Email encryption has gotten so much better, so you'd be crazy not to use it
- 22 July, 2015 23:22
I once co-wrote a book on enterprise email where I likened email encryption to a "sucking chest wound." That was in 1997, when you had to do all the encryption key management on your own, a daunting task to say the least.
While things have improved considerably since then, encrypting messages is not as simple as it could be, and requires careful study if you want to have truly private communications that can't be viewed by your competitors -- or your government.
In the past, recipients of encrypted emails had to share the same system as the sender, and many email clients were difficult to configure. Today, many products have a "zero knowledge encryption" feature, which means you can send an encrypted message to someone who isn't on your chosen encryption service. Just provide them a passphrase to decrypt their message and to compose a reply to you, or in some cases they can read the message by just authenticating themselves. After this first communication, your recipient is able to exchange encrypted messages with you quite easily.
Apart from zero knowledge encryption, modern products make sending and receiving messages easier, with advances like an Outlook or browser plug-in that gives you nearly one-button encryption. And all of the products reviewed have better control over the message traffic, such as setting expiration dates, or being able to revoke unread messages or prevent them from being forwarded once your recipient has read them. These are all good signs that encryption has finally come of age.
But there is one remaining problem: the ways we use email has also evolved and gotten more complex. Some of us alternate between desktop and mobile clients, or also turn to webmail as our mail client. Some people prefer Outlook and many organizations depend on Microsoft Exchange, while there are dozens of SaaS-based hosted email providers, such as Google Apps and Office 365. That means any encryption solution has to cover different use cases and endpoint clients. And there still is a lot of end user apathy towards encrypting messages, even in spite of the Snowden saga and other object lessons in keeping messages secure.
To analyze the current state of the art, we examined seven products, and found that they fall into three functional categories.
First are hosted email services that make use of end-to-end encryption of their message traffic. Typically, you use the hosted provider's webmail client to have a secure connection to send and receive email. If you are already using a hosted email service, you would need to replace that provider with one of these services. We looked at Hushmail and ProtonMail in this category. Hushmail has been around for more than a decade, while ProtonMail is relatively new and still in an extended beta. This category is appealing for smaller networks or places that see an immediate need for encryption and want to get started quickly.
Second are email encryption gateways. These were the first kinds of encryption products, and can still be found on the market. They require special plug-ins or an on-premises server to be setup inside your firewall to connect to your main email server. Datamotion SecureMail and HP's Voltage SecureMail fit into this category.
Gateways offer tremendous control over how emails are processed, whether any message residue can be found on local storage devices, and how you can go about recovering passwords. While this is appealing, with all this control comes the higher pain point of getting them setup properly. That's why gateways have somewhat fallen out of favor, especially now that there are so many other choices.
Gateways are still useful for businesses that either are reluctant to use the cloud or who have particular compliance reasons for encrypting their message traffic, such as a brokerage house or a medial practice.
Finally, there are client-only products that supplement existing desktop email software, such as Outlook or Apple Mail. These are typically add-on tools that encrypt messages using your existing email infrastructure. Tutanota, Virtru and AppRiver fit into this category. This is popular for businesses which have a variety of email clients in use and don't want to deploy a universal encryption service immediately, or who can't easily swap out pieces of their email infrastructure. (Watch a slideshow of these products.)
There are numerous other encryption services that we didn't test, for two reasons. First, many of them are like ProtonMail that only offer encryption to single mailboxes and aren't suitable for an enterprise-wide deployment. A good article listing many of these services can be found here. Second, several of the long-time encryption vendors didn't want to participate, including gateway vendors Symantec (the current keeper of the PGP flame) and Zix Corp.
Winners and losers
Because of the variety of email situations and product types, we couldn't declare an overall Clear Choice winner. However, each of these products can be very useful for specific situations. Despite having some innovative features, we would hold off on recommending Tutanota until the product matures.
If you make use of an Internet standard IMAP/SMTP server for your email, then Hushmail or Virtru are the best ways to go. Hush uses a combination of various industry standard encryption technologies to move mail from your desktop through the Internet. Virtru has its own ecosystem and collection of add-ons to Outlook, browsers and Gmail that can protect your messages.
If you use Exchange or Notes, then Datamotion is the better solution, using its gateway. While it is the most expensive of the seven products we tested, it offers a lot of flexibility in configuration. Voltage is also a good gateway-based alternative if you need the plethora of controls to handle your mail flow, and it runs on both Linux and Windows servers.
If you don't want to deploy encryption for everyone and just want a few employees to have this feature, or if you have a POP-based system, then look at AppRiver. They are also appealing because of a very large attachment limit of 5GB; most of the other products could only accommodate smaller attachments.
