Mimecast: The 5 Types of Email Encryption

Email encryption is one of the most misunderstood and complex fields of data security, with many companies either using it incorrectly or not using it at all. However, it remains the most secure way to send data across the Internet, with various protocols securing data against cyberattackers and other threats.

Today, there are five main types of email encryption, which fall into two distinct categories. These are:

Transport Level Encryption

This type of encrypted email secures data during transport but not necessarily before or after transit. This constitutes the most affordable type of email encryption but is slightly less secure than end-to-end.

End-to-End Encryption

This type of encrypted email secures data at both the source and the destination. This means emails are encrypted before they are sent out and then unencrypted by the receiver at the other end. This is the most secure type of encrypted email but is generally more expensive.

Encrypted Email — The 5 Protocols

Each of the two main encryption categories contains several different protocols designed to secure data. Here, we look at each in more depth.  

1.  PGP and S/MIME

The most widely used and, arguably, the most important protocols in end-to-end encrypted email, PGP and S/MIME can be found within many email clients. First released in 1991, PGP (Pretty Good Privacy) is the benchmark that other protocols measure themselves against.

It works by encrypting data with a random key, subsequently encrypted with the receiver's own public key. These are then sent together, allowing the receiver's private key to unlock the data to enable random key decryption.

PGP is a decentralized approach to encrypted email; however, S/MIME (Secure/Multipurpose Internet Mail Extensions) builds on this with a centrally managed public key model. This type of email encryption means obtaining a key directly from a certificate authority (CA).


Using TLS (Transport Layer Security), STARTTLS can upgrade plain text into an encrypted email. It does this by requesting encryption while messages are in transit, so both the sender and recipient don't need to take any encryption steps to enjoy better security.

While this approach helps protect emails against passive monitoring, it can leave data vulnerable to "man in the middle" attacks. However, there are measures that can be taken to protect against this as well. 


While STARTTLS can be a great baseline for email encryption, it is possible to add further layers of protection while messages are in transit. Maximizing the security of STARTTLS is DANE (DNS-Based Authentication of Named Entities) and MTA-STS (Message Transfer Agent Strict Transport Security).

Simply put, DANE prevents STRIPTLS attacks, where cybercriminals "strip" away the TLS protocol to access data. MTA-STS does something similar, however, it relies on a certificate authority and TOFU (Trust On First Use) systems.

4. Bitmessage

Bitmessage is intrinsically tied to Bitcoin. The system is based on the currency's design and features powerful security tools, including decentralization, hermetic encryption, hidden sender and recipient, trustless frameworks, and POW (Proof of Work) requirements.

Offering end-to-end encryption, it uses peer-to-peer authentication just like the cryptocurrency and is extremely popular with individuals and small businesses.

5. GNU Privacy Guard

GnuPG (GNU Privacy Guard), often shortened to GPG, is a hybrid encryption model that uses both a public key and symmetric key cryptography. This increases speed and ease of use, generating a pair of asymmetric keys distributed to both sender and recipient.

Free to use but open to threats when public keys are shared, safe identity protection must be practiced when using this protocol to increase security.

Encrypted Email - The Bottom Line 

These five encrypted email tools and protocols are currently the go-to options for both individuals and businesses around the world. However, new technologies are being developed all the time, so it's a good idea to check out what is currently on the market before diving in.

Contact: michael.bertini@iquanti.com

Source: Mimecast

About Mimecast

Mimecast is the company solving the top cyberattack vector - email. We deliver relentless protection for tens of thousands of customers around the globe; always putting them first, and never giving up on tackling their biggest security challenges.

More Press Releases