So I was thinking it would be a good idea to finally get on the band wagon and set up email encryption. For those of you who think your email is private, you should think again. Even if you connect to your server with IMAP-SSL or POP-SSL your email is still transmitted between servers unencrypted. However, there are a few ways for you to encrypt the message before it is sent through unencrypted channels. There are two widely supported ways to encrypt email these days.
- X.509 works much like SSL certificates for web servers work. You encrypt your email message with a personal certificate and then send it on its way. The email client on the other end validates the certificate from a trusted Certificate Authority and decrypts the email. This is free and fairly painless to set up. This method does not require you to send out public keys.
- PGP (aka GPG) is supported on Mac and implemented in Mail.app with the GPGMail plug-in. With this method each person must create a public/private key pair and send each other their private keys. This method isn’t as transparent as X.509, but it’s secure and free. It’s also not as cleanly implemented in Mail.app as X.509. Finally, it’s not as widely supported as X.509 in Windows and other mainstream mail clients.
My conclusion? I set up both of them to be safe. I could easily encrypt all of my outgoing email with X.509 and then PGP encrypt emails to people that I know have PGP public keys. So there you have it, encrypted email with Apple’s Mail.app.