by Svetlana Cheusheva , updated on March 22, 2023
These days when e-mail has become the main means of personal and business communication and stealing information is what trade secret crimes thrive on, the problems of securing email and safeguarding privacy are on everyone's mind.
Even if your job does not imply sending your company's secrets that need to be protected from unwanted eyes, you may look for a little personal privacy. Whatever your reason is, the most reliable ways to secure your communications with co-workers, friends and family are mail encryption and digital signatures. Outlook email encryption protects the contents of your messages against unauthorized reading, while a digital signature ensures that your original message has not been modified and comes from a certain sender.
Encrypting email it Outlook may sound like a daunting task, but it is actually quite simple. There exist a few methods of sending secure emails in Outlook, and further on in this article we are going to dwell on the basics of each:
To be able to encrypt important Outlook e-mails, the first thing you need to get is a Digital ID, also known as E-mail Certificate. You can get the digital ID from one of the sources recommended by Microsoft. You will be able to use these IDs not only to send secure Outlook messages, but protect documents of other applications as well, including Microsoft Access, Excel, Word, PowerPoint and OneNote.
The process of getting a Digital ID depends on which service you have opted for. Typically, an ID is provided in the form of an executable installation that will automatically add the certificate to your system. Once installed, your digital ID will become available in Outlook and other Office applications.
To verify whether a digital ID is available in your Outlook, perform the steps below. We explain how this is accomplished in Outlook 2010, though it works exactly in the same way in Outlook 2013 - 365, and with insignificant differences in Outlook 2007. So hopefully you won't have any problems to configure your encryption certificate in any Outlook version.
Note: If you already have a digital ID, the settings will be automatically configured for you. If you want to use a different e-mail certificate, follow the remaining steps.
In the Change Security Settings dialog window, click New under Security Setting Preferences.
Note: To find out whether the certificate is valid for digital signing or encryption, or both, click the View Certificate properties link on the Select Certificate dialog box.
Typically, a certificate purposed for cryptographic messaging (such as Outlook email encryption and digital signing) says something like "Protects email messages".
Select the Send these certificates with signed messages check box if you are going to send Outlook encrypted email messages outside of your company. Then click OK and you are done!
Tip: If you want these settings to be used by default for all encrypted and digitally signed messages you send in Outlook, select the Default Security Setting for this cryptographic message format check box.
Email encryption in Outlook protects the privacy of messages you send by converting them from readable text into scrambled enciphered text.
To be able to send and receive encrypted email messages, you need two basic things:
You need to share the certificates with your contacts because only the recipient who has the private key that matches the public key the sender used to encrypt the email can read that message. In other words, you give your recipients your public key (which is part of your Digital ID) and your correspondents give you their public keys. Only in this case you will be able to send encrypted emails to each other.
If a recipient who does not have the private key matching the public key used by the sender tries to open an encrypted e-mail, they will see this message:
"Sorry, we're having trouble opening this item. This could be temporary, but if you see it again you might want to restart Outlook. Your Digital ID name cannot be found by the underlying security system."
So, let's see how sharing digital IDs is done in Outlook.
To be able to exchange encrypted messages with certain contacts, you need to share your public keys first. You start by exchanging digitally signed emails (not encrypted!) with the person to whom you want to send encrypted emails.
Once you get a digitally signed email from your contact, you have to add the contact's digital ID certificate to his/ her contact item in your Address Book. To do this, please follow the steps below:
When the person is added to your Outlook contacts, their digital certificate will be stored with the contact's entry.
Note: If you already have an entry for this user in your Contacts list, select Update information in the Duplicate Contact Detected dialog.
To view the certificate for a certain contact, double-click the person's name, and then click the Certificates tab.
Once you have shared the Digital IDs with a certain contact, you can send encrypted messages to each other, and the next two sections explain how to do this.
In an email message you are composing, switch to the Options tab > Permissions group and click the Encrypt button. Then send the encrypted email as you usually do in Outlook, by clicking the Send button. Yep, it is that easy : )
If you don't see the Encrypt button, then do the following:
In the Properties dialog window, Click the Security Settings button.
In the Security Properties dialog window, check the Encrypt message contents and attachments check box and click OK.
Note: This process will also encrypt any attachments you send with the encrypted email messages in Outlook.
Finish composing your message and send it as usual. To verify whether the email encryption worked, switch to the Sent Items folder and if your email was encrypted successfully, you will see the Encryption icon next to it.
Note: If you are trying to send an encrypted message to a recipient who has not shared the public key with you, you will be offered the choice to send the message in the unencrypted format. In this case, either share your certificate with the contact or send the message unencrypted:
If you find that encrypting each email individually is quite an onerous process, you can opt to automatically encrypt all email messages you send in Outlook. However, please note that in this case all of your recipients must have your digital ID to be able to decipher and read your encrypted email. This is probably the right approach if you use a special Outlook account to send emails within your organization only.
You can enable automatic Outlook email encryption in the following way:
Switch to the Email Security tab, and select Encrypt contents and attachments for outgoing messages under Encrypted email. Then click OK and you are close to finished.
Tip: In case you want some additional settings, for example to choose another digital certificate, click the Settings button.
Well, as you can see Microsoft Outlook takes a rather burdensome approach to email encryption. But once configured, it will definitely make your life easier and email communication safer.
However, the email encryption method we have just explored has one significant limitation - it works for Outlook only. If your recipients use some other email clients, then you will need to employ other tools.
To send encrypted email between Outlook and other non-Outlook email clients, you can use one of the third party mail encryption tools.
The most popular free open source tool that supports both cryptography standards, OpenPGP and S/MIME, and works with multiple email clients including Outlook is GPG4WIn (the full name is GNU Privacy Guard for Windows).
Using this tool you can easily create an encryption key, export it and send to your contacts. When your recipient receives the email with the encryption key, they will need to save it to a file and then import the key to their email client.
I won't be going into much detail on how to work with this tool since it is rather intuitive and easy to understand. If you need the full info, you can find the instructions with screenshots on the official web-site.
To have a general idea how GPG4OL looks like in Outlook, see the following screenshot:
Besides the GPG4Win add-in, there is a handful of other tools for email encryption. Some of these programs work with Outlook only, while others support several email clients:
If you are working in a corporate environment, you can use the Exchange Hosted Encryption (EHE) service to have your email messages encrypted/decrypted at the server side based on policy rules that your administrator creates.
Outlook users who have ever tried this encryption method have two major complaints.
Firstly, exchange hosted encryption is hard to configure. Besides the digital ID, it also requires a special password, aka token, that your Exchange administrator has assigned to you. If your Exchange admin is responsible and responsive, he will configure your Exchange encryption and set you free from this headache : ) If you are not that lucky, try to follow Microsoft's instructions (Get a digital ID for sending messages using Microsoft Exchange section is near the bottom of the page).
Secondly, the recipients of your encrypted emails should use Exchange hosted encryption too, otherwise it is useless.
The Office 365 Exchange Hosted Encryption is claimed to have fixed both of the above mentioned problems. To find more information about it, visit the official web-site or this blog.
If none of the email protection techniques covered in this article meets your requirement in full, you can consider using other, more sophisticated methods, such as Steganography. This hard-to-pronounce word means concealing a message or other file within another message or file. There exist various digital steganography techniques, for example concealing the contents of an email within the lowest bits of noisy images, within encrypted or random data and so on. If you are interested to learn more, check out this Wikipedia article.
And this is all for today, thank you for reading!
