What is SecureMyEmail?
In a nutshell, SecureMyEmail is an encrypted email service. It's one of three products offered and developed by its parent company, Witopia, as well as the personalVPN Virtual Private Network and CloakBox VPN router.
With SecureMyEmail, there's no complicated toggling of options to worry about. You'll be able to use it in the same way as any other email client. If you'd prefer, you can even make SecureMyEmail your primary email account, or hop back and forth between it and your existing account when you have secure emails to send.
SecureMyEmail also gives you the option to "sign" your emails with cryptographic keys. We'll cover this in more detail later, but this essentially allows you to send encrypted messages to anybody (so long as their email supports IMAP) without fear of them being tampered with.
What is IMAP?
IMAP stands for Internet Message Access Protocol, and basically, it lets you read your emails wherever you are, with any device.
All emails are stored on servers, so when you log into your account and open your inbox, the email client pings the server so you can access your mail. IMAP acts as a go-between for the email server and the email client. You won't download any emails directly if you're using IMAP – you're reading it via the server, and all messages will stay on the server until you manually delete them. So, IMAP makes it easy to stay up to date with your mail regardless of the device you're using – and, as luck would have it, most email addresses support IMAP!
SecureMyEmail claims to be compatible with just about every email service out there; Gmail, Outlook, Exchange, Yahoo Mail, and Hotmail included. Any email address provided by these services can breeze through the SecureMyEmail setup.
Pricing and plans
SecureMyEmail's penchant for simplicity extends to its pricing plans. There's four straight-forward tiers to choose from.
You can pick the free tier, which limits you to a single Gmail, Yahoo, or Microsoft (Hotmail, Outlook.com, Live, MSN) email address. Other than the limit of a single account, there are no other limits on the free tier, which is pretty generous.
After that, your options are a monthly subscription ($3.99/month), a yearly one ($29.99/year), or a single lifetime payment ($99.99). These are quite reasonable rates and they mark SecureMyEmail as one of the more affordable email encryption services out there.
The email service doesn't offer any optional extras or add-ons – what you see is what you get, although if you sign up to either the annual or lifetime plans then you get either a 25% or 40% discount on the cost of their VPN as well.
One issue is that there's also no way to pay for your SecureMyEmail subscription anonymously or through cryptocurrency. Currently, you can only opt for Visa, Mastercard, American Express, and JCB through third-party payment processor Stripe.
Potential customers can put SecureMyEmail to the test themselves with a 30-day free trial. You'll be able to install the app on any device you like, and there's no need to fork over your credit card details, either. Impressively, the trial lets you play with all the service's features. There are no restrictions, nothing's withheld until you go premium, and you can decide in your own time whether you'd like to continue paying for the service.
Below, you can check out SecureMyEmail's most useful features at a glance:
- Encryption for up to eight email addresses.
- No need to make a new email address – you can keep your original one.
- Zero-knowledge encryption.
- Cryptographic email signatures.
- Users receive their very own PGP keys.
- E2E encrypted emails to other SecureMyEmail users.
- E2E encrypted emails can be sent and received from non-SecureMyEmail users.
- Create your own secure contacts list.
- Perfect forward secrecy
Every email service needs a handy Contacts list! SecureMyEmail allows you to curate a secured network where users can verify the identity of potential contacts by exchanging PGP keys, or via Facebook, Twitter, and LinkedIn. These social media trust-checks are baked into the service and provide an extra barrier against impostors and scammers who might seek to assume an alternate identity.
SecureMyEmail allows users to encrypt eight email addresses – you won't need to create a new email address, create a new account, or switch providers to reap the benefits of the service. Additionally, SecureMyEmail users can still send and receive emails from anybody. Any messages you send to non-users will still be encrypted end-to-end, and – as a nice bonus – you can set expiration dates on outgoing emails.
You'll probably already have an email account and address if you're interested in SecureMyEmail (or if you're, you know, a regular internet user). So, you'll also be glad to know that the SecureMyEmail setup process is automated. What's more, you should be able to stick with the same settings you'd normally use – so long as your email address is IMAP-enabled. It's not a perfect process, however, and if you're using a less well-known email provider you may need to complete setup manually.
SecureMyEmail utilizes end-to-end encryption with asymmetric keys – a unique pair of which are generated for the user, and only the user can control them. These keys are 4096-bit and make use of the OpenPGP standard. Your emails (and any attachments) will be safely encrypted before they leave your device, and only the intended recipient will be able to decrypt them. No ISP, government, email provider, or cybercriminal will be able to snoop on the contents of the messages or check out the attachments thanks to zero-knowledge encryption. Not even SecureMyEmail itself will be privy to the details. Your encrypted emails cannot be read or decrypted by the service, seeing as it won't have access to your specific encryption passphrase.
Earlier, we mentioned that SecureMyEmail allows users to sign emails with a unique cryptographic key. This can sound pretty complicated, but it's essentially a way to ensure that the emails you send are authentic, haven't been tampered with, or altered in any way. The messages will be cryptographically verifiable using a pair of unique keys generated for you and the recipient. This comes in particularly handy if you need to send sensitive information, legal documents, or business communications.
