How to set up end-to-end email encryption using Thunderbird

In today’s world, privacy is a major concern. You can’t go anywhere online without seeing “security this” and “hacker that.” Our world has become corrupt with unwarranted spying and data collection in one of the last free-speech areas there is – the Internet. We can’t stop targeted attacks, but we can stop mass surveillance, by building proven security into the everyday Internet. This blog article intends to show you just one way how to take your privacy back. Below, we will show you just how easy it can be, by providing instructions and details on how to set up a fully secured, end-to-end email encryption solution.

Prince Charles Visits GCHQ In Scarborough

Image from Getty Images via Christopher Furlong – The Enigma Machine, arguably one of the most famous encryption mechanisms ever created (and defeated).


Setting up Email Encryption with Thunderbird, Gpg4win and Enigmail

Email has one major security flaw, which is that by default, when email is relayed (going from point A to point B) across the internet, it is almost always transmitted from server to server in an unencrypted format; it is also stored in “plain text” on those mail servers. Even if you use SSL to connect to your email server, the chances are, that your email server does not use SSL encryption to transmit your email to the recipient’s email server. This means that the content inside of your emails can be easily “sniffed” (read by an unintended third party) during transit from point A to point B. Also, when the emails are stored in a mail server’s queue, they are stored unencrypted. The mail queue is where your emails sit, while they are waiting to be delivered. They do not get delivered to you until you decide to log in and check for new emails. Since they are stored in plain text, any unintended 3rd party can read your emails. This could be a government official or a server administrator at your email hosting provider.  That’s kind of scary, right?

This is where end-to-end email encryption comes into play.

End-to-end email encryption will keep email text and attachments out of prying hands. To use it, first, you will need a mail program.

In this example we will use Thunderbird as it is free, secure, and supports end-to-end email encryption. Thunderbird can be downloaded here.

Once Thunderbird is installed you will need two components – Gpg4win and the Enigmail extension for Thunderbird. You can download Gpg4win at this link. Install Gpg4win, and then we’ll get Enigmail installed…

Next, open Thunderbird, click the menu button (menu) → Add-ons and use the search option in the top right to find Enigmail and install it.



Once Enigmail has been installed, follow the prompts to generate your key pair (and make sure to use a password!) then send your PUBLIC key to your family, friends and co-workers so that they can send and receive encrypted emails from/to you. For more information about public and private keys plus encryption in general, please see our “SSL and You” article. You will also need to obtain the other party’s public key. They can send their public key to you the same way you sent it to them, or, you can also use the keyservers to store your keys on the Internet so that anyone can easily download your key without having to ask you to send it every time.  We may touch on how to use keyservers in a later article, but to get started, the easiest way for beginners is to manually send your private key to your contacts that you wish to exchange encrypted email with. encrypt

When sending an encrypted message, click the drop down arrow next to OpenPGP and select “Encrypt Message.” The email will now be encrypted and must be decrypted at the recipient’s end with their private key and password.


If you’ve completed these simple steps, then, congratulations! You’ve just sent an email that was completely encrypted from end-to-end, and it was not hard at all, right?

Reset the Net

Reset the Net is an initiative created by Fight for the Future to show that we want to take back our Internet. On their web site you can sign the pledge that “On June 5, to remember Edward Snowden’s sacrifice, I will take strong steps to protect my freedom from mass government surveillance. I expect the services I use to do the same.” You can be assured that GlowHost will do it’s part.

GlowHost, In addition to currently offering email services which support end-to-end encryption, has pledged that starting in the 3rd quarter of 2014 that we will begin to roll out SSL encryption on ALL pages of our web site, not just the order forms and login forms which are already SSL secured today.

At Reset the Net’s website you can also find additional information on how to protect yourself from the tyranny of what has become and may become of the Internet. We ask that you join the cause and #ResetTheNet on June 5th with us.

We’d love to hear from you – please leave any comments below.