If you're not making use of encryption with your email, you should be. More and more sensitive information is being passed between recipients, much of which is being sent in plain-text form. That means one thing: anyone can read it. To thwart that, we turn to encryption technology that promises to obfuscate that sensitive information; and it works.
Or, at least, it would work if more people would adopt it. Thing is, for the average user, encryption is simply too difficult to make use of. Which is why companies are doing their best to try and simplify encryption for email purposes. Some have succeeded, some have not.
One particular service has done a fairly good of making encryption simple. That app is Secure My Email. It's available for Android, Windows (Thunderbird-only at the moment), Mac (Thunderbird-only at the moment), with versions for iOS, Outlook, and Apple Mail on the way. Do note, if downloading for Windows or Mac, you have the option of downloading a version which includes Thunderbird. If you're already using Thunderbird, you only need to download and install the necessary plugin. You can test Secure My Email with a 30 day free trial. After that, the service is 99 cents per year. That's cheap.
How SecureMyEmail Works
- You install the app on your device
- You create an account
- Create/confirm a super-secret email passphrase for your account
- Wait for your security keys to generate
- Configure your profile (add a picture and social networks - this is optional)
- Select your email provider (Figure A)
- Configure your email provider
- Invite contacts (optional at this point)
- Start using
Here's where a caveat comes into play. Anyone that has used or uses email encryption will see this coming a mile away. With SecureMyEmail, you can sign and/or encrypt outgoing email. You can send a digitally signed email to anyone and they can read it. However, in order to send an encrypted email to another user, you must have their public key imported. With EncryptMyEmail, there is no facility to import public keys of other users; the only way to do this is if the recipient is a subscribed SecureMyEmail user and must be using either the SME app or the Thunderbird plugin.
So let's put that two and two together: In order for you to use SecureMyEmail beyond the 30 day trial, you must pay the very minimal 99 cents a year for usage. However, in order for you to make use of the service, those you want to securely communicate with must also subscribe, albeit at minimal cost.
The good news (besides the minimal cost) is that SME has a built-in tool to invite your contacts. If you open up the app and then tap the menu button (three horizontal bars in the upper left corner) and tap "Contacts," you can then tap the "ADD" button to send an invite to whomever you need to communicate with securely (Figure B).
That's where the caveat ends. From this point on, everything is incredibly easy. So easy, in fact, any level of user can add encrypted email to their daily routine. Ultimately, that's the point; by offering an app/service, at a very minimal cost, SecureMyEmail enables anyone to encrypt their communications.
Using more than one device
Before you ask, yes, you can use more than one device. However, the trick behind that is you have to make sure your encryption key is on all devices to be used. To accomplish that, you must instruct the app how you want to do this. There are three methods:
- Permanently upload your key to SME, which will allow you to set up other devices at any time
- Upload your key to SME for 30 minutes, which will be available for 30 minutes before it is permanently deleted from the SME servers
- Export, which allows you to export your key from mobile device to PC
The easiest method is to simply select Upload for 30 minutes, go to the device you want to add the key to (which must also be signed into your SME account), open up SME on the second device, go to Settings | Account, and tap Sync Device (NOTE: If using Thunderbird, this same process is in Settings | Account | Sync Device | Sync). Once the sync completes the key is ready to use.
What about security?
Anyone who happens to be very aware of security, might well be asking this one question: Can SME read my encrypted email? The answer is no. The company behind SME does not have access to your encryption passphrase; without that, your email cannot be decrypted. Of course, one should never say never. Encryption isn't perfect. Should the right person gain access to your encrypted email, they could brute force the data out of the email. But then, that could happen with nearly any encryption system. And if you accidentally give out your encryption passphrase? Well, don't do that.
In the end, however, the SecureMyEmail has succeeded in making the sending of encrypted email as easy as sending standard email. That, my friends, is an accomplishment.
If you're in need of quick and easy email encryption, SecureMyEmail is smart (and cost-effective) way to go. Yes, you can get more flexible and cheaper encryption, but the associated complexity might be too much for certain users. For the technically challenged, SME might be the best way to go.
- Why email encryption is failing, and how to fix it (TechRepublic)
- How to manage multiple GPG keys in Thunderbird (TechRepublic)
- How to work with PGP keys using GnuPG (TechRepublic)
- Personal vs. corporate email: The security threats differ, says Google (TechRepublic)
- Email Privacy Act passed by House, but don't get your hopes up (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.