If the e-mail encryption is to be seamless, then not only the e-mail itself must be encrypted, but also via a SSL/TLS secured connection to your e-mail provider.

In some cases, e-mail providers no longer even offer support for unsecured transmission paths, and immediately pass on the secured server setting data to your customers so that they can set them up in their e-mail program.

In Outlook, change the server settings for receiving and sending e-mails via the “File” – “Account settings” tab and there select the relevant e-mail account with a double left-click and go to the corresponding settings. There you should find the server connection numbers including the encryption method used under “Settings” – “Advanced Settings”.

You can find out exactly which these are and which ports you have to use directly from your e-mail provider.

See fig. (click to enlarge)

Outlook encryption is cryptographic, not password-based. This means that anyone who wants to use the encryption option in Outlook first needs a digital certificate. The recipient must also have such a certificate in order to be able to decrypt the e-mails.

There are different services that issue such certificates. However, this is not completely free.

Well-known certification services are:

• Comodo >>>
• Global sign >>>
• Iden Trust >>>

To get to the settings menu for the digital ID in Outlook, proceed as follows:

• Go to File and choose Options.
• Mark the Trust Center Security Center and click on Settings for the Trust Center or Security Center
• In the new window, go to the Email Security tab, click Settings, and then click Require Digital ID
• In the following, a Microsoft Office web page with further instructions and well-known services will be opened
• Here you now have the choice between the 3 services mentioned above. (These are of course not the only ones)
• Once you have confirmed your identity, you will receive your certificate with the digital ID as a download
• You will also receive instructions on how to correctly install the certificate from the respective provider

See fig. (click to enlarge)

So that recipients can now also decrypt your encrypted e-mails, they need the corresponding key.

To do this, you must send them a digitally signed message. This then contains your certificate and a public key, with which encrypted e-mails can be decrypted by the recipient.

• To do this, go back to the Trust Center and E-Mail Security
• Then activate the box Add digital signature to messages under the item “Encrypted e-mail”.
• Optionally, you can also activate the item “Signed messages as plain text” so that recipients without S/MIME security can also read your messages.
• Then confirm with “OK”

See fig. (click to enlarge)

In order to be able to send encrypted e-mails with your freshly set up security certificate, simply open a new e-mail as usual and then go to the “Options” tab and activate the “Encrypt” item there. In this way you have then encrypted the message and attached files, and these can only be decrypted by a recipient to whom you have sent your certificate.

A notice:
The option to encrypt e-mails is only available in Outlook if you have also installed a corresponding certificate.

As you have seen, it is a lot of effort to ensure more security in e-mail traffic, and it is certainly not necessary for every e-mail. But it still makes sense to send sensitive data in encrypted form.