UC San Diego SearchMenu

Email Encryption Overview

Learn about email encryption at UC San Diego.

Secure email

Email encryption is a security measure to encode, or scramble, a message so that only the recipients with the key (code) can unscramble and read the message.

Cisco Registered Envelope Service (CRES)

University of California, San Diego (UCSD) has deployed Cisco Registered Envelope Service (CRES) to provide protection of certain sensitive information when sent via email from the UCSD network.

On March 1, 2016, CRES will be enabled for all Health Sciences customers. If you are not a Health Sciences customer and are interested in using CRES, fill out and submit this form:

For more information about CRES, see

Frequently Asked Questions

Expand all

What sensitive information should be encrypted?

Anyone who sends sensitive information via email outside the UCSD network must use encryption.

In the course of the academic mission and day-to-day administration, UCSD handles large amounts of personal data. Much of this data is not sensitive and is, in fact, publicly available. However, some of it is sensitive, including personal, financial, medical, and legal information.

Prominent examples of data protected by federal and state laws, university policy, and our general recommendations follow. (Context can play a role in data sensitivity so this list is not exhaustive):

  • Do not send the following over encrypted or unencrypted email:

    • Credit card numbers
  • You must encrypt:

    • Health and Medical information that contain any of the 18 specific identifiers
    • First name or first initial and last name in combination with any one or more of the following data elements:
      • Social Security Numbers
      • Driver's license number or California identification card number
      • Account number, debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account
      • Medical information
      • Health Insurance Information
    • A user name or email address, in combination with a password or security question and answer that would permit access to an online account.
  • We suggest you encrypt:

    • Student record information (FERPA)
    • First name or first initial and last name in combination with any one or more of the following data elements:
      • Passport numbers
      • Foreign visa numbers
      • Mother’s maiden name
      • Birth month, day and year
      • Biometrics (fingerprint, retina scan, etc.)
    • Sensitive HR and employee information

I use an encrypted method of communication with external customers already, should I use this method instead?

No, please consult your local IT personnel for guidance.

Who should send encrypted email?

Anyone that sends sensitive information via email outside the UCSD network must use encryption.

How do I send an encrypted email?

How do recipients un-encrypt an encrypted email?

Can I send an encrypted email to someone within UC San Diego?

Email messages with the subject line “secure:” are only encrypted when sent to someone outside of UC San Diego.

You can send encrypted emails internally by going directly to the Cisco Registered Envelope Service.

What part of the email is getting encrypted?

The message body and attached files will be encrypted. Note that the subject line is not encrypted.

Is there a maximum size limit for Cisco Registered Envelope Service (CRES) messages?

Yes. CRES supports a maximum size limit of 25MB.

Is the information I send with email encryption secured on my computer?

Information and files stored on your computer and in your sent items folder is not encrypted unless you are taking additional action to do so. Consult with your local IT security personnel for advice and detail.

How can I securely forward an encrypted message I received?

In order to forward an encrypted message, the first recipient must initiate a new email message and mark it "secure:" in the subject line. Note, if a recipient just forwards a secured message, the new recipient(s) will not be able to decrypt the message.

When does my message get encrypted?

The CRES system is designed to encrypt messages to external recipients.  If you initiate an encrypted message, it will be encrypted as it leaves the campus border email gateways.

How do I know if encryption has been enabled for my account?

Send an encrypted test message to your personal external email account. Verify that that the message was encrypted. If the message was not encrypted, please contact the ITS Service Desk for troubleshooting.

Can I be offline and open encrypted emails?

No, you must have access to the Cisco Registered Envelope Service.

Expand all