Encrypting Your Email Keeps Your Messages Safe

In today’s digital world, privacy and security are more important than ever. As we navigate online communications, it’s important to understand how encryption can safeguard our emails. Let’s explore what encryption is, how it works, and why you want to consider using it.

What is Encryption?

When you send an email without encryption, it’s like sending a private message on a postcard – anyone who handles it can read its contents. At its core, encryption works by converting the readable data of an email into a scrambled format. Basically, the contents of that email turns into gibberish so that nobody can read it. The point is to keep the email private while it’s in transit from you to the recipient.

Even though most email services use some form of encryption for data in transit, this is not the same as end-to-end encryption. With end-to-end encryption, only the sender and the recipient can read the message. This method effectively prevents anyone else, including email providers, from accessing the content of your messages.

While many of us might feel that we have little to hide and aren’t overly concerned about others reading our communications, it’s important to understand how our information could be accessed. Encryption helps to safeguard our personal information, which may contain sensitive details about our personal finances, family matters, or other private information.

Encryption works by installing software on your computer that lets you generate two digital keys. One key is a public key that you can make available to anyone who might want to encrypt a message and send it to you. The other key is your own private key that lets you decrypt the messages you receive.

Data Vulnerability

If emails aren’t properly encrypted they are vulnerable to exploitation. Free email services such as Gmail or Yahoo have the ability to scan the contents of your emails, and they often give third party developers access as well for advertising purposes. It’s how they make money. Read our blog post about free email services.

Assumed Surveillance

Given that certain agencies monitor internet communications, it’s prudent to assume that anything you send via email could be intercepted. Yes, governments snoop on us. They may collect and store vast amounts of data, and encryption acts as a safeguard against such surveillance. By encrypting your emails, you can communicate freely without the anxiety of being monitored or censored by authorities.

Control Your Privacy

By managing your own encryption, you take control of your data privacy. In case of a data breach, encrypted emails remain unreadable to unauthorized individuals, reducing the risk of sensitive information being compromised. Rather than relying on anyone else to protect your information, you can ensure that it remains confidential.

At Runbox, we prioritize the security of your emails. Here’s a closer look at how we protect your communications and what you can do to increase your privacy.

1. Between You and Runbox

When you use Runbox Webmail, every email you send or receive is encrypted during its journey between your device and our servers. This ensures that data is always secure in transit between you and Runbox’s servers, and between Runbox’s servers and the recipient. This encryption safeguards your messages from potential interception, ensuring that your communications remain confidential.

If you prefer to use an email client like Outlook, Thunderbird, or Apple Mail, you can still enjoy the same level of security by connecting through our mail.runbox.com server. This means your emails are encrypted during transfer, providing peace of mind whether you’re accessing your inbox via web or client.

While your emails are encrypted during transfer, it’s important to note that they are not currently encrypted while stored on our servers. However, because our servers are housed in a highly secure facility in Oslo, Norway, there are stringent measures to protect your data. Not only is your data protected by the strict privacy laws in Europe; our servers are housed in a highly secure data center. You can read more about our commitment to security and details about our privacy protections.

2. Between Runbox and Other Email Services

When our servers handle emails sent to and from other email providers, we always aim to establish a secure, encrypted connection. This process begins when our server “asks” the recipient’s email service if it can use a secure connection. If the other server agrees, your email is transferred securely, shielding it from prying eyes.

However, not all email services support secure connections. If the recipient’s email server can’t accommodate this, your email will be sent using standard protocols. In this case, unless you encrypt the email content yourself, there’s a risk that it could be read if intercepted during transmission.

It’s crucial to understand that while we make every effort to use secure connections, Runbox has no control over the email services you correspond with. Therefore, while this secure transfer facilitation is beneficial, it’s not a complete guarantee of privacy.

3. Additional Protection of Your Email

If you don’t want anyone to be able to access your emails, end-to-end encryption ensures that only you and your intended recipients can read the content of messages. There are two popular methods for encrypting email this way; PGP and S/MIME. Runbox supports both standards, which can be used with an email client or with Runbox Webmail. These are free and open source. Here is an overview.