While ProtonMail is mainly for individuals, it is a demonstration of what the current level of privacy and paranoia can do to deliver an easy-to-use encryption product. While its user interface lags behind some of the more mature products, it has a couple of features that are worth examining, including default double message encryption and how it can automatically notify new correspondents of a waiting encrypted message.
How we tested
We used a combination of Mac and Windows 7 desktop clients and an iPhone to run the various programs, using Firefox and Chrome browsers. We set up several Internet-based mail domains, changed MX records when they were needed, and added plug-ins to Windows 7 machines running Outlook 2013 and Mac Mail clients. In setting up this entire infrastructure, we looked at the following evaluation criteria:
1) Enterprise management and control features
These include how a product can recover from error conditions and how useful it is in troubleshooting email problems. We looked at how easy it was to set up new mailboxes or terminate existing ones and how to recover a lost password. We also noted in the summary chart what the various total mailbox and attachment size limits, if any, are specified by each vendor.
We looked at the different user interfaces (Web, mobile and desktop clients) and how they differ and how they are documented or supported with online tutorials and help files.
4) Encryption security features
Can you hide subject or other metadata surrounding the message? Who holds the encryption keys? Do customer messages reside on cloud-based servers owned by the vendor and if so where are they located?
5) Silk Road scenario
If you are ultra-paranoid, you might have read how the FBI arrested Ross Ulbricht for his activities with Silk Road. The FBI got around the encryption protocols he was using by seizing his laptop while he was using it in a public library in San Francisco. If this is a scenario that you want to avoid, then the only encryption products that can help you would be Datamotion and possibly Tutanova. While we recognize that none of these products is designed to evade the law, we got some interesting responses from the vendors as they pondered this scenario and we wanted to share them with you as an illustration of how the encryption products can be used in ultra-secret situations.
Here are the individual results:
|Product||Server Locale||Mobile version||Attach limit / mbox size||Plug ins (1)||Type||Price (50 users/yr)|
|Hushmail for Business||Canada||Web only||20 MB, 10GB||None||Hosted||$2,196|
|Virtru Pro||USA||iOS, Android||25 MB unlimited||Firefox, Chrome, Outlook Mac Mail||Client||$1,200|
|HP Voltage||USA||Web, iOS, Android, BBery||Varies (2)||Outlook||Gateway, Hosted, Client||$2,750 (one-time fee)|
|Datamotion||USA||Web only||100 MB (3)||Outlook||Gateway||$4,795+$2,599|
|AppRiver CipherPost||USA||Web, iOS, Android, BBery||5 GB, 2GB||Chrome, Outlook||Client||$4,770|
|Tutao Tutanota||Germany||iOS, Android||25 MB, 1GB||Outlook||Client, Hosted (premium)||1200 euros|
(1)Outlook plug in only works for Windows versions of Outlook.
(2)Limit can be set by admin, separate file transfer add-on available
(3)DataMotion sells an upgrade to 2 GB for another $72 per user per year
AppRiver CipherPost Pro
AppRiver sells a variety of email-related solutions, and CipherPost Pro is its encrypted mail product. Basically, you layer an encryption service on top of your existing email infrastructure.
If you are using Outlook, it installs a plug-in. Otherwise you can take advantage of a Chrome plug-in or a webmail page that has similar functionality. AppRiver also has a wide collection of mobile apps for iOS, Android, Windows phones and BlackBerry 10s that offer the ability to send and receive encrypted messages. The caveat for any of these mobile versions is that you can't send or receive attachments.
Downloading the Outlook plug-in took a few steps and required .Net Framework to be installed and activated to your particular email account. Once that is done there is a separate "Secure Messaging" menu option on your Outlook toolbar, with a "Send Secure" button to start the process to compose a message. This is typical of many of the Outlook add-on products.
You can correspond with people outside your email domain or people that haven't yet registered for the CipherPost service, what we call zero knowledge encryption and what AppRiver calls guest users. Recipients get a message with a Web link; they click on it and are asked to register with the system before seeing the message contents. Guests don't have to pay for the encryption service but can only correspond back to you with an encrypted message. And like most other products, the subject line of your encrypted message is shown in the clear.
Whether you use Outlook or the webmailer, at the heart of the product is a special "Delivery Slip" sidebar that appears on the right side of the page as you are composing your message. This is where various controls are located to enable message-tracking options, to restrict external users from forwarding or replying to your message, and to add an extra security layer to make your message require a second encryption key to be read. These are all nice features.
In addition to the webmail page, there is a separate admin portal where you can keep track of your users, including the ability to promote or revoke guest or registered user rights and add new domain administrators. There are several tabs across the top that promote AppRiver's other services, including a hosted Exchange service and a secure Web proxy service.
