Email, much like the old-fashioned postal mail that it’s all but displaced, isn’t a secure way to communicate. For both paper and electronic mail, messages make many stops en route from sender to recipient, and each point in that journey represents another opportunity for someone to intercept a message and make off with any sensitive information it might contain. Indeed, in many ways it’s easier to misappropriate an email than the dead tree-variety, and to do so without the knowledge of either party.
Simply put, to communicate securely over email, messages must be encrypted. But doing so typically requires special infrastructure, setup procedures and software—in short, a general level of expertise, effort and expense that puts it out of the reach of most professionals and small businesses.
When you send a message securely via Enlocked, it arrives at the recipient’s inbox with an introduction, which you can customize when you send your message, explaining that the message is secure and can be read by visiting Enlocked’s website or downloading one of the aforementioned plug-ins. The actual message contents are contained within an encrypted attachment. If recipient already has an Enlocked plug-in, it automatically decrypts the message contents.
Enlocked provides (free) apps for mobile devices as well. Android and iOS are currently available, and the company is also working on an app for BlackBerry. All Enlocked plug-ins and apps can be found here.
How Enlocked Secure Email Works
When you click that “Send Secured” button, the outgoing message gets transferred to Enlocked servers to be encrypted (the message is transmitted via a secure SSL connection and then encrypted using PGP), then Enlocked puts the encrypted message back into your email account’s outbox for delivery.
Figure 2: When someone receives an Enlocked message for the first time, an introductory message instructs them how to access and decrypt the contents.
It’s worth noting that because Enlocked encrypts messages on its own computers rather than on the sender’s computer, it doesn’t provide the end-to-end encryption (i.e. information is encrypted before leaving its point of origin) that you get with some—usually more complicated– mail encryption products and services.
Alas, this is the price to be paid for Enlocked’s comparative ease of setup and use. Although lack of end-to-end encryption may be a problem if you’re bound by certain governmental privacy regulations or you’re conducting, um, clandestine operations for the CIA, for most users, Enlocked’s level of security should be more than sufficient.
Note that even though messages are not encrypted en route to Enlocked, they are still transmitted over an encrypted connection (SSL). The company says it doesn’t retain any messages, and that it discards them as soon as they’re encrypted.
Incidentally, maximum message size is limited to 10MB, which is less than what most email providers impose (usually 25 MB). Although 10 MB is probably sufficient for most people most of the time, it’s not hard to envision lengthy legal or financial documents that could weigh in somewhat larger. Enlocked says it’s open to increasing the message size based on customer feedback.