Instructions for Sending Encrypted Email
Overview
- Messages between Tufts (@tufts.edu) email accounts are encrypted by default, making them more secure than regular email (e.g. Gmail) and allowing students, faculty, and staff to safely share private information with each other when appropriate.
- When more security is desired or when emailing non-Tufts email addresses (e.g. Gmail) about sensitive topics, additional encryption options are available.
- The "Encrypt" feature in Office 365
- Includes several different options.
- With certain options, the recipient’s email address (Tufts versus non-Tufts address) will determine whether or not a message can be decrypted, opened and read.
- Other options may restrict a recipient’s ability to modify, forward, or even print a message.
- Note that available options will vary depending on the version of Outlook you are using (e.g. the Outlook web application (Office 365) versus the Outlook desktop client for Mac versus PC).
- Includes several different options.
- The "[secure]" subject line feature
- Allows you to encrypt an email by putting the word “secure” in square brackets anywhere in the subject line. Any capitalization will work. The subject line can contain other text as well. For example, “[secure] Requested data” or “Requested Data [secure]”.
- Will encrypt the email message, regardless of the Outlook version being used.
- The "Encrypt" feature in Office 365
- It is recommended that you let your recipients know ahead of time about this encrypted email so they don’t think it’s a phishing scam. Also, there is a brief delay between when the recipient receives the initial email and when the link to decrypt it is functional. If they click on the "Read the message" link and it doesn’t work, ask them to try again in a few minutes.
- Authorized recipients of encrypted messages will receive an email with a link to securely view the message and potentially respond. An example of an encrypted message sent to a Gmail address is shown below. After clicking "Read the message", the recipient will be asked to authenticate their identity by signing in to their email account again or by using a one-time passcode that is sent to their email address.
- Depending on the type of address the email is sent to, the recipient may be asked to download an app like Azure Information Protection to read it.
- It is always a good idea to limit the use of email for any sensitive information, and if email is used, to be sure to securely delete the email as soon as possible. See the page on Securely Deleting Email.
- If you plan to collect sensitive information from non-Tufts people via email, please see the Instructions for Encrypted Data Collection via Email.
Messages sent from an @tufts.edu address can be encrypted in several ways. The options each user sees will depend on the version of Outlook being used. To have access to all available encryption choices:
- Use the web version of Outlook by logging in to: https://outlook.office365.com
- Look into having Office 365 installed locally by contacting the TTS Service Desk at it@tufts.edu or 617-627-3376. The Service Desk will be able to assist with determining whether the device in question will support an upgrade to Office 365 and will also be able to assist with the install. (Note that Microsoft regularly applies automatic updates to Office 365.)
When choosing a method for encrypting your message, consider the type of permissions you want the recipient(s) to have with the message. No matter which option is chosen, the message will be encrypted, and the recipient(s) will not be able to remove/modify the encryption settings.
Method | Encryption Option | Explanation |
"[secure]" subject line feature | Encrypt-Only |
|
Office 365 Encrypt feature (both web and desktop versions) | Encrypt-Only |
|
Do Not Forward |
|
|
Tufts - Confidential |
|
|
Tufts - Confidential View Only |
|
A Note About the "Tufts" Encryption Options
If you send an email to a non-Tufts address (e.g. Gmail) using either the "Tufts - Confidential" or "Tufts - Confidential View Only" encryption setting, the recipient will receive an email that notifies them of the encrypted message, but they will not be able to read it.
If you are using the Outlook desktop application for Windows, you may need to allow your Outlook client to access Tufts’ email security templates before you can use the Encrypt feature. (Note: Even if you never do this, you can still encrypt your emails using the “[secure]” subject line feature.)
- Open the Outlook desktop application.
- Start a new email message
- Click the Options tab to open it.
- Click the Encrypt/Permissions dropdown arrow and, if a message appears asking you to Connect to Rights Management Servers and get templates, click on the message and wait a few moments.
