Helping people with computers... one answer at a time.

Email is architected as a fairly unsecure media. That means that there are many things that can go wrong when email gets delivered and protecting yourself can be difficult.

I recently had to send some very private identification papers over email. Now normally I wouldn't do this and I would use snail mail instead but this was very urgent and I thought I would take a chance. As far as I know, no ill has come of it but I was wondering what ways are there to send emails securely across all platforms and also be sure that the right person on the other end gets it?

In this excerpt from Answercast #41, I look at the issue of sending documents securely through email.

Secure email

Unfortunately, email is architected as a fairly unsecure media. That means that there are many things that can go wrong when email gets delivered. That's not to say that it happens often and in fact, the email system is amazingly robust given the volumes, the massive volumes of email that traverse it every day.

But, the fact is anything from a typo in an email address to a misconfiguration in an email server can certainly cause email to be delivered to the wrong email address. So when that happens, how do you protect yourself?

Encrypt the data

The only way I'm really sure of being protected in the scenario that you outlined is to use encryption.

  • That means that you don't send the private document unencrypted.

  • You encrypt it first.

There are a couple of different ways to do that. You could certainly go the whole-hog route where you use GPG encryption, which is a public key encryption.

  • You encrypt your message using their public key;

  • And then they're the only ones that can decrypt your encrypted document using their private or secret key.

Email encryption is hard

Now, in general, GPG tends to be a little bit more involved than most people want; email encryption is in fact hard.

What I actually recommend, in the most common case:

  • Is that you use a tool like 7-Zip or AxCrypt;
  • Or if you have a large number of files, use TrueCrypt, and create an encrypted volume with a secure passphrase or password.

You can send that document via email to your recipient. You can then give them that password through some other channel; maybe via Instant Messaging; maybe via actually picking up the phone and telling them what the password is.

  • Just make sure that the password travels a completely different route using a completely different technology than the document you are attempting to send to someone else.

Receiving the encrypted file

Typically, things like 7-Zip, using zip format, are very common and are easy for people to decrypt and expand.

Most operating systems today (Windows, Mac and so forth) all include native zip ability, so that tends to be the safest. It's actually pretty darned secure as long you put a good password on it.

So, that's the technique that I would actually recommend you use in the future.

Article C5659 - August 5, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

2 Comments
Katie Campbell
August 6, 2012 11:37 AM

I agree with Leo - encryption is the only way to ensure that a message is sent securely across the web. You should check your state's data privacy laws because (at least in MA) any information deemed PII, MUST be encrypted when it travels across public networks. If not, you are in violation of the law. See the rules for handling PII here: http://www.gsa.gov/portal/content/104276

Encryption can certainly be difficult and confusing to do on your own - especially if you are not an IT person. You should look into an automated secure communication solution like Ziptr - www.ziptr.com

A Richter
August 9, 2012 1:51 AM

All good suggestions; 7-zip would be preferable to AxCrypt unless only one file is involved. I also believe the latter only uses 128-bit encryption. Should the attachment be too large for email, it could be (zipped securely first!) posted on, say, Adrive (50 GB free storage), link sent to recipient direct, password separately by other means.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.