César Ferradas

Securely sending email attachments

10 May 2020

Even if you use ProtonMail, Tutanota or another privacy-focused, end-to-end encrypted email provider, email is insecure by default. It’s a protocol invented when the internet was in its early days, and we’ve moved on a lot since then in terms of online threats.

However, we all need to use email to communicate and send sensitive documents over the internet. This is a security risk that I’ve been aware of for a while but never really figured out how I could avoid it until now.

The solution is to never send documents as email attachments. Instead, use a secure file sharing service which encrypts and protects the files you’re sharing and makes them available via a link. This gives you more control: instead of having the document reside in the recipient’s email provider servers forever, you can easily revoke the link you shared once the recipient has accessed the file.

Here are some secure file sharing services I recommend:

FileSend

A service by Standard Notes, the best open-source, end-to-end encrypted note taking app. I recommend this service as it’s open-source and you can verify that your data is being encrypted by looking at their source code.

Tresorit Send

I use Tresorit as my encrypted cloud storage provider, and recently discovered they have a feature to send documents securely. You can password-protect files and be notified via email when someone opens the files.

Firefox Send

Similar to Tresorit, you can password-protect and set expiration dates.