NEW YORK, May 19, 2022 (GLOBE NEWSWIRE) -- Email encryption is one of the most misunderstood and complex fields of data security, with many companies either using it incorrectly or not using it at all. However, it remains the most secure way to send data across the Internet, with various protocols securing data against cyberattackers and other threats.
Today, there are five main types of email encryption, which fall into two distinct categories. These are:
Transport Level Encryption
This type of encrypted email secures data during transport but not necessarily before or after transit. This constitutes the most affordable type of email encryption but is slightly less secure than end-to-end.
End-to-End Encryption
This type of encrypted email secures data at both the source and the destination. This means emails are encrypted before they are sent out and then unencrypted by the receiver at the other end. This is the most secure type of encrypted email but is generally more expensive.
Encrypted Email — The 5 Protocols
Each of the two main encryption categories contains several different protocols designed to secure data. Here, we look at each in more depth.
1. PGP and S/MIME
The most widely used and, arguably, the most important protocols in end-to-end encrypted email, PGP and S/MIME can be found within many email clients. First released in 1991, PGP (Pretty Good Privacy) is the benchmark that other protocols measure themselves against.
It works by encrypting data with a random key, subsequently encrypted with the receiver's own public key. These are then sent together, allowing the receiver's private key to unlock the data to enable random key decryption.
PGP is a decentralized approach to encrypted email; however, S/MIME (Secure/Multipurpose Internet Mail Extensions) builds on this with a centrally managed public key model. This type of email encryption means obtaining a key directly from a certificate authority (CA).
2. STARTLES
Using TLS (Transport Layer Security), STARTTLS can upgrade plain text into an encrypted email. It does this by requesting encryption while messages are in transit, so both the sender and recipient don't need to take any encryption steps to enjoy better security.
While this approach helps protect emails against passive monitoring, it can leave data vulnerable to "man in the middle" attacks. However, there are measures that can be taken to protect against this as well.
3. DANE or MTA-STS
While STARTTLS can be a great baseline for email encryption, it is possible to add further layers of protection while messages are in transit. Maximizing the security of STARTTLS is DANE (DNS-Based Authentication of Named Entities) and MTA-STS (Message Transfer Agent Strict Transport Security).