Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Sending email encrypted or password protected
- Thread starter machenryr
- Start date
- Sort by reaction score
There have been many ways of adding encryption to e-mail over the decades and yet all of them have failed to gain any traction from the general public.
Today, the concept of secure e-mail for the masses is still an abject failure. To use Steve Jobs' words, secure e-mail is a "bag of hurt" even in 2020. The technology has been for decades but Joe Consumer doesn't care to put in the minimal amount of effort to secure his electronic communications.
All of the secure e-mail solutions require all parties to stringently stick with the system they choose.
Two more modern web-based systems are Protonmail and Tutanota.
Protonmail is web-based but there's an iOS client app. There's also a method of using your Mac's mail app to fetch mail from Protonmail's secure servers but last I recall, it requires a bridge utility to always be running in the background.
Tutanota has webmail, iOS, and Mac application. It is newer than Protonmail but as far as I can tell, it does the same thing.
Both Protonmail and Tutanota can only guarantee end-to-end encrypted e-mail by two parties using those specific systems. If you use Protonmail to send to a Gmail recipient, it is no longer encrypted when it hits the Gmail server. I believe both Protonmail and Tutanota can accommodate vanity e-mail domains (like machenryr@machenry.com) but typically there is an upcharge for this.
Have you ever received an e-mail from the protonmail or tutanota domain? Probably not since you asked this question. That speaks pages about the two systems' acceptance. That's because the people who are sending you e-mail don't really care about secure e-mail communications. That's probably 99.99% of all Internet denizens. The ones who do care are mostly waiting for something more convenient to show up. And we are still waiting after decades.
There's also the notion of trust. If Protonmail and Tutanota say they are secure, how secure? Like NSA secure? Corporate IT secure? Or laptop guy at the next table in the coffee shop secure? Do they have the ability to decrypt messages? Where are their servers? How well are they physically protected? What happens to your messages if they go out of business and shut off their machines? Et cetera ad nauseum.
There are two older forms of e-mail encryption. GPG keys and S/MIME e-mail certifications.
GPG keys use extra software to sign and encrypt messages. The recipient has to do the same. It's super kludgy which is why no one uses this today. There are still GPG mail utilities that do this with a plethora of online tutorials, mostly written ages ago.
A slightly cleaner way is to get an S/MIME e-mail certificate and load that into your Mac's keychain. There are plenty of old tutorials that instruct you how to do this. You can even install an S/MIME certificate on your iPhone to send signed-and-encrypted e-mails from iOS Mail. Again, the recipient has to do the same thing (get an S/MIME cert, install, etc.). About five years ago, one could get a free S/MIME certificate from Comodo but they stopped issuing them a couple of years ago. Today, one has to pay for an S/MIME certificate. Like GPG mail, S/MIME never gained traction from the general computing public.
Today, perhaps the most reasonable secure e-mail alternative is simply using Protonmail and alert the recipient via Signal secure messaging to check their Protonmail inbox. Or do the opposite: send an email/SMS/social media message saying "let's move this conversation to Signal and converse securely".
Again, all parties must use the same system. If you have a GPG-signed message and send it to a Tutanota recipient, they can't read it. If you log into Signal and the other party logs into Facebook Messenger, that doesn't work.
Summary: try them out. They all suck in their own way. However the biggest barrier is disinterest from Joe Consumer who cannot tolerate inconvenience.
Today, the concept of secure e-mail for the masses is still an abject failure. To use Steve Jobs' words, secure e-mail is a "bag of hurt" even in 2020. The technology has been for decades but Joe Consumer doesn't care to put in the minimal amount of effort to secure his electronic communications.
All of the secure e-mail solutions require all parties to stringently stick with the system they choose.
Two more modern web-based systems are Protonmail and Tutanota.
Protonmail is web-based but there's an iOS client app. There's also a method of using your Mac's mail app to fetch mail from Protonmail's secure servers but last I recall, it requires a bridge utility to always be running in the background.
Tutanota has webmail, iOS, and Mac application. It is newer than Protonmail but as far as I can tell, it does the same thing.
