Email Security
Email is an insecure form of communication by default. You can improve your email security with tools such as OpenPGP, which add End-to-End Encryption to your messages, but OpenPGP still has a number of drawbacks compared to encryption in other messaging applications, and some email data can never be encrypted inherently due to how email is designed.
As a result, email is best used for receiving transactional emails (like notifications, verification emails, password resets, etc.) from the services you sign up for online, not for communicating with others.
Email Encryption Overview¶
The standard way to add E2EE to emails between different email providers is by using OpenPGP. There are different implementations of the OpenPGP standard, the most common being GnuPG and OpenPGP.js.
There is another standard which is popular with business called S/MIME, however, it requires a certificate issued from a Certificate Authority (not all of them issue S/MIME certificates). It has support in Google Workplace and Outlook for Web or Exchange Server 2016, 2019.
Even if you use OpenPGP, it does not support forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. This is why we recommend instant messengers which implement forward secrecy over email for person-to-person communications whenever possible.
What Email Clients Support E2EE?¶
Email providers which allow you to use standard access protocols like IMAP and SMTP can be used with any of the email clients we recommend. Depending on the authentication method, this may lead to the decrease security if either the provider or the email client does not support OATH or a bridge application as multi-factor authentication is not possible with plain password authentication.
How Do I Protect My Private Keys?¶
A smartcard (such as a Yubikey or Nitrokey) works by receiving an encrypted email message from a device (phone, tablet, computer, etc) running an email/webmail client. The message is then decrypted by the smartcard and the decrypted content is sent back to the device.
It is advantageous for the decryption to occur on the smartcard so as to avoid possibly exposing your private key to a compromised device.
Email Metadata Overview¶
Email metadata is stored in the message header of the email message and includes some visible headers that you may have seen such as: To
, From
, Cc
, Date
, Subject
. There are also a number of hidden headers included by many email clients and providers that can reveal information about your account.
Client software may use email metadata to show who a message is from and what time it was received. Servers may use it to determine where an email message must be sent, among other purposes which are not always transparent.
Who Can View Email Metadata?¶
Email metadata is protected from outside observers with Opportunistic TLS protecting it from outside observers, but it is still able to be seen by your email client software (or webmail) and any servers relaying the message from you to any recipients including your email provider. Sometimes email servers will also use third-party services to protect against spam, which generally also have access to your messages.
Why Can't Metadata be E2EE?¶
Email metadata is crucial to the most basic functionality of email (where it came from, and where it has to go). E2EE was not built into the email protocols originally, instead requiring add-on software like OpenPGP. Because OpenPGP messages still have to work with traditional email providers, it cannot encrypt email metadata, only the message body itself. That means that even when using OpenPGP, outside observers can see lots of information about your messages, such as who you're emailing, the subject lines, when you're emailing, etc.