If you need to send sensitive or private information via email, it is vital that you encrypt those files to ensure that they cannot be intercepted or accessed by your email provider.
Regular email attachments are unprotected, which means that they are delivered in a potentially accessible state. As a result, you must secure your attachments using end-to-end encryption if you want to gain adequate privacy levels.
Whether you are emailing sensitive personal information, business data, or anything else that you want to keep secure and private, knowing how and why to send secure email attachments is crucial. In this guide, we will discuss the primary methods for sending them securely, and teach you everything you need to know to begin protecting your attachments so that they can only ever be accessed by their intended recipient.
What kind of email data needs to be secured?
People have a multitude of reasons for wanting to send secure email attachments. Personal and private information of a sensitive nature should not sit around on company servers in plain text, because this results in the potential for data leaks or breaches. The same is true of important personally identifiable information, IDs, payment details – and anything else that can potentially be leveraged to engage in fraud or identity theft.
Businesses also often need to send secure email attachments either to protect sensitive business information or to communicate consumer-related data in such a way that it is secure and compliant with data privacy regulations. This includes things like names, addresses, payment details, intellectual property, R&D data, and anything else that the company needs to communicate in such a way that it remains completely private and secure.
What is end-to-end encryption?
End-to-end encryption is a form of encryption that ensures your data is securely scrambled to make it inaccessible to anybody but the sender and the recipient. This type of encryption happens locally on your machine so that the data is already secure when it is transported over the internet. This ensures that the data cannot be intercepted, and is not available to anybody – whether in transit or when it is received by the recipient's email provider.
End-to-end encryption (E2EE) works by encrypting the attached data with a key that is only known to the sender and the recipient. Without this key, the data in the attachment is an indecipherable mash of data, meaning that whatever is contained within the attachment is completely safe and private.
The great thing about this kind of encryption is that you don't need to worry about cybercriminals attacking your email provider's servers. Because, even if they do, your private information is already secure.
In addition, E2EE protects your data against being snooped on by the email company itself, which are known to sometimes analyze the contents of email inboxes (and potentially even share that information with third parties) for marketing reasons or for purposes of developing new products and services.
Finally, end-to-end encryption ensures that your emails are safe against the potential of government surveillance. By encrypting your data with E2EE, it is impossible for the email provider to give the authorities access to the private contents of your emails, even if it is approached with a warrant.
How do you send an encrypted email attachment?
There are a number of different ways to send secure email attachments that are completely private. Below, we will take a look at the various different methods that are available. It is worth noting that the method that is available to you will depend on which email provider you use. Not all email providers are the same, and not all provide the means for using all of the methods below.
S/MIME
The most common method for sending encrypted email attachments is to use an S/MIME certificate (Secure/Multipurpose Internet Mail Extensions). This kind of encryption leverages public-key (asymmetric) cryptography, which requires both a public encryption key and a private one known only to the recipient and sender.
This type of encryption relies on a trusted third party to authenticate the digital identity of the sender and the recipient, which ensures that the two entities are who they claim to be. To enable this, the system uses a digital certificate, which is validated by an external Certificate Authority to ensure that the sender and recipient are who they claim to be. This prevents email spoofing and fights against the threat of phishing.
When sending a secure email attachment using S/MIME, the sender and recipient must both have an S/MIME certificate installed on their email client. The sender then uses their intended recipient's public key to encrypt the email and send it over. The recipient's email client then decrypts the email using the private key.
The drawback of S/MIME is that it can and will only work if both the sender and recipient have an S/MIME certificate installed and enabled on their client. As a result, if you email a recipient who uses a different platform that doesn't implement S/MIME your email may not be secure.
To send an email encrypted with S/MIME follow the steps below:
- Create a new email and fill in the usual details, the recipient, subject line, write your message, and add the attachment.
- Select Options in the email client and choose Encryption (this will vary according to your email client)
- Click Encrypt with S/MIME.
- Send the email
PGP
PGP stands for Pretty Good Privacy, and it has been around since way back in 1991. It is an encryption system that has become most people's preferred standard for sending encrypted emails.
OpenPGP (an open-source standard of PGP encryption software) is now considered the gold standard for sending secure emails. It uses both symmetric and public-key cryptography (asymmetric encryption) to provide users with a way to send secure email attachments.
The benefit of PGP's hybrid cryptographic system is that it permits internet users who have never actually met to send encrypted messages to one another without the need to exchange private encryption keys.