Both Protonmail and Tutanota can only guarantee end-to-end encrypted e-mail by two parties using those specific systems. If you use Protonmail to send to a Gmail recipient, it is no longer encrypted when it hits the Gmail server. I believe both Protonmail and Tutanota can accommodate vanity e-mail domains (like machenryr@machenry.com) but typically there is an upcharge for this.
Have you ever received an e-mail from the protonmail or tutanota domain? Probably not since you asked this question. That speaks pages about the two systems' acceptance. That's because the people who are sending you e-mail don't really care about secure e-mail communications. That's probably 99.99% of all Internet denizens. The ones who do care are mostly waiting for something more convenient to show up. And we are still waiting after decades.
There's also the notion of trust. If Protonmail and Tutanota say they are secure, how secure? Like NSA secure? Corporate IT secure? Or laptop guy at the next table in the coffee shop secure? Do they have the ability to decrypt messages? Where are their servers? How well are they physically protected? What happens to your messages if they go out of business and shut off their machines? Et cetera ad nauseum.
There are two older forms of e-mail encryption. GPG keys and S/MIME e-mail certifications.
GPG keys use extra software to sign and encrypt messages. The recipient has to do the same. It's super kludgy which is why no one uses this today. There are still GPG mail utilities that do this with a plethora of online tutorials, mostly written ages ago.
A slightly cleaner way is to get an S/MIME e-mail certificate and load that into your Mac's keychain. There are plenty of old tutorials that instruct you how to do this. You can even install an S/MIME certificate on your iPhone to send signed-and-encrypted e-mails from iOS Mail. Again, the recipient has to do the same thing (get an S/MIME cert, install, etc.). About five years ago, one could get a free S/MIME certificate from Comodo but they stopped issuing them a couple of years ago. Today, one has to pay for an S/MIME certificate. Like GPG mail, S/MIME never gained traction from the general computing public.
Today, perhaps the most reasonable secure e-mail alternative is simply using Protonmail and alert the recipient via Signal secure messaging to check their Protonmail inbox. Or do the opposite: send an email/SMS/social media message saying "let's move this conversation to Signal and converse securely".
Again, all parties must use the same system. If you have a GPG-signed message and send it to a Tutanota recipient, they can't read it. If you log into Signal and the other party logs into Facebook Messenger, that doesn't work.
Summary: try them out. They all suck in their own way. However the biggest barrier is disinterest from Joe Consumer who cannot tolerate inconvenience.
Last edited:
When I was closing on my house, I used Sendinc a time or two. It's free and it's simple. You can pay for more features, but the free account gets you:
- Military-grade encryption
- 7 Day limited message retention
- 100MB message storage
- 10MB max message size
- 20 recipients per day
Are you trying to send an encrypted attachment? Or are you asking if you can encrypt an email, then send it as an attachment.
ZIP files can be encrypted. From Terminal, use:
zip -e archivename.zip filename
or
zip -er archivename.zip directoryname
With either, you will be prompted to enter a password. Now send the email with the encrypted file and call or text them with a password so it is not intercepted with the email.
An email can be exported to PDF in the Apple Mail app, File > Export to PDF. Then, put the PDF in an encrypted zip file per above.
I wish you had included this important detail in your original post. I wouldn't have spent all that time crafting a reply that is basically useless.
🤷🏻♂️
Anyhow, just encrypt the attachment using the zip command in Terminal per techwarrior and send the encrypted file using normal e-mail.
Last edited:
Oh no!! I'm sorry sorry. But your well crafted reply was save worthy. I really apreciate it.
This made me chuckle but I registered to say that I appreciated your thoughts too. I use Protonmail along with their Bridge software on macOS so that I can use the native Mail app. I was previously a Google Mail user and it was part of a much wider effort to take control of my data and to pay a premium for privacy. However, as you say email traverses the internet in plain text - even when paying a premium to store it encrypted with services such as Protonmail. It does make it somewhat redundant if we assume that email is being monitored and potentially archived on routing choke points.
When it comes to renewal time, I may be tempted to just go with iCloud in the knowledge that Apple probably won't access my emails whereas we know Google definitely do.
The best webmail implementation of PGP I've ever seen is from an extension called Mailvelope. It is beautifully transparent and straightforward to use but even so it just isn't adopted by the mainstream.