What does Hushmail encryption mean, exactly? How does it work, and what are your options? Are you sure you want all of your emails encrypted all of the time? Do you understand how the secure message center works and how it might affect your clients on the receiving end?
Not everyone is going to have the same encryption needs. That’s why at Hushmail we give you options. Let’s go through some of these options in today’s post.
TLS encryption versus OpenPGP encryption
First, you should know about the two types of encryption Hushmail uses to secure your emails and web forms. Transport Layer Security (TLS) is the widely used cryptographic protocol used by most email servers to secure messages in transit only. The other type we use is OpenPGP encryption, which secures messages in transit and in storage, providing greater security than TLS alone. By using both of these encryption methods (although not necessarily at the same time, as we’ll discuss later in the post), you can be confident that your client conversations will remain private.
Hushmail’s default encryption settings
When you first sign up for a Hushmail account, certain settings are already in place by default. You can change these if you need to later, but let’s look at the default settings more closely first.
When you send an email, it will always be sent encrypted over TLS when the receiving server supports it. That’s the tricky part about TLS. Both sides must be using it for it to work, and although most email servers do support TLS, it is not guaranteed.
That’s why we also use OpenPGP encryption. However, by default, you have to manually activate this encryption the first time you send an email to a client by enabling a switch in either your Hushmail webmail or Hushmail for iPhone app. When you activate this encryption, clients will receive your message in a secure message center requiring a password. Going forward, when you email that same client, the encryption switch will be turned on in the Compose window, but you can turn it off when you need to.
By default, OpenPGP is not used if you send through a third-party email app such as Outlook unless the recipient has already signed up to receive messages in the secure message center (or is also a Hushmail customer). Then, OpenPGP is automatically used, directing your recipient to the message center each time you send them an email. You can read about how to change this in the section below about how to control your encryption settings.
OpenPGP encryption is used between Hushmail accounts without the need for a message center. This encryption can be turned off by disabling the switch in the Compose window.
When to use OpenPGP encryption
The reason why the default setting requires you to manually enable OpenPGP encryption on the first email is that not all emails need to be encrypted, sending your client to the message center. You’ll want to use this encryption when an email contains protected health information (PHI) or when you want your conversation to remain private. If you’re sending a quick note to a colleague that doesn’t contain PHI, you probably won’t want to use encryption that will require the recipient to sign in to the message center.
What happens when you don’t encrypt using OpenPGP?
So what happens if you don’t enable OpenPGP encryption? Is your email still secure? Hushmail always attempts to send your email encrypted over TLS. However, it has to be supported on the other end for it to work. If it isn’t supported, your email will still go through, unsecured as a regular email. If you don’t want your email to go through when TLS isn’t supported for specific domains you frequently send sensitive information to, then Customer Care can set it up so these emails bounce back.
How to control your Hushmail encryption
The Hushmail default settings work well for the majority of our customers, but we realize that there are some situations that require greater control.
Automatic encryption in webmail and third-party email apps
For example, instead of manually encrypting your emails in webmail, you can have Customer Care change the setting so all your emails are encrypted without any further action from you. You can do the same for third-party email apps. This might be a good change to make if you’re using Hushmail to exclusively send PHI, as it eliminates the possibility of forgetting to encrypt an email that needs it, and helps ensure consistent, reliable security.
Keyword triggered encryption in third-party email apps
By default, when you use a third-party email app, your emails are not encrypted unless your recipient has already signed up to use the secure message center or you’re sending to another Hushmail account. If this doesn’t suit you, you can have Customer Care set up a keyword to use in the email’s subject line to trigger encryption. This will also prevent emails from going to a recipient’s message center when you don’t want them to. Emails will only be encrypted when you use this keyword.
Are you ready to start encrypting your emails and web forms?
Not everyone is going to have the same encryption needs. That’s why at Hushmail we give you options. Transport Layer Security (TLS) is the widely used cryptographic protocol used by most email servers to secure messages in transit only. The other type of encryption we use is OpenPGP encryption, which secures messages in transit and in storage. You can change the default settings to adjust when this encryption is used.