How to send a secure email

Edward Snowden’s explosive revelations in the summer of 2013 exposing to the world the alarming extent of the NSA’s mass surveillance practices sent shockwaves around the globe and triggered a profound shift in the ways we think about our digital privacy.

When you find out that all of your digital correspondence – emails, text messages, video calls, cell phone calls – have been surreptitiously intercepted by the government for surveillance purposes, you would tend to reconsider how you go about keeping your private correspondences private.

This is, to a significant extent, why so many internet users want to know how to send a secure email and keep their emails private not just from government agencies, but also from cybercriminals looking to steal sensitive personal information, and from their email providers themselves who often scan emails and share the data gleaned from users’ emails with various third party entities.

In this article, we break down for you how to send a secure email and what kinds of tools and methods are at your disposal to ensure your email correspondences remain private and inaccessible to unauthorized parties. 

Why you would need to send a secure email

The truth is that email has never traditionally been a secure medium for communication. Only recently have people really begun extensively taking stock of how unsecure traditional email correspondence can truly be and taking action to keep their emails secure.

Now, you may be thinking that you’ve got nothing to hide, so there’s no reason to worry about securing your private email correspondences. After all, only criminals really need to concern themselves with securing their communications. This is an extremely common, yet entirely flawed, way of thinking, and Snowden himself has famously discredited this type of mentality.

[[post-object type=”blockquote” author=”Edward Snowden”]]Arguing that you don’t care about privacy because you have nothing to hide is like arguing that you don’t care about free speech because you have nothing to say.[[/post-object]]

While many people may still subscribe to the mindset that they have nothing to be concerned about if they have nothing to hide, the reality is that there is plenty to be concerned about, and there are plenty of concrete reasons for people to encrypt their email communications and protect their privacy. This is true whether you’re an investigative journalist, dissident, whistleblower, or just an ordinary average citizen.

Let’s take a look at some of the most compelling reasons why anyone would need to send a secure email:

To protect against government surveillance efforts

As we mentioned earlier, mass government surveillance practices are extensive. And this is true not just under authoritarian regimes like in China or Iran, but also in the United States, the UK, Australia, Canada, Germany, and other Western countries as well.

Mass surveillance is not an aberration, it’s the norm and it can be pernicious to the point of being illegal. Do you really want the NSA or any other government agency knowing virtually everything about you and having the ability to pull up virtually any digital communication you’re sending or receiving? Probably not.

Such unwarranted surveillance is unduly invasive and a direct affront to our civil liberties and our fundamental rights to privacy. When you send a secure email, you can encrypt your communication so that only you and the other party you’re securely communicating with can access the content of the message.

Sending an encrypted email preserves your privacy and effectively makes it impossible for government entities to snoop on your secure email communications. This is especially important for those whose job responsibilities require complete confidentiality in their communications, but it’s also vital for anyone who generally doesn’t want the government trampling on their privacy rights.   

To protect against threats posed by cybercriminals

Have you ever sent sensitive personal information in an email and thought, ‘welp, I sure hope that email doesn’t somehow end up in the wrong hands’? This is a truly disconcerting thought, because if someone other than the intended recipient(s) gets their hands on the email – especially if that someone happens to be a cybercriminal – the results could potentially be catastrophic.

Sending an email containing sensitive personal data like your medical information, financial account information, social security number, address, or phone number, can be extremely risky because cybercriminals need only a minimal amount of personal data to exact maximum harm. With access to sensitive personal data like this, cybercriminals can compromise your online profiles, drain your bank accounts, and even steal your identity.

This is why sending secure emails is critical, particularly if the email you’re sending contains sensitive personal information. 

To prevent email providers from monitoring emails and sharing data with advertisers

Email providers have been known to monitor and scan users’ email messages to facilitate targeted advertising efforts. Though in 2017 Gmail apparently discontinued the practice of scanning emails for advertising purposes, that doesn’t necessarily mean that Google has ceased scanning emails for other purposes. For example, Gmail’s “Smart Reply” feature offers relevant suggestions for quick, canned replies to an email you’ve received based on the contents of its message.

