Email Encryption Options

I am providing a link to a Blog post that covers the basics of Email Encryption and a couple of Email options one can use. I also provide an option to upload documents securely using End to End Encryption.

1 Like

I feel wil’s suggestions are unreallistic for notaries. First, I’d like to dismiss two situations where email encryption is either already solved or not an issue.

First, some notaries do all their notarizations as employees, and all the signers are fellow employees. These notaries will use whatever encryption the company provides; if the company doesn’t presently provide any, they’ll have to wait for the IT department to provide something.

Second, some notaries do one-off notarizations for the general public, with little or no repeat business. There is hardly any need for email in these situations.

Mobile notaries who do real estate notarizations for title companies and similar organizations and other notaries with substantial repeat business, have more need for email, and encrypted email would be helpful. But the employees in the companies the notary communicates with are employees. In most cases they don’t have the authority to purchase any email product or service. Even if it’s free like GPG, most of them don’t know how to install it, and even if they did, their IT departments probably won’t let them install software.

About the only encryption facility that’s widely available to employees who work in offices is the password protection of Microsoft Word documents. Microsoft Word does not provide for encrypting a document with a public key; in that program, public keys are only useful for electronic signatures.

Once the Word document is encrypted with a password, it can be attached to an email.

Ashton the blog post was created as a Notary Public wanted to know about email encryption options and Tutanota and Protonmail fit the bill quite nicely. Encryption is not for the faint of heart as some education will be necessary by the end user to ensure that both ends of the transaction are secure. Your mileage may vary.

Honestly, Zix Encrypted Email is the only one I trust.

I can see why a corporation would want to use Zix, but for the life of me I don’t see the benefits for a individual user. If you want to maintain your privacy and or your anonymity I don’t see how Zix can provide that. Tutanota not only handles the encryption for you seamlessly, but also encrypts the entire message including the Subject Field so nothing leaks. In addition, the pricing for Zix seems to be a bit steep for an individual user.

Without giving out any private information, I’d appreciate it if wil would describe how many people he is exchanging Tutanota emails with, and give a general description of those people’s roles. I don’t think I’d be able to persuade a single person to use any email system they are not already using.

Why would I want to give that kind of information out as it has no bearing on the efficacy of using Tutanota. As I mentioned your mileage may vary as to how you use the system. The purpose of the Blog was to give a non technical person an overview of what’s involved in implementing an encrypted email solution. I believe that I have provided an approachable overview for the non technical person and they can decide whether they want to implement the solution that is described in the Blog post.

This is available via Office 365 and G-Suite enterprise level services so no it’s not aimed at individual level usage. Both are whole encrypted email solutions and are quite simple to implement and use without using UI we as end-users are not familiar with.

The recipient gets an email telling them they have a secure email. They click the link and follow instructions to get to view the email like Proton & Tutanota.

Most people here would not take on the cost to implement any option without specific requirement. I worked for MS supporting O365 product lines for 3 years directly, by training other technicians, & later by providing O365 & GSuite deployments to enterprise clients under my own banner. IE… I know how they work & what I state is accurate.

Laws would need to be written to force title, lending, etc to use encrypted email to protect client data. And if that were the case; those encrypted emails will be initiated from the corporate end in our line of work. That communication will also provide an avenue to provide an encrypted response using the same platform.

This effectively negates individual notary’s need to invest in even a free solution like PGP let alone a subscription based one.

PGP has it’s flaws. The article was too simple in its direction of implementing it. A set of subkeys should be used. If one of the keys is compromised, you only need to revoke it and regenerate a new one. This negates the need to revoke the master key, the one that holds your digital identity. This strategy offers a much higher level of security.

All of it is moot anyway if your PC is compromised and you are the typical end-user who selects the easier way of utilizing the tools no matter the option used.

And just like PDFs… Microsoft formatted docs can ALL be unlocked with readily available tools. They are not secure. Most any password protected MS Office document can be opened in a matter of seconds to minutes.

When it comes to protecting a Word document (using Office 2016), I would follow these steps

  1. Open the document
  2. Click File
  3. Click Protect Document

The options are

  1. Always Open Read-Only
  2. Encrypt with Password
  3. Restrict Editing
  4. Add a Digital Signature
  5. Mark as Final

From what I’ve read, only “Encrypt with Password” will protect the information in the document from those who lack the password. The digital signature can’t be faked (unless you steal the secret key or trick the key-holder into signing something he/she shouldn’t), but the information in the document can be read by anyone. The others can be overridden, either with Word, or with other software.

I seldom use Adobe Acrobat, but I understand the situation is similar with that. There is an encryption option that’s reliable, but options that try to restrict the use of the document, for example, by preventing printing, can be overridden with other software.

Dominus, I am looking into using Office 365 as my way to send encrypted emails, my question in doing this is does the receiving party need to have an office 365 account as well or do they only need the password to open the email? I am confused as to how this works.


No they don’t.

It works like this:

You create an encrypted email. The recipient receives an email that tells them they have an encrypted email. That “notice” email will include a link that they must click. They will need to complete the next steps to authenticate themselves to be able to view the email in question.

They will also do this to reply to that email.

Nothing is actually done in Outlook, Thunderbird, or what ever email client they use other than receiving the original notice and clicking the link to access the email to read or respond.

The devs were working on Outlook integration when I was doing deployments. Not sure how that has turned out as I do not use the encryption part of the O365 offerings in our own business. We have no need for it & my transition from IT means I’m not keeping up with changes.

Note… a enterprise tier level of service was needed to get encryption. Plus you would need to be able to admin the service or pay someone to do it. Managed enterprise service required over a 1000s of seats before MS would even consider a contract.

Few companies did that. Think a end user base such as AA… it’s an airline.

I’m not sure if that is a feasible expense for a single notary.

Why do you think you would need it? Maybe we could address the concerns to help you decide.

And again …
You are only secure as you think you are. Office docs can be comprised. Digital signatures are included in that.