Secure Email Communication: a Checklist with 7 Criteria

Ever since the NSA affair and Edward Snowden, users have been asking themselves more and more frequently how secure their emails are. Essentially, this refers to email communication. The focus here is on the security standards of email mailbox providers and their security measures in terms of data protection and encryption.

In this blog post we’ll give you a list of tips and criteria to keep in mind. The more criteria from the checklist your email provider’s mailbox meets, the more secure your emails and your email communication will be.

7 factors to help you evaluate the security of your email account

Encryption 1: End-to-end

End-to-end encryption is an important factor for a secure email. This means that the content of the email messages is always transferred in encrypted form across all transmission stages. Intercepting the message including its content becomes useless since only the communication partners at the respective endpoints of the chain have the key to read the message. With SSL or TLS there is usually a high standard of encryption. If your mail provider offers those, your emails will have roughly the same security standard as online banking as they will require two keys, private and public, to get decrypted and read.

Encryption 2: Perfect Forward Secrecy

Some providers even go one step further in the encryption of email communication and offer a special email encryption bonus: Perfect Forward Secrecy.

With Perfect Forward Secrecy, your email messages are re-encrypted with every send and data traffic. This enormously increases email security since data, even if it was recorded by the state or secret services, for example, cannot be decrypted later. In comparison to end-to-end encryption, Perfect Forward Secrecy has no one else with a matching key.

secure email

Data query: What your email provider wants to know about you

Your email service provider should not force you to reveal your real name, phone number or similar when you create your account. The only mandatory fields you should provide when signing up for your email are:

  • The email address you wish to get including the most secure password possible for your account.
  • A checkbox, with which you confirm that you have read the terms and conditions on data protection, as well as other terms and conditions of use.

Disclosing your gender, name, address, place of birth, date of birth, contact details, account number etc. should always be on a voluntary basis. The less your provider wants to know about you and the more anonymous you are, the better. The less data your email provider has about you on their server, the less they can pass on in case of an attack. This way your privacy is better protected.

Due to the strict EU data protection regulations, “made in Germany” is also a good seal of approval for e-mail providers.

Data control: what information is stored on external servers

The contents of all emails is stored on the servers of your provider. As a rule, this data is well protected against hacker attacks and the like. But what exactly does the email provider do with all this data?

Some providers offer the option to simply delete this data from their servers. With some providers you can even delete mailboxes automatically and choose the deletion interval freely. Emails that you want to keep are then placed in a secure folder within your mailbox or – also possible – you can save these mails locally, e.g. on a hard drive encrypted with TrueCrypt.

Powered by ads or paid email?

Although it somehow sounds self-evident, it still hasn’t reached all users and customers: email providers are companies and they don’t give away free email for charity. As a user you always pay for them with your data. Sometimes this information is also resold or made available to advertisers to help them create personalized ads and offers. Users of free email accounts should have no illusions about this and prefer to invest a few dollars a month or a year. As a rule, you will also get a mailbox with considerably more GB of free storage for these few dollars than in the free version from the same provider.

Payment processing

But even if you use a paid mailbox, paying is not as simple as paying. The more anonymously you can pay monthly, the less (bank) data you give away. If possible, you should choose to use PayPal rather than credit card, direct debit or online bank transfer. There even are email providers to whom you can also send the fee for a certain email account each month by mail. This sounds very far-fetched but is unbeatable when it comes to protecting your privacy.

Two-factor authentication

What is now mandatory for online banking is also gradually becoming possible for email accounts and email addresses: two-factor authentication. Two-factor authentication means that in addition to entering a password, you must also enter a cell phone number or install an app, for example. To access the mailbox, you must then enter a security code, which you will receive by SMS or retrieve via the installed smartphone app. The-factor authentication offers an additional step in security, but is still uncommon for email addresses because it makes access more difficult.

All-round online security

As shown, the security of your emails is strongly dependent on the business model of your email provider or how good their encryption protocols and security mechanisms are.

But online security or email communication security means more: it also includes protection against malware, spam, phishing, dangerous links and email attachments. In this case, you can rely on Cyber Shield, a virtual sandbox that creates a completely secure online working environment. In this environment, you can open even the most dangerous email attachments with confidence.