How to encypt your emails with SSL/TLS

Contents

Sending emails without encrypting them means transmitting them over a vulnerable connection and in plain text. This allows unauthorised individuals to easily intercept and read these messages. With SSL/TLS, you can encrypt your emails and protect them from unauthorised access.

How to secure emails with encryption

The contents of emails, without encryption, are as secret as the contents of a postcard. If the card or email falls into the wrong hands, the entire text can be easily read. For this reason, powerful encryption methods have been developed to either create an encrypted email or encrypt the sending of an email. There are three categories when it comes to email encryption:

Encrypt the transmission of emails
Encrypt the content of emails
Encrypt stored emails

How to send encrypted emails with SSL/TLS

The essential tool for securely sending email content is the universally applicable transmission protocol Transport Layer Security (TLS). It is better known by its former name Secure Sockets Layer (SSL). An email with SSL/TLS encryption is characterised by its content being indecipherable to outsiders during data exchange, as they do not possess the required key for decryption. It does not matter whether the email is accessed or sent via an email client like Outlook or through a web browser. SSL/TLS technology is used not only in email transmission but also, for example, in online banking or e-commerce.

Note

When we talk about SSL/TLS today, in almost all cases we mean TLS. SSL is outdated and is no longer used for transmission encryption. In our article on TLS vs SSL, we explore the topic in more detail.

Secure email for digital privacy

Email protection on any device
SSL/TLS email encryption
Firewalls and spam filters offer first class virus protection
Daily protection and backups

Encrypted emails with S/MIME or PGP

If you want to encrypt the actual content of emails, you have various techniques available – like the standard method S/MIME or the well-established PGP, both of which use asymmetric encryption. While traditional methods access the same key for coding and decoding, asymmetric encryption involves two keys – a private key, known only to the sender, and a public key, freely accessible to all recipients.

Encrypt saved emails using software

The encryption of electronic messages is crucial even when they remain stored in your inbox or archive after being read. Such encryption ensures you are prepared in case criminals gain access to your account and thereby access to all existing emails. You can ensure additional protection through two-factor authentication (especially when using web email clients) or through encrypting your data or the relevant folders and files (when using desktop email clients or apps).

How to put email encryption into practice

The most important building blocks for email encryption and secure message transmission have been briefly explained in the preceding sections. In the following sections, you will learn more about how to implement the individual security measures.

Encrypt email transmission in web clients

Reputable email providers have long offered their web services over the secure HTTPS protocol as standard. You can recognise this by the URL, which begins with ‘https’ instead of ‘http’. Additionally, in your browser’s address bar – typically indicated by a lock symbol – you can check if the webmail client has an SSL/TLS certificate.

Click the lock in the address bar, and Firefox gives you additional information about the security status of the accessed URL.

Encrypting email transmission in desktop clients

Even in the mail client on your PC or in a corresponding app on your smartphone or tablet, you can encrypt the connections to the email server using SSL/TLS. The crucial element that needs to be defined for this is the port, used for sending or receiving. You can find the relevant settings in the account settings of the respective mail program. There is often a general option to activate mail SSL/TLS encryption. Once this is enabled, the program usually configures the appropriate ports automatically. Otherwise, you can do this manually, where you will need to enter different numbers depending on the type of incoming server (POP3 or IMAP) and for the outgoing server:

Incoming mail server (IMAP): 993
Incoming mail server (POP3): 995
Outgoing mail server (SMTP): 465

Select ‘SSL’ as the connection type. (Technically ‘TLS’ despite the ‘SSL’ label.)

Note

If the StartTLS function is activated in the options, SMTP Port 587 (less commonly Port 25) is required for establishing encrypted connections using this technique.

Encrypt email content (example: Mailvelope)

If you want to send and receive encrypted emails as well as use a secure SSL/TLS connection, you have numerous programs at your disposal with which you can access the S/MIME and PGP encryption methods previously mentioned. If you send and receive your email using a web client, the easiest way is to use a browser extension such as Mailvelope, which will be used as an example in this article.

Mailvelope is available for Firefox, Edge, and Google Chrome, allowing you to use PGP email encryption in various webmail services. The first step is to install the extension through the plugin or extension centre (direct links can be found on the Mailvelope homepage).

When you launch the extension after installation, a popup window will appear. Click on ‘Let’s start!’ to start the configuration. You will then be redirected to the key management, which at this point logically doesn’t contain a key pair for the planned email encryption yet. To generate this, click on ‘Generate Key’ and then enter the requested information:

When generating keys, click on ‘Advanced’ to choose between algorithms like RSA and ECC. You can also define the bit size (2048 or 4096 bits) and set the expiration date of the keys (if desired).

Select the option ‘Upload Public Key to Mailvelope Key Server’, allowing your contacts to obtain it from there to send you encrypted emails as well. Once the PGP key pair is generated, you will receive a success notification and an initial encrypted email sent by Mailvelope to the specified email address. Open the message, click the icon in the middle (‘Show Message’), and then enter the password for the previously created key:

Without the password you set during the key pair generation, you cannot read received messages with the Mailvelope email encryption.

The message will be decrypted, and a link will become visible. Click it to activate your email address and be able to encrypt emails in the future. For encryption, you will now find a specific Mailvelope button in the message editor of the respective web client, which you must always use when you want to encrypt the content of emails:

Secure email for digital privacy

Email protection on any device
SSL/TLS email encryption
Firewalls and spam filters offer first class virus protection
Daily protection and backups

Email encryption with IONOS Mail

IONOS email servers have permanently disabled outdated TLS versions and SSL. If you’re using IONOS Webmail, there’s no need for concern—encryption is automatically and consistently enforced.

When using IONOS Mail in an email program on your PC or cell phone (e.g., Outlook, Thunderbird, Apple Mail), make sure that SSL/TLS encryption is enabled.

To enable SSL/TLS in your mail client, proceed as follows:

Open the mailbox settings.
Enable SSL/TLS encryption for the mailbox.
Set the correct ports for incoming and outgoing mail servers:
- Incoming via POP3 (SSL/TLS): 995
- Incoming via IMAP (SSL/TLS): 993
- Outgoing via SMTP (SSL/TLS): 465

How to enable encryption for IONOS Mail on Android, iOS, and more can be found in the article on switching to SSL/TLS encryption in the IONOS Help Centre.

Was this article helpful?

Stay on top of AI!

How to use PGP encryption for email

Online privacy is a sensitive issue that affects everyone from security experts to casual internet users. Whether you’re posting on social networks, carrying out banking transactions or buying from an online store, your data may not be sufficiently protected. The same applies to…

SSL
Data Protection

What is SMTP? Definition and basics

SMTP stands for “Simple Mail Transfer Protocol” – but it’s not that simple. E-mails do not simply travel directly from A to B, but go through several communication and transmission processes that the standard network protocol has been responsible for since the 1980s. As an…

Newsletter

What is StartTLS? How it works, uses, and security risks

StartTLS initiates the encryption of an email using the TLS protocol and is convenient because, if the method is accepted, the encryption occurs automatically. There’s no need to contact a dedicated port; StartTLS can be easily integrated into normal operations. However, this…

Security

Is a self-hosted mail server right for me?

A self-hosted mail server has many advantages. For example, it offers the best possible protection for your digital communications. However, if it is not managed with care, problems can arise. We explain when it is a good idea to host your own email server and what to consider…

Advice

Encryption software and tools in comparison

A good encryption software keeps your data secure. It enables you to easily protect a folder, hide hard drives, or sync encrypted data to a cloud, for example. Find out more information about recommended encryption tools and what they do, and get an overview of their advantages…

Security
Encryption