No matter if it’s private communication or business, your emails contain practically all the information there is to know about you.
From your emails, anyone can learn about your work, our relationships, our vacations, and our medical problems. Someone in control of your email account could impersonate you and scam your friends and business partners, as well as reset passwords to any account linked to the email address.
Email security is of high importance, and while perfect anonymity and security might seem unachievable, it is rather easy to secure your account against some of the most equipped adversaries — and without too much cost.
Always use TLS
TLS stands for Transport Layer Security, and it ensures your connection to a website is encrypted as well as verifying the integrity of the server you are connecting to. TLS is also used to encrypt your connection to an email server and connections between email servers.
When you use an external email client, such as Outlook, Apple Mail, or Thunderbird, always make sure your emails are fetched over an encrypted channel.
Go into your settings and ensure “STARTTLS” or “SSL/TLS” is activated.
- Some software may call this connect only through encrypted channels
TLS ensures that emails are encrypted between your computer and the email server, so they cannot be easily intercepted.
It is important to encrypt emails not only between your computer and your email server but also between email servers.
This is also done with TLS. You can use the tool CheckTLS to see if your email server encrypts between servers.
Simply enter your email address (or that of anyone else) into CheckTLS.
Your test results should look like this. Everything is green, indicating all emails are encrypted when sent between servers, and the certificates are valid.
If you see a red Fail under TLS, you need to urge your email provider to configure their servers correctly, or switch providers. (Yes, the U.S. Military does not encrypt its email!)
In many cases, you will see a result like the one above. The Cert OK fail indicates that while the nsa.gov email servers do use encryption, they do not have a valid certificate, making them vulnerable to man-in-the-middle attacks. If you encounter this problem, reach out to your email provider, system administrator, or look out for a new one.