PGP (Pretty Good Privacy):

PGP is the easiest encryption standard to get started with. It is based on a “web of trust” because it only involves the sender and recipient, and assumes that they trust each other. Both sender and recipient must have PGP installed, and messages are encrypted using the recipient’s public key. Despite the name, PGP is considered to be cryptographically very strong and is probably the most popular email encryption standard today. To get started with PGP, see our Encrypting and Securing Email Using OpenPGP help page and https://help.runbox.com/using-openpgp-some-things-you-need-to-know/.

– S/MIME: Secure/Multipurpose Internet Mail Extensions:

S/MIME requires a digital certificate from a Certificate Authority. While it offers strong security, it can be more complex to set up than PGP. The functionality is built into most major email client programs. Both parties must have an S/MIME enabled email client. This method is also based on a “chain of trust”. A certificate obtained from a Certificate Authority validates the sender’s identity and makes the public key available to others.

– Mailvelope

Mailvelope is a user friendly browser add-on for Firefox and Chrome. The extension enables users to encrypt and decrypt emails using PGP (Pretty Good Privacy) directly within the Runbox Webmail. It provides a simple interface for managing encryption without needing extensive technical knowledge. You can install the Mailvelope extension from the Chrome Web Store or Firefox Add-ons. Then you can generate a PGP key pair (public and private keys) through Mailvelope. Here’s how.

Final Thoughts

Encryption can be a vital tool for protecting your communications. At Runbox, we strive to make it as straightforward and secure as possible. By understanding the layers of protection we offer, you can take proactive steps to ensure your emails remain private. By adopting end-to-end encryption practices, you ensure that your emails remain confidential and secure from unauthorized access. 

We are here to help.

Runbox has a pretty extensive help section that will help guide you in setting up encryption for your email. We encourage you to check it out because this is a blog post and we can’t include everything here!

See Encrypting Your Runbox Email for an overview of email clients that you can use and their encryption support.

We’d love to hear from you. Please contact us if you want help with the setup.

Continue Reading →

How To Use Email Securely

Much has been said and written in the media recently regarding email, and here at Runbox we’d like to take the opportunity to help make it all a bit more understandable.

What is email, anyway?

Email, or electronic mail, is the most common method of exchanging digital messages.

It is easily the most flexible online messaging service available, because it lets users send and receive unlimited text, multimedia, and other files to anyone with an email address anywhere in the world.

Email was invented in the 1960s and is still one of the most popular services currently available via the Internet, with over 90% of US Internet users actively using email.

How does email work?

Email systems consist of computers and devices that are connected via the Internet. These computers and devices can be servers that process and store electronic mail, or clients such as laptops and smartphones that are used to send and receive email.

Email clients and server Email clients connected to a server

When someone sends an email, the message is transferred from his or her device to a server that processes the message.

Based on the recipient email address, the server finds out where to send the message next.

This is usually to another server associated with the recipient’s address, and often via a number of other servers that act as dispatchers.

There are many different types of email software that can send, receive, and store email. If you use a computer or a smartphone, you might be familiar with software such as Outlook, Apple Mail, or Thunderbird.

Where is my email actually stored?

Because the volume of email is so large, email clients typically let servers store all the email that is received and sent and only download messages when they are opened.

This is very convenient because the server can then do resource intensive things like filtering out spam and viruses, and other kinds of sorting and processing.

Another important reason for keeping emails stored on a server is that it lets more than one client access the same messages.

For instance, you can set up your laptop, your tablet, and your smartphone to access all the email that is stored in your account on the server. You can also use a webmail in your web browser, which essentially works as an email client.

This means that your email will be synchronized across all your devices, without you having to do anything manually.

You can read more about how this works in our Help article Using an Email Client with IMAP.

How can I be sure that no one else can access my email?

When you sign up for an email account, you select a username and a password that only you know. This ensures that only you can access the email that is stored in your account on the server.

