MFT Resource Center

Secure Email

How is Secure Email Different from Email?

Email security is tremendously important for organizations and teams managing sensitive information or operating in regulated industries, such as healthcare or finance. But email was designed to connect people, not necessarily with security in mind, so it requires additional security layers.

On the back end, email exchanges broadly follow three key steps:

  1. Send: Messages are sent over the web via an Internet protocol, typically SMTP (Simple Mail Transfer Protocol), which is based on HTTP, the backbone protocol of the Internet
  2. Receive & Store: Messages are received and stored on an email server with one of two protocols, POP3 (Post Office Protocol 3) or IMAP (Internet Message Access Protocol)
  3. Retrieval & Access: Recipients pull messages from the server with an email client, - e.g. Gmail, Yahoo!, Outlook that uses POP3 or IMAP

On their own, none of these processes are secured, as SMTP sends plain-text emails and neither IMAP nor Pop3 encrypt the files stored in the web server. Secure email technology adds encryption to all of these elements:

  • The messages themselves are encrypted at the file level via Open PGP
  • TLS/SSL encryption is added to SMTP to secure messages as they're sent
  • And TLS/SSL encryption is added to IMAP and Pop3 to pull from the server

Uses and Limitations

Secure email is useful and broadly required for many instances, such as exchanging confidential corporate information and regulated information. But it's not a solution for partner document exchange and process automation, sending and receiving massive data sets, or file-based integrations. These use cases are better handled via SFTP, AS2 or other protocols designed for high-volume, enhanced exchanges.