AppRiver has another feature that adds an extra layer of encryption called For your eyes only. This could possibly handle the Silk Road scenario, but is certainly nice if you want to make sure that no one else can read your message.
Some caveats. CipherPost supports POP or MAPI (native Exchange) access but not IMAP to your Internet email accounts. There is a 5GB attachment size limit on all encrypted messages, which is the most generous of any of the vendors tested.
If you have to send large attachments, then CipherPost should be on your short list. Managing its plug-ins could take some valuable staff time to setup, especially for multi-modal email users who like to switch between mobile and desktop or web email clients.
CipherPost has a 30-day free trial and an impressive support department that will walk you through the process to setup an account and get started with adding users and sending your first message. Users pay $7.95 per month with discounts for annual payments and a one-time setup fee of $25 for your domain.
DataMotion has been in the encrypted email business for more than a decade and has a very mature offering that makes use of a gateway to process mail. The gateway can run on any Windows machine with at least 4GB of RAM. Getting it setup will require a couple of hours and most of that is in understanding the many mail processing rules that it offers.
Basically, if a user wants to send mail they append a [SECURE] tag in their subject lines to trigger the encryption process. If the tag is omitted, you can also set up processing rules that will encrypt messages containing sensitive information such as Social Security numbers or other personal information. These rules are disabled as part of the default install but are setup to be easily turned on with a few mouse clicks.
The gateway ties into the regular Exchange or POP/SMTP mail infrastructure: IMAP connections are not supported. You can access your encrypted messages either via a Web client or via a Windows-based Outlook plug-in. The plug-ins are custom-coded software, unlike other vendors: you'll need to login to your Web app and download the code individually for each user. That is somewhat cumbersome, particularly if you want to on-board hundreds of clients. There is also a responsive Web client that can be used for both desktops and smartphones.
File attachment limits are a bit tricky to describe: you have to set up your gateway with a specific limit and you also have to ensure that your ISP doesn't have other limits they impose that will prevent large attachments from being sent. Overall domain limits are set by the DataMotion support staff and not by the mail administrator. DataMotion has a separate file transfer product that can be used to send up to 2GB files.
Speaking of limits, DataMotion doesn't have any limits on the size of the user's inbox. However, it does place a limit of up to 500MB worth of messages that can be sent in a user's Track Sent Folder. If this limit is reached, the user will no longer have the ability to send new messages until space has been freed up within their account.
There are numerous features that are part of the DataMotion ecosystem: one of the more useful is its notifications feature, where you can see exactly when your recipient opened the message and the attachment. You can also set expiration dates for your messages, retract those that haven't yet been read, or resend another notification message via the Web app. Once a message expires, the only thing that remains is its metadata.
DataMotion offers a very robust set of APIs for developers to incorporate their programs with secure email features, along with a sandboxed cloud environment that can be used to test and track messages as they transit the Internet.
Subject lines aren't encrypted. Regarding the Silk Road scenario, while DataMotion couldn't completely protect against that situation, it can be setup so that no decrypted messages are ever stored locally.
DataMotion has a rather complex pricing sheet. You purchase the number of mailboxes (our sample 50 user set was $4,795 per year), then add on the Windows gateway for another $2,599 (which includes support), and if you want the large file transfer option that is another $72 per user per year. Free trials are also available.
Voltage has been in the encrypted email business for more than a decade, and recently was purchased by HP and rebranded. The technology is an email gateway, software that sits on either a Linux or Windows server or in the cloud and inserts the encryption process between mail client and server. There are numerous add-on modules that come as part of this ecosystem, including:
An option to send large attachments, including set expiration dates.
The Secure File desktop encryption client, which can be used to send files to a user directly, either from the desktop or directly from within Office apps.
Mobile clients for iOS, Android and BlackBerry. Voltage has separate clients that are very attractively designed and work very seamlessly with their ecosystem. Users can view attachments securely, too.
You administer the gateway via a Web browser, and there are dozens of options to set, similar to the DataMotion product.
Voltage has a zero download client, as they call their software that can be used to exchange messages with someone not on their system. SecureMail is showing its age: to get a new user up and rolling, there are several steps to authenticate and two separate browser pages to click on before you can open the attached message to decrypt and view it. Once you do so, you can continue to reply (and also compose messages) to your correspondents, including those you haven't ever sent encrypted mail to before.
Voltage is not designed to protect against the Silk Road scenario.
