How to send encrypted emails
Email, when not encrypted, is like a postcard. Hackers can intercept and read them easily. Since many corporate emails contain sensitive information, they need to be encrypted to prevent snooping and email tampering. Encrypted emails check two critical components of a secured email.
Content integrity: The encrypted emails are decrypted upon delivery where the content of the email is verified, and an error message is thrown if the verification process fails. This decryption process makes it possible to detect any tampering.
Message Privacy: When an email is encrypted, its content can only be read by the sender and the recipient, hence protected from unauthorized people.
What is S-MIME encryption?
Secure/Multipurpose Internet Mail Extensions (S/MIME) provides an extra layer of security for your emails with end-to-end encryption. While many email providers encrypt emails in transit, they are not encrypted when they are on rest or in-between local servers, leaving them vulnerable.
While Zoho Mail secures the email both in its rest and transit state, S/MIME encrypts them end-to-end and prevents unauthorized access along the way.
How S-MIME encryption works
S/MIME secures emails with two key features.
- Email encryption: S/MIME provides end-to-end email encryption making it indecipherable for users other than the intended recipients.
- Digital signature: S/MIME encryption digitally signs the emails between two S/MIME enabled users, ensuring sender authenticity.
S/MIME executes both email encryption and digital signature with public and private keys. To know more about public and private keys and how they function in email encryption and digital signature, refer to this help page
Before configuring S/MIME, you are required to have a valid certificate mapped to the email address of the account from which you would send the emails. You can get the certificates from an authenticated third-party service. Note that you can add multiple certificates but activate only one.
- Log in to your Zoho Mail account.
- Click the Settings icon.
- Select Send Mail As setting.
- Click on Configure S/MIME next to the email address for which you wish to configure S/MIME.
- The S/MIME encryption popup appears. Click on Add Certificate and select the S/MIME certificate of the relevant account.
- Enter the certificate password and click Save to upload the certificate.
- Once uploaded, select the certificate. Click OK on the S/MIME certificate popup to enable the certificate.
Once the S/MIME is successfully configured, the emails sent using the associated email address will be encrypted end-to-end. To disable the certificate, select the relevant certificate and click OK in the popup which opens.
Note that S/MIME encryption has to be enabled by your administrator. If you don't see the configure S/MIME option, contact your administrator to enable it.
Sending an encrypted email
When you compose an email, you are notified if the email you are about to send is secured with S/MIME encryption.
- The icon displayed next to the recipient's name in the To field indicates that the recipient has enabled S/MIME.
- The icon next to the From address indicates that the email you send from this address will be digitally signed.
Identifying encryption in received emails
When you receive an email, the S/MIME Encryption level indicator denotes that the email is secure with S/MIME encryption. The icon next to the sender's name indicates that the email has been digitally signed by the sender using S/MIME.