Email Security
Email security is an oxymoron. Email is NOT secure. You should never send any kind of sensitive information through email. Sensitive information includes passwords, credit card numbers, personal information, and more.
If you access your email using a web portal (webmail), the communication between your computer and the server is encrypted. If you use an email client (Outlook, Windows 10 Mail, Windows Live Mail, Thunderbird, etc.) communication between your computer may or may not be secure depending on how your email account is set up in your email client.
If your email client settings are not secure, your email can be intercepted and read. If you use webmail or have your email account set up as secure in your email client, then the communication between your computer and the server, but once on the server, it’s not encrypted and not secure. As you know, servers can be hacked. When your email server transmits your email to another service, it is encrypted and is secure. But once it arrives on that server, it is not encrypted and not secure.
And the person you send the email to may not use secure communication between their computer and their email server, so it could be intercepted then. And once stored on the recipient’s computer, it’s not encrypted so if their computer is infected or gets hacked, they could get your email and its attachments.
The only way for an email to be secure, is for it to be encrypted throughout it’s entire journey from your computer to the recipient’s computer and to not store that email on the recipient’s computer.
So what if you need to send a secure email?
If you don’t want to mess with encryption, you can send sensitive information through email if you separate the information and don’t label it. For example, send one email with the credit card number in it and a separate email with the expiration date in it. Do not label them. This is better than just sending all of the info through one single email, but not nearly as safe as encrypting the email.
There are several different ways to send an encrypted email. Some of them are complicated to set up, are not free, and would only be for people who regularly need to be able to send secure email. For the purposes of this article, we will talk about the easy ways to do this for free for those of us who only need to send secure email occasionally.
The easiest way is to use Gmail. To do that, you will need to create a free Gmail account, if you don’t already have one. In addition, you cannot use an email client for this method. You must go to Gmail.com to write and send the email. The recipient does not have to have a Gmail account. Here’s how to do it.
Go to Gmail.com and compose a new email. When doing this, make sure your communication with Gmail is secure. Look up in the left side of the address bar where it lists the address of the server you are on, in this case mail.google.com. To the left of that you should either see a padlock or https. The s on the end of http means secure.
When composing a new email on Gmail, look at the bottom for a padlock with a clock in front of it. Click on this icon to make your email Confidential.
You will get a pop-up window that allows you to set an expiration date for the email. The recipient will not be able to access or read the email after the expiration date.
Next, you must specify how the recipient will receive their passcode. Either via SMS (text message to cell phone) or via email. For the highest level of security, use SMS passcode. However, if you do not have the recipient’s cell phone number, or the recipient doesn’t have a cell phone, you can use the no SMS passcode option and it will use email for the passcode. It’s still pretty safe to use the email option since the passcode will be in a separate email but for the highest level of security, use the SMS passcode option.
Address and write your email. When you click send, it will prompt you for the cell phone number to send the SMS passcode to, or if you selected the no SMS option, it will just send the email and use the email address you entered when addressing the email. Either way, it will not tell you what the passcode is. Only the recipient will receive that.
The recipient will receive an email from you, but it won’t be the email you wrote. It will be from Google with a button in the mail telling them to click there to read the email. If you used the no SMS passcode option, then when they click the button, it will show the email on Google’s website. If you used the SMS passcode option, it will go to Google’s website and give them a Send Passcode button. When they click it, it will send the code to their cell phone and prompt them to enter the passcode. Once they enter the correct code and click the Submit button, the email will be displayed.
Note that the recipient will not be able to reply, forward, print, or copy the email. They can, however, take a screenshot or picture of it.
If you find you need to regularly exchange secure emails with another person, or a small group of people, then the easiest way to do that is for everyone to sign up for free Proton Mail accounts. Send your emails using Proton Mail webmail accounts and only send to other Proton Mail accounts. Recipients must use Proton Mail’s webmail as well to ensure security. When you send email from one Proton Mail account to another it all stays on their sever and is stored encrypted the whole time so even Proton Mail employees can’t read your email.
If you need help with your email or with what we covered in this article, please let us know.