Review: Email encryption has gotten so much better, you’d be crazy not to use it

1 2 3 Page 2
Page 2 of 3

AppRiver CipherPost Pro

AppRiver sells a variety of email-related solutions, and CipherPost Pro is its encrypted mail product. Basically, you layer an encryption service on top of your existing email infrastructure.

+ ALSO: AppRiver filters catch 3.5 billion spam emails in August, US largest point of origin +

If you are using Outlook, it installs a plug-in. Otherwise you can take advantage of a Chrome plug-in or a webmail page that has similar functionality. AppRiver also has a wide collection of mobile apps for iOS, Android, Windows phones and BlackBerry 10s that offer the ability to send and receive encrypted messages. The caveat for any of these mobile versions is that you can’t send or receive attachments.

Downloading the Outlook plug-in took a few steps and required .Net Framework to be installed and activated to your particular email account. Once that is done there is a separate “Secure Messaging” menu option on your Outlook toolbar, with a “Send Secure” button to start the process to compose a message. This is typical of many of the Outlook add-on products.

You can correspond with people outside your email domain or people that haven’t yet registered for the CipherPost service, what we call zero knowledge encryption and what AppRiver calls guest users. Recipients get a message with a Web link; they click on it and are asked to register with the system before seeing the message contents. Guests don’t have to pay for the encryption service but can only correspond back to you with an encrypted message. And like most other products, the subject line of your encrypted message is shown in the clear.

Whether you use Outlook or the webmailer, at the heart of the product is a special “Delivery Slip” sidebar that appears on the right side of the page as you are composing your message. This is where various controls are located to enable message-tracking options, to restrict external users from forwarding or replying to your message, and to add an extra security layer to make your message require a second encryption key to be read. These are all nice features.

In addition to the webmail page, there is a separate admin portal where you can keep track of your users, including the ability to promote or revoke guest or registered user rights and add new domain administrators. There are several tabs across the top that promote AppRiver’s other services, including a hosted Exchange service and a secure Web proxy service.

AppRiver has another feature that adds an extra layer of encryption called For your eyes only. This could possibly handle the Silk Road scenario, but is certainly nice if you want to make sure that no one else can read your message.

Some caveats. CipherPost supports POP or MAPI (native Exchange) access but not IMAP to your Internet email accounts. There is a 5GB attachment size limit on all encrypted messages, which is the most generous of any of the vendors tested.

If you have to send large attachments, then CipherPost should be on your short list. Managing its plug-ins could take some valuable staff time to setup, especially for multi-modal email users who like to switch between mobile and desktop or web email clients.

CipherPost has a 30-day free trial and an impressive support department that will walk you through the process to setup an account and get started with adding users and sending your first message. Users pay $7.95 per month with discounts for annual payments and a one-time setup fee of $25 for your domain.

DataMotion SecureMail

DataMotion has been in the encrypted email business for more than a decade and has a very mature offering that makes use of a gateway to process mail. The gateway can run on any Windows machine with at least 4GB of RAM. Getting it setup will require a couple of hours and most of that is in understanding the many mail processing rules that it offers.

Basically, if a user wants to send mail they append a [SECURE] tag in their subject lines to trigger the encryption process. If the tag is omitted, you can also set up processing rules that will encrypt messages containing sensitive information such as Social Security numbers or other personal information. These rules are disabled as part of the default install but are setup to be easily turned on with a few mouse clicks.

The gateway ties into the regular Exchange or POP/SMTP mail infrastructure: IMAP connections are not supported. You can access your encrypted messages either via a Web client or via a Windows-based Outlook plug-in. The plug-ins are custom-coded software, unlike other vendors: you’ll need to login to your Web app and download the code individually for each user. That is somewhat cumbersome, particularly if you want to on-board hundreds of clients. There is also a responsive Web client that can be used for both desktops and smartphones.

File attachment limits are a bit tricky to describe: you have to set up your gateway with a specific limit and you also have to ensure that your ISP doesn’t have other limits they impose that will prevent large attachments from being sent. Overall domain limits are set by the DataMotion support staff and not by the mail administrator. DataMotion has a separate file transfer product that can be used to send up to 2GB files.

Speaking of limits, DataMotion doesn’t have any limits on the size of the user’s inbox. However, it does place a limit of up to 500MB worth of messages that can be sent in a user’s Track Sent Folder. If this limit is reached, the user will no longer have the ability to send new messages until space has been freed up within their account.

