Want to send someone highly sensitive data in an encrypted email message? Of course, you can always send it via regular email channels, but you risk your email being read by someone who knows how to intercept email messages when they are sent over the Internet. When it comes to encrypting email, you have to encrypt the connection and encrypt the email itself.
The first problem is partially solved by the email provider. For example, when you are using Gmail, the connection is encrypted with SSL and you will see HTTPS in the address bar.
This means that everything you send from your computer to the Gmail servers will be encrypted. However, once an email leaves Google’s servers and travels to the Internet, it may not be encrypted until its final destination. At this point, you have to make sure that the email itself is encrypted, so even if someone intercepts it, it will just be gibberish.
Implementing encryption in your current email client, be it Gmail or Outlook, requires initial setup and a few extra steps for the recipient to read it. Unfortunately, no email provider provides built-in encryption that works transparently between sender and recipient. Google said it is testing end-to-end encryption for Gmail using a Chrome extension, but as of this writing, it has yet to release the tool.
So basically your only choice is to install sophisticated encryption programs on your computer or browser using extensions and then exchange public keys with the person you want to send an email to, or just use an online service to send encrypted messages. The latter option is much simpler and basically requires the recipient to enter a password, which you provide separately by email, phone, text, etc.
In this article, I will list several tools to send encrypted emails without major issues installing encryption software and using your real email client to send encrypted emails. I will definitely update this post when Google releases its end-to-end encryption tool for Gmail. The only caveat that is likely to be that the service will not work if both the sender and recipient are not using Google Chrome and Gmail. I think it’s still better than nothing.
If you are interested in sending encrypted email to only a small number of people who also don’t mind setting up encryption on their side, follow this guide here, which explains how you can set up encryption in an email client like Thunderbird or Postbox or even Gmail or Yahoo, but with the same restriction that the recipient will have to use encryption software.
Setting up your own encryption is also a good idea if you are sharing sensitive information and cannot trust third parties. All of the services I mention below are private companies subject to US law, which means that a government agency can force them to decrypt anything on their servers if a warrant is presented. Even if they cannot decrypt the data for the police, they will be required to transmit the encrypted data. If the police can break the encryption, you’re out of luck.
Gmail Secure Mail
As I mentioned earlier, Google will release an encryption extension for Chrome soon, but for now, you can check out Secure Mail for Gmail, which does much the same. After installing the extension, you will see a new lock icon next to the Write button.
If you click Compose, you get the usual Gmail compose window, but if you click the padlock icon, you get a secure email form as shown below with a red header and the words Protected at the top.
Enter your message as usual and click the “Send encrypted” button. A new dialog box will appear asking you to enter the encryption password.
The recipient will receive an email with a bunch of cipher text with a link to download and install the Secure Gmail extension. As mentioned earlier, this will only work if the recipient is using Gmail and Chrome, otherwise they will not be able to read the contents of the email.
Overall, this is a great solution for one specific purpose, and since I use Gmail a lot and most of the people I email to also use Gmail, it works well in the end. Sometimes I just need to convince them to use Google Chrome, but nothing more. Hopefully this extension will be expanded even further in the future, adding versions for different browsers in addition to supporting other mail services.
Lockpin
Lockbin does all the dirty work of encrypting the data for you using a strong encryption algorithm and so on, so all you have to do is come up with a password and hit submit.
Here’s how it works: when you want to send a message, you first need to come up with a secret word or password that will be used by their cryptographic algorithm to encrypt and store email on their servers. Then you need to pass this password to the person who will receive the email by phone, text message, IM, or through an unsecured email!
The recipient then visits Lockbin and enters their password to decrypt the email. in his / her local browser. The actual decryption does not take place on the server and hence no data is transmitted over the Internet during the decryption process. Once the email is opened, the encrypted message is permanently deleted from the Lockbin servers; neither a copy nor a backup copy is kept. This is how my “I have a secret” message is stored on the Lockbin servers.
When a user opens an encrypted email, the recipient can print it or export it as a PDF file. If no one ever views the message, it will remain encrypted on Lockbin’s servers for 6 months before being deleted.
Sendinc Email Encryption
Sendinc has several solutions to the email security issue that I really like. First, the free service they offer allows you to send 20 messages a day with attachments up to 10MB. Two other features that I really love are the free smartphone app and the free Outlook add-on. This allows you to send secure emails from your phone or from Outlook without worrying about encryption keys.
On the recipient’s side, all they need is a web browser to be able to view emails. To use this service, you must create an account, and the same is true for the recipient if he wants to read the message. Sendinc does not require you to create a password because any recipient who receives the email will be able to decrypt its contents if only they create an account. This is more convenient, but you need to be careful so that the link does not fall into the wrong hands.
Overall, it works great and I love that they have mobile apps and an Outlook add-in. To receive encrypted emails from recipients, they will have to use the service in the same way. In all these cases, it is like using a new email provider just to send secure emails.
There are tons of other sites that pretty much do the same thing as mentioned above, so I won’t list them as they work very well, have most of the features, etc. Again, email is inherently insecure, and Until someone comes up with This is the best way to do email, you will be stuck with these inferior solutions that require the use of third parties to send emails or require you to install some rather complicated software on your computer and the recipient’s machine. If you have any questions, please leave a comment. Enjoy!
–