As you can imagine, it is important that you choose a strong password to make sure that no one else can guess it. It’s also important to be aware of scams that may try to trick you into revealing information that could let someone gain access to your account.

End-To-End Encryption
End-To-End Encryption

However, to be certain no one can read your email even if they were to gain access to it, you can use encryption.

Email encryption can protect your messages all the way from your device to the recipient’s, by encoding them in such a way that it’s virtually impossible for someone unauthorized to unscramble them.

You can read more about this in our Blog post Email Encryption with Runbox and our Help article Encrypting Your Runbox Email.

We hope this article helped clarify what email is, how it works, and how to use it securely. For a more in-depth article, please see How Email Works.

Continue Reading →

Email Privacy, Security and Runbox

In recent weeks (for some reason) we have seen an increase in demand for information about whether Runbox collaborates with any government law enforcement agencies when it comes to the email sent and received by our members.  We have also had numerous enquiries asking what we do to ensure the privacy of email sent and received by Runbox members.

It seems like a good time to review what Runbox does and doesn’t do.

Monitoring by Law Enforcement & Security Agencies

Runbox is not involved in any routine exchange of members’ data with anyone.

All email data is stored in a secure facility in Norway and access to the data center is very strictly controlled.

Casual requests for information about Runbox members and their email are categorically rejected.  More formal requests are always directed to the Norwegian court system.  Only if a valid Norwegian court order is received, and the proper procedures have been followed, will the request be considered. At that point it will be referred to our legal representatives.

We adhere to our own strict Terms of Service as well as Norwegian laws and regulations, and if we become aware of activity that is contrary to those we will take appropriate action.

Details of laws and regulations as they apply to Runbox can be found on our Email Privacy and Offshore Email page.

Email Privacy and Security

In recent weeks certain claims have been made that email can be intercepted by government agencies as it crosses international borders. Regardless of any truth or otherwise in these claims, the security of email transfer is essential.

It is important to distinguish between three points of security.

  1. Security of the connection between you and the Runbox email service.
  2. Security of the connection used between the Runbox email service and other email services.
  3. Securing the content of your email in addition to 1 and 2 above.

In the case of the first point Runbox provides the facility for email to be encrypted during transmission to and from our members. All that the member needs to do is use our server secure.runbox.com with the appropriate settings.

On the second point, we employ encryption techniques when sending to and receiving from other email services. However, this is only available if the other service also offers this facility.  If it doesn’t then we have to use an unsecured connection.

The third point is entirely under user control.  If a message’s content is encrypted before sending or receiving through Runbox, then whether it is transmitted securely or not is much less important because only the sender and recipient will be able to decrypt the message and read it.

Runbox is planning to provide a method of allowing members to encrypt and decrypt messages using PGP (Pretty Good Privacy) within the Runbox Webmail.

The best way to encrypt messages with your Runbox account today is to use the Thunderbird email client with the Enigmail Open PGP add-on.

For more information about email security see our page on Secure Transfer of Email.

Continue Reading →

Runbox, email privacy, and the recent news

In the last few days we have seen an increase in inquiries about privacy and security, and particularly whether Runbox could be involved in programs similar to those outlined in the recent allegations about interception of communications data by law enforcement agencies.

As a Norwegian company and service, Runbox is protected by Norwegian law and privacy regulations because all our email servers are located in a secure facility in Oslo, Norway. No entity, domestic or foreign, can access email or files stored in our data center without a Norwegian court order.

You can read more about US, European, and Norwegian privacy regulations here: Email Privacy and Offshore Email

Email encryption

To protect data being transferred to and from the Runbox servers in Norway, it’s important to use encryption such as SSL (Secure Sockets Layer) which is available both in the Runbox Webmail and in email clients.

When using Webmail, make sure that the SSL padlock icon is visible in the browser’s address bar and that the domain’s identity is verified as runbox.com.

In email clients such as Outlook and Thunderbird, set up your Runbox account with SSL according to the instructions found on our IMAP help page.

Runbox plans to extend our encryption support in the near future to allow complete encryption of messages all the way from sender to recipient.

 

Continue Reading →