TLS encrypts messages in flight. That's for both, webmail, and Thunderbird. It doesn't encrypt messages at rest though. For the latter Thunderbird can use S/MIME or OpenPGP.

christ1 said

TLS encrypts messages in flight. That's for both, webmail, and Thunderbird. It doesn't encrypt messages at rest though. For the latter Thunderbird can use S/MIME or OpenPGP.

Thanks for your answer. As well as I am inform by Google, Google mails are encrypted also at rest in G-mail webpage. I wonder if G-mails are also encrypted in Thunderbird? Best regards Alex

Thanks for your answer. As well as I am inform by Google, Google mails are encrypted also at rest in G-mail webpage. I wonder if G-mails are also encrypted in Thunderbird? Best regards Alex

No. They are stored as received, decrypted, in some variety of plain text.

Webmail is different since it never stores messages on your own computer. They are just downloaded for display, on demand. So however they are stored, they are downloaded to you via TLS and decrypted on the fly.

If you want your message store to be secured, look for some solution that encrypts and locks your HDD or the relevant partitions on it. Your OS may be able to do this for you. There are also many third-party solutions.

Thank you for your answer

Sorry, what is Webmail? is it an App. or an expression? As well I am informed Gmail encrypt the messages at rest and on transit in there webpage. As I understand it G mail is then secure. If you want an App. to manage your mails, then you need extra protection, right? Thanks

Webmail means looking at your email in a website via your web browser. Since it doesn't actually download and store messages on your computer, the encoding/encryption, if any, is moot.

A mail client fetches copies of email from a server. Email is an old prototocol and dates from early days before identity theft was a concern. Modern clients and serves can and do use encryption, currently TLS, to encrypt data in transit between you and the server. Pretty much all email providers offer a website where you can access your account, and usually, make adjustments such as changing the password, adding secondary accounts, changing spam filter settings and so on.

Whether or not it is encrypted when stored on your own computer is something for you to choose to do, or not.

Could you cite whatever reference you have to gmail's alleged use of TLS?

Hereby a reference of Gmail using TLShttps://support.google.com/mail/answer/7039474?hl=en&co=GENIE.Platform=Desktop

I don't see anything in the article linked above which supports your claim. In fact, when following the link to the 'Email encryption FAQs', look at 'What do you mean by encryption of email in transit?':

"When an email is encrypted in transit, that means it’s protected against being read by someone with access to the networks through which the email is traveling, on its way from the sender to the destination. You can think of it as a temporary envelope of security that is wrapped around your email to keep it private while it is being transmitted to its intended recipient. Transport Layer Security (TLS) is the standard means of performing encryption in transit for email.

What TLS doesn’t do is encrypt data at rest—that is to say, it does not encrypt email while it is stored on a server. There are ways to do this, such as using PGP (see below)."

As a little reminder, see https://support.mozilla.org/en-US/questions/1214818#answer-1103933

Underneath you can read a reply from a senior supporter from Google:

"Yes You are correct, The communication channel is encrypted in G-mail, that means that the email is protected while it travels and it is secure until it reaches the recipient".

AlexMT said

Underneath you can read a reply from a senior supporter from Google: "Yes You are correct, The communication channel is encrypted in G-mail, that means that the email is protected while it travels and it is secure until it reaches the recipient".

What happens at the recipient when they get the mail? They may store it unencrypted in plain text. They could even store it on a public server in a plain text format.

This Google article is about as honest as it can be https://support.google.com/mail/answer/6330403?hl=en If you want your mail encrypted, do it yourself.

More information here https://www.techadvisor.co.uk/how-to/internet/how-encrypt-email-3636950/ In particular

Back in 2014 Google announced that it was making encryption in Gmail the default setting for all users. This means that so long as you are using the official Gmail apps or accessing Gmail through the Chrome browser then your email is already encrypted. But, and this is a big but, this only holds true if the recipient is also using Google apps. Once the email leaves the Google servers, say when you send it to your friend who uses Yahoo Mail, then the encryption is no longer applied, as otherwise the receiver wouldn’t be able to read it. So while this is certainly a big step towards security, it does leave some rather large holes that could compromise your privacy.

I agree, but when Google sends an email, the channel is encrypted in transit if the recipient also uses TLS (I think I heard that 90% uses TLS). After the mail is delivered, It is up to the recipient to choose an e-mail client or webmail who protects the mails at rest.