Back to the old days when everything goes through the classic SMTP, nothing gets protected. Those were the good days for any man in the middle, picking up confidential information like free gift.
Not anymore with the use of TLS, StartTLS, or even better S/MIME which is suitable for your most sensitive information.
Every email sent through TLS is encrypted to protect the message in transit from one server to another. It requires both mail servers to follow along in order for the encryption to work. But not all mail servers are equally made. If an email is sent via TLS but the other end doesn’t accept TLS, the email will be degraded from TLS. Like back to the old days, email gets decrypted and delivered in plain text. Bad news for you but good news for the man in the middle.
According to Google, during a 3-month period between March 11, 2019, and June 9, 2019, 89% of emails going out from Gmail and 94% of email received by Gmail are encrypted. And who are the top bad guys?
So how to tell if my incoming emails are encrypted
Google is on top of a lot of things. This is no different. If you are using Gmail as your main mail app, you can easily tell whether the email you received has never been intercepted by the man in the middle.
When you get an email, click the little down arrow to reveal the header and you will find if the message was received through TLS or other encryption method.
Not as easy as Gmail but still can be done. Open the email you received from outside, click File > Properties.
And look through the Internet headers section. If you see the word TLS in there somewhere you can safely tell your email is safe during the transition.
How to tell if email I am sending is encrypted
For Gmail, if you have S/MIME enabled on your account, you will see a lock icon that shows the level of encryption supported by your message’s recipients. Otherwise, there is no direct way to tell whether your email will be safe all the way to the other end.
But there are a few workarounds that we can still take.
First, we can start with an introduction email and only start sending confidential content after receiving one email from other party and verified that it’s safe.
Or, we can use a TLS checker to scan and verify that the mail server used by the domain you are communicating with supports at least TLS. It’s safe to email me confidential stuff because it’s OK in the TLS column like below.
But never send confidential emails to the mail server that’s not safe like below.
Last, if you are using Gmail and need the highest security for sending confidential via email, you can turn on the Confidential Mode so entire email communication will be secured.