I have recently setup S/MIME in Outlook for my company's employees to send encrypted and digitally signed emails to one another. Is it possible to send encrypted emails to other email platforms from Outlook? If not, then what is the safest way to transmit sensitive information over email?
-
Why not just configure your outlook to use TLS? It provides confidentiality and authentication as long as both servers support it by default. Gmail as well as many other servers support STARTTLS. – Daisetsu Feb 07 '19 at 18:18
-
2@Daisetsu: TLS is by not a replacement for email encryption. Email encryption is truly end- to-end which TLS isn't. While it may suffice depending on the requirements, it does not address the question. – not2savvy Feb 07 '19 at 18:58
-
@not2savvy I didn't post in the form of an answer. I'm aware TLS doesn't address confidentiality at rest, but it's a vital well supported tool to address the majority of users that don't support MIME certs, but do support TLS. The question didn't mention it, so I figured adding it to the discussion would be beneficial. I see how saying "just" could be misleading. I will edit the comment it I can. – Daisetsu Feb 07 '19 at 19:14
-
I can't edit my comment. – Daisetsu Feb 07 '19 at 19:14
-
@Daisetsu, I didn't mean to criticize you for your comment. I just wanted to make clear, that TLS is another approach and may or may not be suitable. I guess now you've made it clearer. – not2savvy Feb 07 '19 at 19:18
-
I didn't take it as criticism. Its always good to clarify, thanks. – Daisetsu Feb 07 '19 at 19:19
2 Answers
Encrypted E-mail requires a bit of work by somebody. You've done the work for your users. Now the question is what's going on at the other end. The person on the other end will need to create (or have created for them) an SMIME certificate and private key. Then the folks at each end will want to exchange SMIME certificates.
Many mail clients can be configured to send out the user's SMIME cert as an attachment so that their correspondents will have a copy of it after receiving a single unencrypted message. This allows the folks at the other end to use that cert to send an encrypted message to the user.
The tough part is getting folks on the far end to generate their own keys & cert and getting that cert into the hands of your users so that they can send encrypted messages outbound. Sorry to say, but getting that cooperation from the far end may not be easy...
- 755
- 4
- 6
-
To make that clear: yes, it is possible to send S/MIME to other platforms. S/MIME is a platform-independent standard, and I don't know of any email client that does not support S/MIME. – not2savvy Feb 07 '19 at 19:03
Yes, you can send S/MIME encrypted messages to other mail systems once you've set it up at your end. But the people you're emailing also need to set up S/MIME at their end and sadly S/MIME is not universally supported. Although Outlook and Thunderbird support it my experience is most mail clients don't, especially on Android. And it's a similar story with PGP too. As for web-based email you're completely stuffed.
- 141
- 3