Email - Encryption / Protection (S/MIME)


Cryptography - Encryption (Enciphering) in Email

Message can be encrypted using:

  • S/MIME (in transit and storage)
  • pgp (in transit and storage)
  • TLS (in transit)



S/MIME is a long-standing protocol which allows encrypted and signed messages to be sent using standard email delivery SMTP.

It uses public key cryptography to:

  • Encrypt the message on send and decrypt the message on receipt with a suitable private key to keep message content private.
  • Sign on send and verify the signature on receipt to authenticate and protect integrity.

S/MIME 1) employs a model based on a trusted certificate authority (CA) that signs users' public keys.

Note: A message can't be decrypted if the user's key isn't uploaded when the message is delivered. Learn more about uploading certificates.


PGP (Pretty Good Privacy) is a protocol that uses also the public key cryptography to encrypt email.



SSL (TLS) is a protocol that helps provide privacy between communicating applications and their users during email delivery. When a server and client communicate, TLS ensures that no third party can overhear or tamper with any messages.

For delivery TLS to work, the email delivery services of both the sender and the receiver must always use TLS.


See Postfix - TLS (SSL) configuration 3)

Powered by ComboStrap