There are numerous features that are part of the DataMotion ecosystem: one of the more useful is its notifications feature, where you can see exactly when your recipient opened the message and the attachment. You can also set expiration dates for your messages, retract those that haven’t yet been read, or resend another notification message via the Web app. Once a message expires, the only thing that remains is its metadata.

DataMotion offers a very robust set of APIs for developers to incorporate their programs with secure email features, along with a sandboxed cloud environment that can be used to test and track messages as they transit the Internet.

Subject lines aren’t encrypted. Regarding the Silk Road scenario, while DataMotion couldn’t completely protect against that situation, it can be setup so that no decrypted messages are ever stored locally.

DataMotion has a rather complex pricing sheet. You purchase the number of mailboxes (our sample 50 user set was $4,795 per year), then add on the Windows gateway for another $2,599 (which includes support), and if you want the large file transfer option that is another $72 per user per year. Free trials are also available.

HP/Voltage SecureMail

Voltage has been in the encrypted email business for more than a decade, and recently was purchased by HP and rebranded. The technology is an email gateway, software that sits on either a Linux or Windows server or in the cloud and inserts the encryption process between mail client and server. There are numerous add-on modules that come as part of this ecosystem, including:

  • An option to send large attachments, including set expiration dates.
  • The Secure File desktop encryption client, which can be used to send files to a user directly, either from the desktop or directly from within Office apps.
  • Mobile clients for iOS, Android and BlackBerry. Voltage has separate clients that are very attractively designed and work very seamlessly with their ecosystem. Users can view attachments securely, too.

You administer the gateway via a Web browser, and there are dozens of options to set, similar to the DataMotion product.

Voltage has a zero download client, as they call their software that can be used to exchange messages with someone not on their system. SecureMail is showing its age: to get a new user up and rolling, there are several steps to authenticate and two separate browser pages to click on before you can open the attached message to decrypt and view it. Once you do so, you can continue to reply (and also compose messages) to your correspondents, including those you haven’t ever sent encrypted mail to before.

Voltage is not designed to protect against the Silk Road scenario.

The bottom line: While parts of Voltage are showing their age, the overall experience is quite capable, and the add-ons for mobile and Outlook/Office are quite nifty. Like DataMotion, you have a lot of control if you want it. For example, it can be configured to decrypt messages, pass them on to a data leak protection device, and then re-encrypt them before sending the message out.

HP has a one-time perpetual license fee that starts at $55 per user, with discounts for volume purchases. Support and maintenance contracts are extra.

Hushmail for Business

Hushmail has also been around for more than a decade and has a solid hosted encryption solution that is the easiest of the products we tested to setup and use. Once you sign up for the service (there is no free trial), you are given the information you need to change your MX DNS records for your email domain to have Hushmail start hosting your email traffic. You add users and you are ready to go, once the DNS propagates over to the Hush servers, which are located in Canada.

There is no software to install on the client side; all mail is accessed via two ways: First, via a secure webmail client that connects to the Hush servers. This is the only way you can send encrypted emails to someone who isn’t part of the Hush network. The webmailer is showing its age somewhat but if you want to get started quickly with using encryption, this has a lot of appeal. The Hush webmail app is responsive and you can use it on your mobile phone browser easily.

The second method is for users fond of their existing email clients, such as Outlook or Thunderbird, and are communicating with other Hush users or others on your own domain. In this situation there is literally nothing for them to do: they make use of their existing client to send an encrypted message. Between the client and the Hush server, mail is encrypted using either SSL/TLS. Once it arrives on the server, it is then encrypted via PGP. They have a detailed explanation about their encryption chain here. You can use either POP or IMAP connections to the Hush servers. This means that message bodies are encrypted end-to-end. Like most of the products, you can’t encrypt your subject lines.

Hushmail would not protect you against the FBI grabbing an opened laptop a la the Silk Road Scenario, although if you registered for the service anonymously they would have protected your identity in that way.

Hush was one of the few remaining vendors to popularize PGP outside of the folks that actually worked at PGP (now owned by Symantec). This means that you can exchange secure messages with other PGP users by exchanging your public keys. While many PGP implementations have come and gone, Hush has endured and part of the reason is because it is so simple to use. There aren’t any plug-ins to install and once you have changed your MX record, you literally have nothing to do.

If you want to send an encrypted message to someone outside the Hush ecosystem, you bring up the webmail client and attach a simple message password. (You have to communicate this password to your recipient via a text or phone call perhaps.) This feature, called Hushmail Express, has several additional options such as the ability to allow your recipients to create their own passphrase that can be used to decrypt all subsequent messages from you.