The bottom line: While parts of Voltage are showing their age, the overall experience is quite capable, and the add-ons for mobile and Outlook/Office are quite nifty. Like DataMotion, you have a lot of control if you want it. For example, it can be configured to decrypt messages, pass them on to a data leak protection device, and then re-encrypt them before sending the message out.
HP has a one-time perpetual license fee that starts at $55 per user, with discounts for volume purchases. Support and maintenance contracts are extra.
Hushmail for Business
Hushmail has also been around for more than a decade and has a solid hosted encryption solution that is the easiest of the products we tested to setup and use. Once you sign up for the service (there is no free trial), you are given the information you need to change your MX DNS records for your email domain to have Hushmail start hosting your email traffic. You add users and you are ready to go, once the DNS propagates over to the Hush servers, which are located in Canada.
There is no software to install on the client side; all mail is accessed via two ways: First, via a secure webmail client that connects to the Hush servers. This is the only way you can send encrypted emails to someone who isn't part of the Hush network. The webmailer is showing its age somewhat but if you want to get started quickly with using encryption, this has a lot of appeal. The Hush webmail app is responsive and you can use it on your mobile phone browser easily.
The second method is for users fond of their existing email clients, such as Outlook or Thunderbird, and are communicating with other Hush users or others on your own domain. In this situation there is literally nothing for them to do: they make use of their existing client to send an encrypted message. Between the client and the Hush server, mail is encrypted using either SSL/TLS. Once it arrives on the server, it is then encrypted via PGP. They have a detailed explanation about their encryption chain here. You can use either POP or IMAP connections to the Hush servers. This means that message bodies are encrypted end-to-end. Like most of the products, you can't encrypt your subject lines.
Hushmail would not protect you against the FBI grabbing an opened laptop a la the Silk Road Scenario, although if you registered for the service anonymously they would have protected your identity in that way.
Hush was one of the few remaining vendors to popularize PGP outside of the folks that actually worked at PGP (now owned by Symantec). This means that you can exchange secure messages with other PGP users by exchanging your public keys. While many PGP implementations have come and gone, Hush has endured and part of the reason is because it is so simple to use. There aren't any plug-ins to install and once you have changed your MX record, you literally have nothing to do.
If you want to send an encrypted message to someone outside the Hush ecosystem, you bring up the webmail client and attach a simple message password. (You have to communicate this password to your recipient via a text or phone call perhaps.) This feature, called Hushmail Express, has several additional options such as the ability to allow your recipients to create their own passphrase that can be used to decrypt all subsequent messages from you.
One place where Hush is showing its age is a 20MB limit on attachment size, and this could be a deal breaker especially when you consider that AppRiver has a 5GB limit on attachments. Business users have 10GB overall mailbox storage. Hush places a limit on 350 outgoing messages for the Web interface and 2,000 messages for the SMTP interface within any given 24 hours. This is to limit potential spam abuses.
Business users have access to a separate Web-based domain control panel. Here you can add new users, specify mail forwarding rules, maintain a common contact list for the domain, create white and blacklists, and specify things like a default mailbox size or setup a catch-all domain email address. These are only available to the domain administrator account, and are tucked away in the Preferences menu.
If PGP is important to you, then Hush is the only option among the products tested for an enterprise-wide deployment. And if you don't want the headache of managing a bunch of plug-ins, it has a lot of appeal. If your users spend a lot of time on their phones managing email, you probably want to look elsewhere for something that is specifically designed for phones or tablets.
Hushmail is priced per mailbox, with 50 mailboxes working out to $2,196 per year for 10GB of storage apiece. Pricing is very transparent, with additional fees for options such as domain admin, lost passphrase protection a step up to a 20GB mailbox and email archiving, each of which will cost $10 per domain per month.
Proton is one of the newer encrypted email services that have come along post-Snowden, with an emphasis on really keeping your emails private. They make a point of this by being based in Switzerland. However, they are still building their product out and as a result it has a very simple Web UI for its client and admin tool. The web client is responsive and can be used on mobile devices. They are also working on iOS and Android apps but weren't ready yet for this review.
Unlike some of the other services reviewed here, there is no mechanism for handling an entire domain: all email addresses have to be part of their protonmail.ch or protonmail.com domain. We include them in this review because they are so security-conscious and this is one of the first totally protected email services we've seen.
Because their servers are located in Switzerland, this is a big draw for people who don't want an American footprint. All of their investment capital to date has been raised through crowdfunding or other non-traditional sources.
Proton uses double password protection. The first is used to authenticate the user. After that, encrypted data is sent to the user. The second password is a decryption key used to decrypt data on your device. Proton never sees that latter key so they do not have access to the decrypted data. On top of all this encryption, they also employ SSL connections so your data is further encrypted across the Internet to and from their servers. There is no option to make use of any on-premises servers.
