Privacy Portal
blogmail relay docs

How to set up PGP Encryption

Privacy-Portal
2023-02-26
3 MIN READ

With Enhanced Protection, Mail Relay can encrypt all inbound mail using PGP Encryption. In order to use PGP encryption, your Mail client (or mail web app) needs to support PGP.

Here are the steps to set up PGP encryption:

  1. Go to Mail Relay Settings
  2. Select the Personal Address for which you want to enable PGP encryption
  3. Press on “New Profile” under Email Encryption
  4. Choose “PGP”
  5. Export your public PGP key from your mail client encryption settings
  6. Submit your public PGP key to Mail Relay
  7. Activate the newly created profile to start encrypting all inbound mail

Once a PGP Profile is activated, all relayed inbound mail will be encrypted using the public PGP key you provided.

Encrypting Email Replies

Mail Relay signs every relayed email with a generated and unique PGP Key per sender. This allows you to also encrypt your email replies. In order to do so, and depending on your email client, you might need to trust the sender key first before you are able to encrypt your reply.

Here are a few tips to verify whether a sender key is legitimate:

  1. All emails received through Mail Relay are DKIM signed. You can check the DKIM header to ensure DKIM verification passed correclty. Trustworthy email providers verify DKIM signatures before delivering mail to your inbox.
  2. All public PGP keys generated by Mail Relay are signed with an additional “Trust Key” unique per “Encryption Profile”. You can download this “Trust Key” for your profile by pressing on “Relay Key Fingerprint” in your “Encryption Profile” information. Some email clients like Thunderbird allow you to install and trust the “Trust Key” in order to quickly view whether new keys are signed by it at a later point in time.

Encryption both ways

By encrypting both inbound and outbound mail, your email provider would have zero access to the contents of your emails. Remember, your email provider stores all your inbox and has total access to it. Even if you fully trust your email provider, which you shouldn’t, you definitely want your emails to be encrypted in their database.