Email Encryption

    Learn about email encryption and how to protect sensitive data sent through email.

    What is email encryption?

    Email encryption is the process of encrypting, or disguising, the content of email messages to protect sensitive information from being read by unintended recipients, or cybercriminals looking to steal valuable information. The fact of the matter is that email continues to be the primary attack vector for cybercriminals. As such, it's important for organizations of all sizes to practice proper email security hygiene and utilize an email encryption solution when sending intellectual property or other sensitive information over email. Learn how to further secure your email environment by encrypting emails!



    Why is email encryption important?

    Email often contains sensitive or confidential information. When email encryption is employed, it provides the essential security needed to protect that information. As such, organizations of all sizes often employ email encryption as a part of their cybersecurity strategies.


    How to send encrypted email with Mimecast

    Mimecast Secure Messaging protects sensitive data by making it easy for users to send and receive secure messages, and enabling policy-initiated secure messages at the email encryption gateway for an added layer of security.

    Here’s how it works:

    • When employees need to send an encrypted email, they simply create a new email in Outlook and select a Send Secure checkbox on the Mimecast for Outlook tab. Secure messaging can also be automatically triggered when email content or attachments meet certain policy criteria.
    • Once the user presses send, the email and attachments are securely uploaded to an email server on the Mimecast cloud, scanned for malware, checked against email privacy, content and data leak prevention (DLP) policies, and then stored in a secure AES-encrypted archive.
    • A notification message is sent to the recipient of the email, directing the recipient to log into the Secure Messaging portal where they can read and reply to secure messages and compose a new message to the original sender.


    Benefits of Mimecast's secure email encryption service

    Secure messages are scanned for anti-virus, data leaks and compliance policies to help meet requirements for HIPAA, GLBA and PCI-DSS regulations. Mimecast also provides anti-virus and malware protection for all inbound and outbound email.

    Mimecast’s encrypted email service offer significant benefits for sending secure emails:

    • Simplify your secure email encryption with no certificate or encryption key management required.
    • Set granular message controls to rapidly revoke message access, require read receipts, enforce message expiration dates and prevent Reply, Reply all and printing.
    • Protect sensitive data more effectively — messages sent via Mimecast Secure Messaging never leave Mimecast's secure web portal.
    • Automatically encrypt messages that meet certain criteria, including messages sent to a specific domain or recipient, messages that contain specific keywords in the subject line, or as a fallback option to enforced TLS encryption.
    • Customize the branding and tailor your secure web portal to meet your corporate branding guidelines, giving users a consistent experience on any recipient device.
    • Lower your costs with no required installation of new hardware or software, helping to reduce expenses and improve ROI.

    Learn more about secure email encryption with Mimecast, and about Mimecast solutions for Office 365 email encryption and for encrypted file transfer.


    Email encryption FAQs

    What are the types of email encryption?

    Three standard email security protocols are used to secure email transmission: Secure Sockets Layer (SSL), Transport Layer Security (TLS) and STARTTLS. Because insecure email is a common attack vector for cybercriminals, it’s critical to use email security protocols like SSL/TLS and STARTTLS. Without this measure, users subject their emails and the sensitive data they contain to the possibility of interception, theft and email domain spoofing. With SSL/TLS or STARTTLS in place, cybercriminals who intercept an email can’t unencrypt it without the keys to decode it, which only the email server and client have.

    How does email encryption work?

    SSL/TLS work by initiating a series of agreements between an email client — such as Gmail or Outlook — and a server to agree on the details of their connection. These agreements require a number of detailed steps, from determining what version of SSL/TLS will be used and how the communication will be encrypted to establishing that a secure connection is in place before transferring the data.

    After the agreement series is completed, the email server returns a TLS digital certificate and public encryption key to the email client. The email client then verifies the certificate and creates a shared secret key (SSK), which is returned to the server. The server decrypts the SSK, which allows the transmission of emails.

    With STARTTLS, however, it notifies a mail server that the contents of an email need to be encrypted. If the mail is intercepted, its contents and metadata are scrambled and difficult to decode. Once the transmission is received, the data will be decrypted.

    How do I know if my email is encrypted?

    To use Mimecast’s encrypted email service, users simply create a new email in Outlook, Mimecast for Mac or within the Secure Messaging web portal. After composing the email, the user selects a Send Secure option before clicking Send as usual.

    Looking to expand your email security?

    Mimecast Advanced Email Security blocks the most dangerous email-borne attacks, from phishing and ransomware to social engineering, payment fraud and impersonation.

    Back to Top