Unlike Hushmail, it doesn't support OpenPGP, but has developed its own algorithms.
You can also send messages to non-Proton users, where each message body and attachment will be encrypted with a one-time password. And you can send a password hint as an option. Another option is that you can set an encrypted message to expire after so much time has elapsed. Messages sent to other ProtonMail users by default are kept for a month at most.
While Proton would not protect against the Silk Road scenario, a user could register for this service anonymously so, like Hush, it would protect their identity.
Proton has a very simple UI for adding users too. Some of the other services allow CSV import.
While Proton is not really suitable for an enterprise deployment, it is a nice package of what the latest encryption products can deliver.
Mailboxes are fixed at 1GB per user, with attachments limited to less than 10MB. Each mailbox will cost $5 per month.
Of the products we tested, Tutanota is the least reliable and least feature-laden. It comes with a variety of clients, including web, iOS, Android, and Outlook plug-ins. Tutanota is a lot like CipherPost: it uses a variety of clients to set up encrypted mail connection across your existing email infrastructure. There are no changes to your servers and you can continue using Outlook for sending unencrypted communications.
We had some trouble with the installation, mainly because the software version has German instructions and installs the German version of .Net Framework. Once installed though, the menus and commands are in English. Tutanota is based in Germany, which could be important for customers concerned about American email privacy.
One of the distinguishing features is that its zero knowledge encryption process hides the message subject. Most of its competitors still send this information in the clear.
Its webmailer is the simplest of the bunch with bare-bones features. You can select whether a message is going to be sent encrypted or not, and if the former you can choose a passphrase for your recipients who aren't in the system to read and reply to your messages. This passphrase can be sent via a text message, in which case Tutanota picks up this information from your Outlook address book. That is a pretty clean way to do this.
Speaking of which, if you want to make use of the Outlook plug-in, you need to use IMAP with Outlook 2013 (but not POP). If you use Exchange, either Outlook 2010 or 2013 is supported.
For the Silk Road scenario: if you don't save a mailbox password when you login, you might be able to thwart this if you can quickly close Outlook before your laptop is seized.
Tutanota still has some rough edges, but as a client-oriented product it has a lot to offer, and as the product matures this could be a worthwhile choice for a limited encryption roll-out in your company.
Tutanota has a 1GB mailbox storage size limitation and is priced at 2 euros per user per month. It is limited to 25MB attachments.
Virtru has a nice balance of plug-ins and mobile apps that support its easy-to-use encryption operations across a variety of email circumstances. If you use Windows Outlook 2010 or 2013, you can encrypt messages on any SMTP-based email server. If you make use of Google, Yahoo or Outlook.com webmail, you can run either their Chrome or Firefox browser extension on any Windows, Mac or Linux computer. And there are mobile apps that support iOS and Android phones too.
You can also install an app for your Google Apps domain. The Google Apps support is somewhat unique in that it adds primitive data leak detection for your outgoing messages. You can have it recognize credit card or Social Security numbers, for example, and have it either warn you or automatically encrypt your message. This is all set up in a separate Web-based admin portal. There are other options located on this portal too: you can set expiration dates for messages, track who is being sent encrypted messages, search for files, and set other security policies.
If you have installed the necessary plug-in, when you want to send something, there is a small toggle switch on the top of the compose screen (if you are using webmail in Firefox or Chrome or its plug-in on Outlook). Turning that on will bring up a "send secure" button to encrypt your message. There are tool tips that appear as you hover over the various options with your mouse, a nice touch. These include the ability to add an unencrypted introductory message that will introduce your recipient to the context of the message that you are sending, and why you want to encrypt the remainder of the message. You can also set when your message will expire or disable any forwarding for additional security.
Virtru also supports zero knowledge encryption, although it adds a separate activation step when a new user receives the first encrypted message.
One other caveat: attachments are limited to 25MB, which could be an issue for some users who want to send bigger files. Another issue: Virtru won't protect you from the Silk Road scenario where someone grabs your phone or laptop while your email is open, because the decrypts happen automatically.
Despite these caveats, we think Virtru has some very nice options, and given it was the least expensive of the seven products tested, it is definitely worth a closer look.
Virtru has a free version, and a pro version that will cost $2.50 a user per month, with a discount for annual purchases. Both are available for 14-day free trials. The free version just does encryption without the additional features such as message expiration and domain administration that are found in the paid Pro version.
Strom is the founding editor-in-chief of Network Computing magazine and has written thousands of magazine articles and two books on various IT and networking topics. His blog can be found at strominator.com and you can follow him on Twitter @dstrom. He lives in St. Louis.