Let's stay on the topic of keys for a while. As with any sort of encryption keys are incredibly important – they're the means by which you'll encrypt and decrypt messages, after all. Your private key will be generated on your device and stay there, not the SecureMyEmail servers. By comparison, most webmail services will require the provider to hold your private key on their servers. SecureMyEmail ditches webmail altogether and opts for native software instead. This way, users receive a much better standard of security.
SecureMyEmail is an OpenPGP service and gifts its users legitimate PGP keys. You can keep these keys and use them however you'd like to, and can even swap them with other SecureMyEmail users – all as a result of SecureMyEmail's compliance with the IETF's RFC 4880. You'll even be able to keep your PGP keys if you decide not to pay for a premium plan after your 30-day trial runs out. Just be sure to export your keys into another PGP-compatible service! Users can also import existing keys, and link up with contacts who are also using PGP email.
As you'd expect from a service that prides itself on its security measures, SecureMyEmail lets you set your very own secure passphrase. The service itself won't store this phrase, however, so it's recommended that you make it something memorable – or that you write it down.
If you head into the Settings menu, you'll find the option to change your password and passphrase, as well as determine how long SecureMyEmail should remember your phrase before requiring it to be re-entered (there's another neat setting in this menu, actually – you'll be able to toggle on encryption and cryptographic signatures when composing a new email, as well as set how often SecureMyEmail scans for new messages).
SecureMyEmail also employs layered security practices to protect the connections between user devices and the service's systems. The SecureMyEmail API servers make use of HSTS, and TLS in place of SSL. This grants access to "advanced cipher suites that support elliptical curve cryptography and AEAD block cipher modes", according to the SecureMyEmail website, and GCM cipher suites are included as a cherry on the top. Ephemeral Key Support is also in place to provide perfect forward secrecy.
SecureMyEmail makes its home in Switzerland, hosting (and building) its servers in Swiss data centers that are managed by Better World Security, a Swiss corporation. This is great news for the privacy-conscious amongst us (which should be everyone!), as a Swiss headquarters places SecureMyEmail out of reach of more invasive jurisdictions. Swiss privacy protection laws do not require SecureMyEmail to hand over user information, and thus, the company is not mandated to collect logs of any sort.
SecureMyEmail in use
First things first, you'll want to make your way to the SecureMyEmail website. You can click on Pricing and Downloads, but you'll probably want to make use of the 30-day free trial, so click the shiny orange button that greets you.
Downloading and installing the app is a piece of cake. Each part of the process is brief; go through the license agreement, pick a destination location, and then hit install.
Voilà! Here's the login page. If you already have a SecureMyEmail account you can sign in here. We don't, so we're going to create an account. Again, it's pretty foolproof. All you need to do is provide some basic information – like your name, a password, and the email you'd like to secure.
Next, you'll be asked to create your secret passphrase. This won't be stored and therefore can't be recovered by clicking a handy "forgot your password?" link. SecureMyEmail recommends that you write it down somewhere. Once you've come up with something memorable and secure, your encryption keys will be generated, and your account created – right after you link the service to your email provider.
And here's the moment you've been waiting for – your SecureMyEmail inbox. It's pretty standard-fare and will be easily navigable for anyone who's used webmail before. Sending an encrypted email is likewise very similar.
Pick a recipient, type up a message, add any attachments, and then decide if you'd like to encrypt the email (so that only the recipient can open it) and/or sign it with a cryptographic key (to verify that the contents haven't been messed with). If you do, it's simply a matter of toggling these options on.
You can now set a specific password for the email (your recipient will need to enter this to view the message) or an expiry date – anyone attempting to access the email after this timer runs out will be greeted with a dead link.
Hit send whenever you're ready, and your email will be whisked away and encrypted. The recipient will receive the email as usual, but before they can read the contents will be asked to decrypt the message (and input a password if you requested one). Once they've done so, they'll be able to send you an encrypted response even if they're not a SecureMyEmail user.
Currently, you'll be able to download and install SecureMyEmail on just about any device you have. The service is compatible with Windows, Mac, Android, and iOS systems, and SecureMyEmail claims to be working on creating secure apps for Outlook and Apple Mail, too.
Now that we've had a look at the ins and outs of SecureMyEmail, what's the verdict? All in all, we found SecureMyEmail to be a solid product. It offers an important service at a time when most of us are still using hosted webmail for its ease of use – but SecureMyEmail offers a secure alternative that's almost as simple to understand. Encrypting emails can be tricky at the best of times (and potentially quite costly if certificates are involved), so it's great to see more encryption services stepping up to the plate to offer accessible methods that actually work.
In practice, SecureMyEmail has a couple of foibles that we encountered in our testing. Unlike Gmail or Hotmail, you can't right-click on emails, and refreshing your inbox is a somewhat slow process that takes around 10-12 seconds to complete. It also takes roughly 5-6 seconds to access your billing information, though I'm pleased to say that the rest of the site is nice and responsive!
It's not all doom and gloom, though. SecureMyEmail might be lacking in features compared to some of the more established services out there, but what it does, it does well. End-to-end encryption for non-users is impressive, as is PGP support, and offering both a free version and an unrestricted free trial is particularly generous.
SecureMyEmail ultimately seems like a good place to start with email encryption. If you're interested in a service for personal use, or if you're part of a small business, it might be just the ticket.