- Tufts' encrypted email templates will now be available the next time you need to send an encrypted email.
- Open your Tufts email.
- Start a new email message.
- Depending on the version of Outlook you are using, the method for accessing encryption options will vary.
- Outlook desktop client for Mac OS: Click Draft in the top menu, select Encrypt, then select the desired encryption setting.
- Outlook desktop application for Windows: Click the Options tab, then click the Encrypt dropdown arrow and select the desired encryption setting.
- Outlook web application (Office 365): Click the Encryption button. The default encryption setting on the message will be “Encrypt-Only”. To change this, click the “Change permissions” link and select one of the other available options from the pull-down menu that will appear.
- In the body of the email, type your message. You may also include attachments if you wish.
- In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.
- Start of Instructions for Recipient - If you wish to reply, please reply using encrypted email. If you are using an @tufts.edu account, simply reply like you normally would. If you are using something other than an @tufts.edu account, you need to follow the directions below, rather than simply sending an email directly from your account.
Follow these steps when this email is open:
- Click Reply all toward the top right of the window.
- If you do not wish to receive a copy of your reply, remove yourself from the Cc field.
- Type your message in the body of the email window.
- To add an attachment, click on Attach and select the file.
- Click Send.
- It's recommended that you delete all emails you received and the email you sent as soon as possible. Be sure to empty your trash.
- Be sure to store any documents with sensitive information securely.
- End of Instructions for Recipient - - Click Send.
Note: Following these instructions will encrypt your email message, regardless of your Outlook version.
- Open your Tufts email.
- Start a new email message.
- In the subject line, include the word “secure” in square brackets. Any capitalization will work. The subject line may contain other text as well.
- e.g. [secure] Request for Information
- e.g. Encrypted message [secure]
- In the body of the email, type your message. You may also include attachments if you wish.
- In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.
- Start of Instructions for Recipient - If you wish to reply, please reply using encrypted email. If you are using an @tufts.edu account, simply reply like you normally would. If you are using something other than an @tufts.edu account, you need to follow the directions below, rather than simply sending an email directly from your account.
Follow these steps when this email is open:
- Click Reply all toward the top right of the window.
- If you do not wish to receive a copy of your reply, remove yourself from the Cc field.
- Type your message in the body of the email window.
- To add an attachment, click on Attach and select the file.
- Click Send.
- It's recommended that you delete all emails you received and the email you sent as soon as possible. Be sure to empty your trash.
- Be sure to store any documents with sensitive information securely.
- End of Instructions for Recipient - - Click Send.
Note: If the recipient sees red or blue X icons in their browser, their email client is blocking images. These images are just the Tufts logo and the encrypted email symbol. They can display or ignore the images without affecting their ability to read the message.
Question: My secure email recipient says that they haven’t received my message. What happened?
Answer: Ask them to check their Junk folder.
Question: Can the recipient forward the message?
Answer: Yes, unless the “Do Not Forward” or "Tufts - Confidential View Only" encryption option is selected. If a non-Tufts recipient elects to forward the message to another recipient, it can be read. When one of the “Tufts” encryption options is used, the messages remain unreadable by recipients with with non-Tufts email addresses.
Question: How long does an encrypted email remain available?
Answer: Currently, it will remain available indefinitely, but Tufts reserves the right to implement an expiration setting at some time in the future.
Question: Can an encrypted message be read on a smartphone?
Answer: Probably. Most smartphones can follow the link to the encrypted message. Most smartphones have trouble downloading the message as an attachment, though. The recipient will probably have to download the attachment on a computer.
Question: Who can I contact for help with email encryption?
Answer: If you have questions about how to encrypt messages or if you encounter a problem when decrypting a message, please contact the TTS Service Desk at it@tufts.edu or 617-627-3376.
If you have questions about which encryption settings to use under particular circumstances, please contact Information_Security@tufts.edu.