Email encryption
- Natasha Jennings
- Barb Yantha
- Rohan Raghavan
Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information.
In this article:
How email encryption typically works
A message is encrypted, or transformed from plain text into unreadable ciphertext, either on the sender's machine or by a central server while the message is in transit.
The message remains in ciphertext while it is in transit, in order to protect it from being read in case the message is intercepted.
Once the message is received by the recipient, the message is transformed back into readable plain text in one of two ways:
The recipient's machine uses a key to decrypt the message, or
A central server decrypts the message on behalf of the recipient, after validating the recipient's identity.
Email encryption options
Microsoft 365 Message Encryption (Purview Message Encryption)
The Waterloo Microsoft 365 email tenant is licensed for Purview Message Encryption. This allows for seamless encryption with other M365 tenants, and also allows for encrypted emails to be sent to and received from other sorts of email systems. For non-Microsoft tenants, the recipient will be able to use a portal. They will get a notification that they have received an encrypted email from you, and be able to authenticate and respond back. No keys are required to be exchanged. Microsoft has documentation available for review.
Using certificates for sender and recipients (S/MIME)
Sending and receiving S/MIME-encrypted email requires that both sender and recipient have some method to exchange keys in advance. This option is not recommended unless the remote entity strictly requires S/MIME encryption. Please contact ist-ca@uwaterloo.ca if you have such a requirement, and IST Information Security staff will assist you.
When to use email encryption
Email encryption should be used when sending information that is classified as Confidential or Restricted. Highly Restricted information should never be transmitted by email.
For a description of the classifications and for more information see Guidelines for secure data exchange: Choosing information transmission methods based on the security classification.
Email encryption instructions
See Email security section: Using certificates (S/Mime) (see Email security section)
Related articles
Need help?
Contact the IST Service Desk online or 519-888-4567 ext. 44357.
Article feedback
If you’d like to share any feedback about this article, please let us know.