I’m sure most of you know this already but let me state the facts for the record just the same. E-mail is an inherently insecure medium! Once you click the “Send” button you have no idea where your message will go prior to landing in the InBox of the intended recipient. E-mails you sent years ago to friends, family, clients and lovers can be archived on servers in obscure corners of the world without your knowledge and read without your permission. You might think there are so many e-mails sent worldwide every day that you are safe. After all, who has time to sift through all that mail? The truth is that with a computer it’s really easy to scan e-mails for certain keywords (e.g. username, password, account number) that might flag a particular e-mail for further scrutiny. The general rule of thumb is that you shouldn’t send anything in e-mail today that you wouldn’t want to see in the newspaper tomorrow!
To prevent snooping you need to encrypt your e-mails and attachment files. There are currently two different methods for encrypting e-mail. One is called S/MIME and the other is called PGP. Each have their pros and cons. PGP can be free but can be slightly harder for the average person to set up than S/MIME. I’m going to recommend you start with S/MIME for the simple reason that its built into most common e-mail clients such as Thunderbird and Outlook. Eventually you’ll want to have both systems at your disposal however in order to be compatible with all of your various contacts.
To get started with S/MIME go to Verisign and purchase a $19 Digital ID for Secure E-mail. There are of course other certificate vendors besides Verisign so feel free to use them if you wish. Whatever vendor you choose, follow the directions for downloading the certificate to your browser. Once you’ve got it in your browser you’ll want to save it to your hard disk and then import it into your e-mail client. The import process can be fussy depending on your client software so don’t get frustrated if it doesn’t go right the first time. A look at the manual or some quick references to your google will usually get you unstuck in short order.
Once you’ve got the certificate into your e-mail client you’re all set. You simply send your contacts an e-mail signed with the e-mail certificate. Your contacts can then send you an encrypted message based on certificate. For you to be able to send encrypted e-mails you will need to convince your contacts to also purchase a certificate and send you a signed e-mail. It’s that simple!
Update March 21, 2012
I recently added an article about Voltage SecureMail Cloud service that makes it easy to send encrypted e-mail to anyone! If you are not yet using S/MIME or PGP I suggest you try Voltage as a way to get started using encrypted e-mail.