One place where Hush is showing its age is a 20MB limit on attachment size, and this could be a deal breaker especially when you consider that AppRiver has a 5GB limit on attachments. Business users have 10GB overall mailbox storage. Hush places a limit on 350 outgoing messages for the Web interface and 2,000 messages for the SMTP interface within any given 24 hours. This is to limit potential spam abuses.

Business users have access to a separate Web-based domain control panel. Here you can add new users, specify mail forwarding rules, maintain a common contact list for the domain, create white and blacklists, and specify things like a default mailbox size or setup a catch-all domain email address. These are only available to the domain administrator account, and are tucked away in the Preferences menu.

If PGP is important to you, then Hush is the only option among the products tested for an enterprise-wide deployment. And if you don’t want the headache of managing a bunch of plug-ins, it has a lot of appeal. If your users spend a lot of time on their phones managing email, you probably want to look elsewhere for something that is specifically designed for phones or tablets.

Hushmail is priced per mailbox, with 50 mailboxes working out to $2,196 per year for 10GB of storage apiece. Pricing is very transparent, with additional fees for options such as domain admin, lost passphrase protection a step up to a 20GB mailbox and email archiving, each of which will cost $10 per user per month.


Proton is one of the newer encrypted email services that have come along post-Snowden, with an emphasis on really keeping your emails private. They make a point of this by being based in Switzerland. However, they are still building their product out and as a result it has a very simple Web UI for its client and admin tool. The web client is responsive and can be used on mobile devices. They are also working on iOS and Android apps but weren’t ready yet for this review.

+ ALSO: Huge demand for NSA-proof email: ProtonMail uses a month's server capacity in 3 days +

Unlike some of the other services reviewed here, there is no mechanism for handling an entire domain: all email addresses have to be part of their or domain. We include them in this review because they are so security-conscious and this is one of the first totally protected email services we’ve seen.

Because their servers are located in Switzerland, this is a big draw for people who don’t want an American footprint. All of their investment capital to date has been raised through crowdfunding or other non-traditional sources.

Proton uses double password protection. The first is used to authenticate the user. After that, encrypted data is sent to the user. The second password is a decryption key used to decrypt data on your device. Proton never sees that latter key so they do not have access to the decrypted data. On top of all this encryption, they also employ SSL connections so your data is further encrypted across the Internet to and from their servers. There is no option to make use of any on-premises servers.

Unlike Hushmail, it doesn’t support OpenPGP, but has developed its own algorithms.

You can also send messages to non-Proton users, where each message body and attachment will be encrypted with a one-time password. And you can send a password hint as an option. Another option is that you can set an encrypted message to expire after so much time has elapsed. Messages sent to other ProtonMail users by default are kept for a month at most.

While Proton would not protect against the Silk Road scenario, a user could register for this service anonymously so, like Hush, it would protect their identity.

Proton has a very simple UI for adding users too. Some of the other services allow CSV import.

While Proton is not really suitable for an enterprise deployment, it is a nice package of what the latest encryption products can deliver.

Mailboxes are fixed at 1GB per user, with attachments limited to less than 10MB. Each mailbox will cost $5 per month.

Tutao Tutanota

Of the products we tested, Tutanota is the least reliable and least feature-laden. It comes with a variety of clients, including web, iOS, Android, and Outlook plug-ins. Tutanota is a lot like CipherPost: it uses a variety of clients to set up encrypted mail connection across your existing email infrastructure. There are no changes to your servers and you can continue using Outlook for sending unencrypted communications.

We had some trouble with the installation, mainly because the software version has German instructions and installs the German version of .Net Framework. Once installed though, the menus and commands are in English. Tutanota is based in Germany, which could be important for customers concerned about American email privacy.

One of the distinguishing features is that its zero knowledge encryption process hides the message subject. Most of its competitors still send this information in the clear.

Its webmailer is the simplest of the bunch with bare-bones features. You can select whether a message is going to be sent encrypted or not, and if the former you can choose a passphrase for your recipients who aren’t in the system to read and reply to your messages. This passphrase can be sent via a text message, in which case Tutanota picks up this information from your Outlook address book. That is a pretty clean way to do this.

Speaking of which, if you want to make use of the Outlook plug-in, you need to use IMAP with Outlook 2013 (but not POP). If you use Exchange, either Outlook 2010 or 2013 is supported.

1 2 3 Page 2
Page 2 of 3
It’s time to break the ChatGPT habit
Shop Tech Products at Amazon