How to Send a Truly Private Email (Can It Be Done?)

Email is a vital way to communicate with colleagues, clients, and friends.

But it's not inherently private.

Hackers, government agencies, or even your employer can intercept your messages.

If you need to send confidential information, it's important to protect it.

Can It Be Done?

Yes, it's possible to send a private email.

However, no method offers 100 per cent guaranteed security.

Even if you take all the right precautions, there's always a risk (however small) that your email could be intercepted.

Sending a Private Email

As a writer and researcher in cybersecurity, I've seen firsthand how email security has evolved.

One instance that stands out is when a colleague accidentally sent sensitive client information to the wrong recipient.

Incidents like this highlight the need for secure methods that help prevent human error and cyber attacks.

Email interception can happen due to:

• Cyber Threat: Malicious third parties can use various techniques to intercept your emails if they aren't protected.
• Human Error: It's easy to send a private email to the wrong person by typing in or accepting an autofilled address.

To send a private email, you need to protect against both of these risks. This can be done by encrypting data and authenticating recipients.

Encryption scrambles message data so it's unreadable to anyone without the correct key.

Authentication protects the keys needed to decrypt the message data, releasing them only once the right people have passed certain checks.

To truly protect an email, you need end-to-end encryption to disguise a message from sender to recipient and authentication to verify that the recipient is the right person to unscramble it.

Different Types of Encryption

Several encryption methods can be used to protect private emails.

The most common types include:

Transport Layer Security (TLS)

This is a standard security protocol used to encrypt data in transit.

When you use TLS to send an email, the data is scrambled before it goes over the internet, which makes it very difficult for anyone to intercept and read.

Pretty Good Privacy (PGP)

This is a more advanced encryption method that uses a stronger algorithm than TLS.

PGP is also more flexible, as it allows you to encrypt emails for specific addresses.

AES-256 (End-to-End)

This method uses a 256-bit key, making it extremely difficult to break, even with powerful computers.

AES-256 encryption can be combined with authentication methods to make sure only verified recipients can access the keys needed to decrypt and read sensitive email data.

"Email security is not just a technical requirement; it's a fundamental aspect of modern communication.

Businesses and individuals alike must prioritise it."

– Paul Holland, Founder, Beyond Encryption

Which Type of Encryption Should I Use?

TLS encryption is suitable for everyday personal emails and is used by most email providers, including Outlook and Gmail.

However, for truly secure emails, you should use AES-256 or PGP encryption, combined with recipient authentication.

For military-grade security – suitable for highly sensitive information – businesses should use AES-256 encryption to prevent breaches.

Different Types of Authentication

Several recipient authentication methods can be used to secure emails.

The most common methods are:

Question-and-Answer Authentication (Q&A)

This method can be highly secure if the question and answer are unique to the sender and recipient.

For instance, a question about a shared experience or inside joke would be difficult for a hacker to guess.

However, this might not be suitable for business communication or sending emails to new contacts.

SMS Code Authentication

This method is convenient and widely accessible.

It has been shown to block 99.9% of automated cyber attacks.

However, its security depends on the recipient's mobile phone security.

If a hacker gains access to the recipient's phone number, they could potentially intercept the code.

Government Document Authentication (ID&V)

This method offers the strongest verification, as it requires a government-issued ID for access.

This is ideal for highly sensitive information exchange but might be considered an excessive security measure for everyday communication.

The best authentication method depends on the context and sensitivity of the information you're sending.

Consider factors like recipient familiarity and ease of use when choosing a method that balances security with practicality.

How to Send a Truly Private Email

To send a truly private email, you should use a secure email service that uses encryption and recipient authentication.

Pick the right methods based on your needs – for everyday emails, TLS might be enough, but highly sensitive information might call for stronger measures like AES-256 and ID&V authentication.

For business use cases, read our rundown of the best secure email services to help you protect sensitive data.

FAQs

What Is the Most Secure Method for Sending Emails?

Using AES-256 encryption combined with recipient authentication is the most secure way to send emails, especially for highly sensitive information.

Why Is Email Encryption Important?

Email encryption makes sure that only intended recipients can read your message, protecting it from interception by hackers, employers, or other third parties.

Can I Encrypt Emails Using Popular Email Providers?

Yes, many popular email providers like Gmail and Outlook support TLS encryption by default.

For stronger security, consider adding tools or services for end-to-end encryption.

What Is Recipient Authentication?

Recipient authentication verifies the identity of the email recipient using methods like Q&A, SMS codes, or government-issued IDs.

This helps make sure only the right person can unlock the email.

References

One Simple Action You Can Take to Prevent 99.9 Percent of Account Attacks , Microsoft, 2019

Reviewed by

Sam Kendall, 27.03.24

Sabrina McClune, 24.12.24