However, it is worth noting that as PGP evolves within email clients to support newer features and algorithms this can lead to compatibility issues. As a result, it is vital that both senders are recipients are aware of the other's PGP settings and have ensured that they are set up to successfully send each other securely encrypted emails.
A major benefit of PGP is that it can provide both message authentication and integrity checking. This allows the authenticity of the sender to be validated and allows the email client to check that an email has not been tampered with since it was encrypted and sent.
Finally, it's worth mentioning that in order to send each other PGP encrypted emails, internet users often publish a PGP fingerprint publicly either online or via other means such as on a business card.
This allows a potential sender to validate that the hash of the public key they have downloaded is the correct PGP Key for their intended recipient, and is a good way to facilitate the receipt of encrypted emails from previously unknown contacts and sources.
How to send a PGP encrypted email:
The easiest way to send a PGP encrypted email is for you and your contact to subscribe to a reliable, secure email provider like ProtonMail. That said, you can easily send PGP encrypted emails using any email service by following the steps below:
- Download and install the third-party email client Mozilla Thunderbird (it is free and will work with all popular email services).
- Set up your existing email account to work with Thunderbird.
- Download and install GNU Privacy Guard. GnuPG lets you encrypt and sign your data to send encrypted emails using OpenPGP.
- Download Enigmail and add it to Thunderbird (Thunderbird menu Tools > Addons). This software allows you to send encrypted emails and email attachments using GnuPG.
- Get your PGP keys: open Thunderbird, then go to Enigmail/p=p menu > Select Key Management
You are now ready to start sharing your PGP fingerprint (public key) to allow people to send you PGP encrypted emails! Alternatively, you can use somebody's public key to send them an encrypted email.
Symmetric encryption
This type of encryption relies on sharing the encryption key with your intended recipient, which means that you must find a way to securely share that password with your contact so that they will be able to decrypt the attachment once they receive it.
The most secure form of symmetric encryption is AES-256. Anybody wanting to encrypt data before they email it can choose to do it themselves using symmetric encryption by zipping up the document, file, or folder up on their computer with a password.
Once the file has been zipped up in a password-protected archive, you can then upload it as an attachment to your email. This method ensures that the password must be shared with your intended recipient and will be needed to decrypt the contents of the zipped archive to gain access to its contents.
Alternatively, you could use the excellent encryption tool NordLocker to encrypt your data and send it to a contact password protected. Nordlocker allows you to encrypt any of the data on your computer, which you can then upload in an encrypted state as an attachment to your email client.
NordLocker even has a 'cloudlocker' feature with cloud storage space that you can use to back up your data in a completely private and secure way. You can find out more in our NordLocker review. Or click the link below to head over to NordLocker and download this superb encryption and backup tool for free.
Choose a secure email provider that has strong E2EE encryption
If you want to send emails and email attachments that are protected using reliable encryption such as PGP, the best option is to get an email account with a secure email provider that has a focus on privacy and security.
There are a number of market leading email providers on the market that put privacy and security first, and by subscribing to one of these services, you will have fully integrated means to send encrypted emails and attachments to your contacts in the easiest way possible.
For more information on choosing an email provider that comes set up natively to apply encryption to emails and attachments head over to our most secure email providers article or check out our email provider reviews and guides for more details.
Ultimately, picking an email provider that promises to leave the contents of your emails alone in its privacy policy and that provides the means for sending encrypted emails and email attachments natively within its client will provide a much better experience for anybody who wants to send private and secure emails.
How to send a secure email attachment using Gmail
Google has been promising to provide end-to-end encryption for emails for many years, but it hasn't done so yet. As a result, you will need to use a third-party extension such as Mailvelope to send a secure email attachment to your intended recipient using E2EE.
The good news is that Mailvelope (and other third-party solutions) are available for free. These extensions can be installed and used with your existing Gmail account to send encrypted email attachments using PGP (as long as both the sender and recipient have PGP set up and enabled in their email client.
If you want to download and begin using an extension to secure your emails and email attachments with encryption using Gmail, you can do so by following the steps below:
- Download the email encryption extension that you want from the Chrome web store (we have recommended a few below).
- Compose your email message in Gmail.
- Attach your document to the email using the encryption extension.
- Customize the security settings using the extension (you can choose which recipient should receive access, set permissions, and even add a watermark to allow for tracking and identification, for example). Depending on which extension you use, you may also be able to specify a date when the document will automatically expire.
- Insert the secure Gmail attachment into the email as a link and send.
Extensions for encrypting Gmail emails and attachments:
- Mailvelope
- FlowCrypt
- Lockmagic
- SendSafely
- Snapmail