State of the art of email encryption

Nowadays the email encryption became more important in a context where public cloud services host the majority of electronic communications, the hacking of this information by international organizations that are not very transparent but very lucrative has become the CSIO’s number one concern. This transit of confidential information through email, such as personal data, financial transactions or strategic projects have become the target of hackers.

The implementation of the General Data Protection Regulation (GDPR) last May has contributed to sensitize users and, among the various protection measures that are being implemented, the need to send encrypted messages has considerably increased.

The challenge in the professional field is to provide simple solutions to use with a restricted capacity for change management, as well as guaranteeing the privacy of the content of the messages.

Currently, the use of mail encryption is being imposed in some sectors, especially those that handle data related to health, finance or real estate.

In this post, we will detail the fundamental principles of email encryption, as well as the key elements for its application in the professional context through two specific cases implemented by Alinto at European level.


Let´s start with some basics

Email encryption consists in to make the content of an email unreadable so that nobody, except the recipient, can read the message. Once the information is encrypted, a key will be needed to decrypt it and have access to the content.

There are several email encryption protocols, including OpenPGP, TLS or S/MIME, the most widely used today.

Encryption can be carried out in several ways:

– Symmetric cryptography algorithms (secret key): the same key is used to encrypt and decrypt the message. This implies the need to transfer the key to the correspondent, which makes its implementation more difficult and risky, since the key can be intercepted.

– Algorithms of asymmetric cryptography (public and private key): in this case there are two keys, one public to encrypt the messages and one private to decipher them. In this way, only the recipient of the message can decipher its content.

Asymmetric cryptography also guarantees the authenticity of a message through the digital signature; this ensures that the sender is the author of the message. Most of the companies that currently offer encryption services depend on this last type of cryptography, considered the safest of the two.

The answer Alinto: professional email encryption

Encryption services implemented by Alinto use asymmetric cryptography, combining public and private key, to guarantee high security of information exchanges.Our solutions are based on S/MIME (Secure / Multipurpose Internet Mail Extensions), a standard that is based on X.509 digital certificates for signing and encrypting email. It ensures the integrity and confidentiality of the data, while the electronic signature guarantees the non-repudiation and authentication of the information.

The S/MIME protocol is compatible with most email clients, such as Microsoft Outlook, Thunderbird, Apple/iPhone Mail, Lotus Notes, Gmail on Android, etc.

But how to respond to the particular needs of each company?


Encryption On premise – Easy deployment and user friendly

One of our clients, a large representative of the insurance industry in France, needed to encrypt his Office 365 email service in the cases in which his employees send medical records of clients to doctors using public Gmail or hotmail accounts. The communication of this personal information had to be done in a secure way, since it is strictly confidential information.As the employees of the insurer were not experts in the use of computer tools, a simple solution was needed that did not require any heavy installation.

Netmail Encrypt solution was implemented, in such a way that, from Office 365, it is only necessary to establish a routing rule so that sensitive messages are encrypted. To do this, the user has only to define the message as confidential by placing a tag such as “[encrypted]” in the subject of the email. In addition, the administrator also has the possibility to create shipping policies based on the metadata of the email (recipient, sender, …). On the part of the receiver, using Gmail, Hotmail or any other solution, there is nothing to install. The first time the user receives an encrypted email, he will be asked to create his personal password. After this, he will have access to the encrypted emails and he could read its content and attachments, as well as respond to messages.

Therefore, one of the main advantages of Netmail Encrypt is the simplicity in the implementation and in the daily management, making it very suitable for companies with non-tech users and working with Office 365 or other market solutions.

Cloud encryption – Security and versatility for SMEs and medium-sized companies

Always maintaining the highest level of security, encryption projects require adapting to the needs of companies of any size and sector. Our partners often face projects that do not allow the installation of a dedicated server for reasons of budget or resources. They request solutions that are easy to implement and capable of adapting to particular situations.

This is the case of our clients, a clinic with more than 130 users who needed encryption through special health certificates (HIN, Health Info Network). With the Cleanmail Sign + Encrypt solution, a cloud encryption service was implemented that allowed to integrate a variant of this certificate for users. The solution is based on the technology SEPPmail, the leader in encryption solutions in Switzerland, integrated in the anti-spam and anti-spam filter of Cleanmail. The solution automatically manages security certificates and simplifies the implementation and administration of the service.

This capacity of automation allows us to work with companies of different sizes and sectors: from the health sector, to consultants or private companies of all kinds.

In short, the solutions implemented by Alinto allow organizations to mitigate the risks associated to regulatory violations, data loss and hackers by transparently protecting confidential or personal information.


For more information, our team is always listening. Do not hesitate, get in touch with us!