There are two primary ways to secure emails:
- using an email client that provides the necessary security
- using encryption to encrypt the content of the emails itself
It is always best to receive and send emails in pure text format as intended during the initial days of email and email communications design.
When using HTML emails, there is always a risk of receiving malicious code along with the body of the email. Most email clients are known to stop malicious code, but it seems safer to receive emails only in textual format. If HTML can be removed from emails, half the work is done.
The other half of the issue is with the attachments that come with emails. To protect from email attachments that might be malicious, below are some basic rules:
- Make it a rule not to open any attachments included in unexpected emails
- Make it a rule not to open any executable file until and unless there is 100% confidence in the file and the email source.
- Make it a rule not to open any attachments from unknown senders
- When posting on forums and subscriptions, use free webmail accounts
It is not always enough to use a secure client, use only text-based emails, and choosing not to open attachments from unknown sources. There must be additional layers of security to be put in place to stop spam effectively and block attachments that are infected. The use of antivirus, anti-spyware, and spam filtering solutions along with the above three mentioned points would increase the computer system’s security and effectively block malicious email attachments, spam, and unwanted emails. With a layered security approach, almost 99% of emails will be protected.
The use of digital certificates while composing emails is one way to encrypt them before sending them out. Either signing the email to make the receiver aware of the email’s authenticity or encrypting the complete email so that only the intended recipient can decrypt the email and read the contents. There are alternatives to buying an individual digital certificate wherein a Public Key Cryptography (PKI) infrastructure can be deployed to encrypt and sign emails for confidentiality and integrity. Many organizations have started adopting PKI and have been harvesting the benefits of PKI like encryption, non-repudiation, integrity protection, etc.
Another option for securing emails is PGP (Pretty Good Privacy). PGP involves sharing keys between two users before they can send or receive emails. PGP is free and is widely used across the globe for encryption emails before being shipped.
The final option is to use third-party email security solutions that allow for the encryption of emails before they are sent to the recipient through SSL (secure socket layer) technology provided over HTTPS protocol.