations regarding the final key.

If you want the option of choosing between the two protocols when sending and retrieving encrypted emails, then you should opt for the current version of TLS. It offers functions of the SSL protocol and is even more secure thanks to new algorithms.

A protocol for all intents and purposes

The TLS protocol is also deemed a good universal transfer protocol since email SSL or TLS encryption is just one of the many applications on offer. TLS offers the possibility of implementing every higher level protocol on the basis of the TLS protocol. OpenSSL and GnuTLS are two known implemented program libraries. The security protocol is not dependent on the applications and systems and can be expanded at any time. Additionally, the protocol informs you whether the answering server is the sender’s intended recipient. For this reason, TLS is often used for secure data transfer on websites, for online banking or in online stores. An SSL-secured connection informs the user that an ‘s’ is attached to the end of ‘http’ in the address field. The browser checks that the website operator uses a valid SSL certificate for the web server. A TLS protocol can be used for:

• Emails
• Online shops
• Online banking
• Administrative areas
• User portals
• All login areas for different websites

Sending and retrieving emails via an encrypted connection

SSL or TLS should be used wherever sensitive data is present. Many emails contain more than just private details, which are of no concern to third parties; they also contain data like passwords, bank details and addresses. If you send or receive emails without SSL protocol you risk attackers getting hold of your information every time you update. This also applies to archived emails.

It is relatively easy to carry out an encrypted email transfer. Practically all email clients such as Outlook, Mozilla Thunderbird or email apps for smartphones and tablets offer SSL support. The user can manually switch the encryption on or off in the settings. It is also advisable to also encrypt old emails. Secure emails can be recognized when being sent or received since the address field will begin with ‘https’. Depending on the browser, the encryption will be highlighted, for example with a small lock.

Emails with SSL encryption: a must-have for secure data

If you carry out transfers or do your shopping online, there’s always the risk of leaving a trail behind. Big or small, these trails can attract criminals who want to gain access to your sensitive and private data such as passwords or bank details. Many users have no idea that by having a badly-secured email they are in fact unwillingly inviting third parties to have a read. Encryption protocols support all common email programs by creating encrypted emails that can only be read by the intended recipient. 1&1 also supports the SSL encryption when sending and receiving emails. Users shouldn’t hesitate to encrypt their emails and also to activate the SSL option of their email client.

For more information on SSL Certificates please mail at [email protected]