Following the publication of an NPR article detailing the security of major email services, Apple has informed the network that it is working on an update to its iCloud Mail service that encrypts emails in transit from other providers. As of right now, iCloud emails are solely encrypted in transit from one iCloud email account to another, but an email sent from iCloud to Gmail or Yahoo (as examples) or vice versa is not currently encrypted. This is what will change:
Apple encrypts e-mail from its customers to iCloud. However, Apple is one of the few global email providers based in the U.S. that is not encrypting any of its customers’ email in transit between providers. After we published, the company told us this would soon change. This affects users of me.com and mac.com email addresses.
The enhancement will come into effect “soon,” but Apple is not more specific than that on the timeframe. While the quote above oddly does not specify icloud.com addresses, that newer Apple email domain likely falls into the same category as me.com and mac.com. The lack of end-to-end iCloud Mail encryption with Gmail, for example, is shown on Google’s data protection transparency website: