How to send encrypted emails

Email encryption 

Email, when not encrypted, is like a postcard. Hackers can intercept and read them easily. Since many corporate emails contain sensitive information, they need to be encrypted to prevent snooping and email tampering. Email encryption checks two critical components of a secured email.

Content integrity: The encrypted emails are decrypted upon delivery where the content of the email is verified, and an error message is thrown if the verification process fails. This decryption process makes it possible to detect any tampering.

Message Privacy: When an email is encrypted, its content can only be read by the sender and the recipient, hence protected from unauthorized people.  

What is S-MIME encryption? 

S/MIME (Secure/Multipurpose Internet Mail Extensions) provides an extra layer of security to your emails by encrypting them between the sender's and recipient's servers, preventing unauthorized access to the data in the email.

While many email providers encrypt emails in transit, they are not encrypted when they are at rest or in-between local servers, leaving them vulnerable. Zoho Mail encrypts the email at rest and uses S/MIME to encrypt emails in transit, preventing unauthorized access along the way.

How S-MIME encryption works 

S/MIME secures emails with two key features.

• Email encryption: S/MIME provides email encryption making it indecipherable for users other than the intended recipients.
• Digital signature: S/MIME encryption digitally signs the emails between two S/MIME enabled users, ensuring sender authenticity.

S/MIME executes both email encryption and digital signature with public and private keys. 

Configuring S/MIME 

Before configuring S/MIME, you are required to have a valid certificate mapped to the email address of the account from which you would send the emails. You can get the certificates from an authenticated third-party service. Note that you can add multiple certificates but activate only one.

1. Log in to your Zoho Mail account.
2. Click the Settings icon.
3. Select Send Mail As setting.
4. Click on Configure S/MIME next to the email address for which you wish to configure S/MIME.
   
5. The S/MIME encryption popup appears. Click on Add Certificate and select the S/MIME certificate of the relevant account.
   
6. Enter the certificate password and click Save to upload the certificate.
   
7. Once uploaded, select the certificate. Click OK on the S/MIME certificate popup to enable the certificate.
   

Once the S/MIME is successfully configured, the emails sent using the associated email address will be encrypted. To disable the certificate, select the relevant certificate and click OK in the popup which opens.

Note that S/MIME encryption has to be enabled by your administrator. If you don't see the configure S/MIME option, contact your administrator to enable it.

Sending an encrypted email 

When you compose an email, you are notified if the email you are about to send is secured with S/MIME encryption.

1. The icon displayed next to the recipient's name in the To field indicates that the recipient has enabled S/MIME.
2. The icon next to the From address indicates that the email you send from this address will be digitally signed.

Identifying encryption in received emails 

When you receive an email, the S/MIME Encryption level indicator denotes that the email is secure with S/MIME encryption. The icon next to the sender's name indicates that the email has been digitally signed by the sender using S/MIME.