Helping people with computers... one answer at a time.
Email is architected as a fairly unsecure media. That means that there are many things that can go wrong when email gets delivered and protecting yourself can be difficult.
I recently had to send some very private identification papers over email. Now normally I wouldn't do this and I would use snail mail instead but this was very urgent and I thought I would take a chance. As far as I know, no ill has come of it but I was wondering what ways are there to send emails securely across all platforms and also be sure that the right person on the other end gets it?
In this excerpt from Answercast #41, I look at the issue of sending documents securely through email.
Unfortunately, email is architected as a fairly unsecure media. That means that there are many things that can go wrong when email gets delivered. That's not to say that it happens often and in fact, the email system is amazingly robust given the volumes, the massive volumes of email that traverse it every day.
But, the fact is anything from a typo in an email address to a misconfiguration in an email server can certainly cause email to be delivered to the wrong email address. So when that happens, how do you protect yourself?
The only way I'm really sure of being protected in the scenario that you outlined is to use encryption.
That means that you don't send the private document unencrypted.
You encrypt it first.
There are a couple of different ways to do that. You could certainly go the whole-hog route where you use GPG encryption, which is a public key encryption.
You encrypt your message using their public key;
And then they're the only ones that can decrypt your encrypted document using their private or secret key.
Now, in general, GPG tends to be a little bit more involved than most people want; email encryption is in fact hard.
What I actually recommend, in the most common case:
You can send that document via email to your recipient. You can then give them that password through some other channel; maybe via Instant Messaging; maybe via actually picking up the phone and telling them what the password is.
Just make sure that the password travels a completely different route using a completely different technology than the document you are attempting to send to someone else.
Typically, things like 7-Zip, using zip format, are very common and are easy for people to decrypt and expand.
Most operating systems today (Windows, Mac and so forth) all include native zip ability, so that tends to be the safest. It's actually pretty darned secure as long you put a good password on it.
So, that's the technique that I would actually recommend you use in the
Next from Answercast 41 – Can I delete what appears to be redundant entries in the updates list?
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.