Protecting your email communications has become increasingly important as cyber threats and data breaches increase. Both Outlook and Gmail offer encryption, but there are ways to further improve security, for example through PGP (Pretty Good Privacy). In this article, we’ll go over how encryption works in these email services, how you can improve security with PGP, and how to use Outlook or Gmail as a client for our secure eForms.
Google Gmail and Microsoft Outlook are together the world’s most widely used email clients. But like most other similar services, they are a major source of data collection for various purposes. And both Google and Microsoft, like all other providers, are required by local legislation to provide authorities with access to data.
Both Google and Microsoft offer some encryption. But as always, whoever has access to your private keys has access to your encrypted data.
Therefore, neither Gmail nor Outlook offer truly secure email, but can be used as clients for our eForms if a third-party PGP extension is installed. These extensions provide the ability to send and receive PGP end-to-end encrypted (E2EE) emails with any email client that supports PGP.
Do not use this solution if untraceability is important to you! We recommend Proton Mail instead if our service is used as a whistleblower channel!
Encryption in Outlook
Microsoft Outlook offers different forms of encryption depending on the version and type of subscription you have:
1. S/MIME encryption
S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for email encryption used in Outlook. To use this method, both the sender and recipient need to have a digital certificate installed.
To enable S/MIME in Outlook:
- Obtain an S/MIME certificate from a trusted certificate authority.
- Install the certificate in Outlook by going to Options > Security Settings.
- Encrypt email messages by checking “Encrypt content and attachments” before sending the message.
2. Microsoft 365 Message Encryption (OME)
For business users, Microsoft offers a more advanced encryption service through Office 365 Message Encryption (OME). This service encrypts email automatically and also works for recipients who do not use Outlook.
Benefits of OME:
- No additional software required.
- Works for external email recipients as well.
- The recipient receives a link to decrypt the message.
Encryption in Gmail
By default, Gmail uses Transport Layer Security (TLS) to encrypt email messages in transit. However, there are some limitations to this method:
1. TLS encryption
TLS ensures that emails are encrypted in transit between servers, but does not protect the content on the recipient’s side. If the recipient’s email provider does not support TLS, the message may be sent unencrypted.
2. End-to-End encryption with S/MIME
Google offers S/MIME encryption, but only for Google Workspace users. To enable S/MIME in Gmail, the administrator needs to:
- Enable “Hosted S/MIME” in the Google Admin console.
- Upload and manage certificates for users.
- Check “Encrypt” when sending sensitive emails.
3. Gmail Confidential Mode
Google also has a feature called “Confidential Mode”, where the sender can set an expiration date and password-protect emails. However, this is not a complete encryption solution because Google still has access to the email content.
Improve encryption with PGP
PGP (Pretty Good Privacy) is one of the most robust solutions for securing email communications. With PGP, you get end-to-end encryption, which means that only the sender and recipient can read the message.
How does PGP work?
PGP uses an asymmetric encryption method with a public and a private key:
- The public key is used to encrypt messages.
- The private key is used to decrypt messages.
How to use PGP in Outlook and Gmail
1. Install a PGP program
To use PGP in Outlook or Gmail, you need a third-party application, such as:
- Gpg4win (for Windows)
- GNU Privacy Guard (GPG) (for macOS and Linux)
- Encryptomatic (OpenPGP Desktop With Microsoft Outlook Add-in för Windows)
- FlowCrypt (Gmail browser extension for Chrome, Firefox, Brave, Edge and Opera)
- Mailvelope (a browser extension for Gmail and Outlook Web App)
2. Create and share your keys
- Generate a key pair (public and private key).
- Share your public key with the people you want to communicate securely with.
- Import the recipient’s public key to encrypt emails to them.
3. Encrypt and decrypt messages
- Use your PGP program to encrypt your message before sending it.
- The recipient uses their private key to decrypt the message.
Summary
Both Outlook and Gmail offer basic encryption, but they have their limitations. For maximum security, it is recommended to use PGP, which provides complete end-to-end encryption. By using the right tools and methods, you can ensure that your email communications remain private and protected from unauthorized access.
Both Outlook and Gmail with PGP support works well as a client for our secure eForms provided that the forms do not require untraceability, eg if used as a whistleblower channel, use Proton Mail for this instead.
For further security, always keep your private key safe, use strong passphrases, and encourage your contacts to use PGP encryption as well. Stay secure and keep your communications private!