So if you don’t want your email provider to scan or monitor your email messages for advertising or any other purposes, then you’ll want to send secure emails that effectively keep the contents of those messages private and inaccessible to anyone other than you and the party you are communicating with via email.  

How to send a secure email

Now that you know the reasons why you’d want to send a secure email, we’re guessing you’ll probably want to know how to actually do it. There are a couple of ways to go about doing so, each with certain inherent advantages and disadvantages, but the bottom line is that if you’re going to send a secure email, then your email message will need to be encrypted. When you encrypt an email message, you’re essentially scrambling the contents of that message and making it impossible for anyone without the encryption key to unscramble the message.

Let’s examine a few of the options that are available to you if you want to send a secure email: 

Encrypt emails in popular email clients 

Many of the big-name web-based email providers will allow users to encrypt their emails using either one of the two main email encryption protocols, S/MIME or OpenPGP. The downside is that it may not always be a simple or straightforward process to do so directly from within your web-based email provider’s interface, and you may have to pay for it.

For example, if you want to send a secure email on Gmail, you will first need to enable S/MIME encryption by signing into Gmail using a GSuite administrator account. GSuite accounts are primarily for business purposes, but you could theoretically set up an account for your personal use. The other issue with this is that the recipient(s) you are emailing will also need to have S/MIME encryption activated in order for this to work.

Similarly, Outlook also supports S/MIME encryption and you’ll need to enable it manually, but before you do so, you’ll need to obtain a certificate (or digital ID) from your organization’s administrator. This, admittedly, isn’t the most streamlined process, nor is it likely to be a very practical solution for most personal email users. Check out our how to encrypt outlook emails for more information about this.

You can, however, bypass these issues by installing a free third-party tool like Mailvelope to encrypt your emails with ease. Mailvelope works with many of the most popular email services like Gmail, Yahoo!, Outlook, Hotmail, and GMX. But again, the recipient(s) of your encrypted email message will also need to be using similar PGP/OpenPGP software to decrypt the email and read the contents.

Use a dedicated secure email provider

If you don’t want to go through the trouble of manually enabling S/MIME or OpenPGP encryption on your traditional web-based email account, a much easier way to send a secure email is to create an account with a secure email provider.

With a secure email provider like ProtonMail, you’ll be able to send secure, encrypted emails to others regardless of whether they use the same secure email provider that you use, and your recipient(s) will also be able to respond securely. Many secure email providers implement OpenPGP encryption to secure users’ emails and will allow users to easily send and receive secure, encrypted emails with others who have OpenPGP encryption enabled with their email clients. If your recipient does not have PGP enabled, then you’ll still be able to send an email securely to that recipient that can only be opened using a shared secret.

Basically, when you use a secure email provider you’ll be able to easily protect sensitive messages by encrypting them, all on a platform that is typically as simple to use as the big-name email providers like Gmail, Yahoo!, or Outlook.

But unlike those big-name providers, a secure email provider won’t annoy you with advertisements or monitor your emails (since it can’t even access them thanks to end-to-end encryption).

The downside is that, in order to access a secure email provider’s full slate of features, expanded storage, and unrestricted messaging, you’ll need to pay.

Many of the best secure email providers do, however, offer a free tier (with certain limitations) that will allow you to send and receive secure emails for free. If you’re only going to be sending a limited number of secure emails, then a free option could certainly be a viable solution, but if you’re planning on conducting the majority of your email correspondence in a secure manner, then purchasing a premium subscription will be necessary. 

Final thoughts 

These days, it is becoming increasingly vital for internet users to take concrete steps to protect their digital privacy. One of those steps includes ensuring that online communications remain secure and uncompromised by unauthorized parties, and especially email communications since email is such a notoriously unsecure platform for communicating online. Luckily, there are secure email providers that fully understand the importance of securing email communications and can help users easily keep their emails secure and private.

If you want to send secure emails, then it’s definitely worth it to consider signing up with a secure email provider. If you’d like to learn more about email security in general, we’d also recommend reading our Beginner’s Guide to Email Security, which is an awesome resource filled with detailed information on everything you’d need to know about keeping your email secure.