Encrypted Email Frequently Asked Questions
Identifying a malicious or phishing email on time is important to protect your email and its data.
The process of reporting a phishing or otherwise suspicious email largely depends on the email service you are using.
To report a suspicious email on Gmail, for example, open the email in question, click on the three dots on the right and select “Report phishing” from the list.
A pop-up window will appear. If you believe the email is a phishing attack proceed by clicking the “Report Phishing Message” button.
If you’re using an encrypted email like CTemplar, you can set up an anti-phishing phrase that will allow you to link a custom word or phrase to your account. That way a missing or incorrect anti-phishing phrase will alert you that someone is trying to steal credentials.
Email encryption allows the user to disguise the content of their email message in order to prevent anyone but the intended recipient from reading it.
There are three main types or methods of email encryption available:
1. PGP or Pretty Good Privacy (including OpenPGP) is a type of encryption that relies on a pair of asymmetric keys, public and private. Here, the original message is first converted into ciphertext using a public key, but in order to read the message, the recipient needs to have a private key.
2. S/MIME also uses asymmetric keys like PGP, to digitally sign, encrypt and decrypt an email. The biggest difference here is that while PGP relies on the sender and recipient exchanging keys, S/MIME relies on certificates.
3. TLS/SSL encryption is an application-layer protocol that enables the communication between two computers or devices to be encrypted. The two sides “exchange handshakes” which allow the server to verify the client’s identity by sending it a certificate and letting the client know they are trusted by the user’s software.
TLS or Transport Layer Security email encryption protects email data “in transit” (meaning as they travel between the sender and recipient) and ensures the client-server integrity.
There are three components of TLS email encryption:
TLS connection first goes through a “handshake”. This creates a set of algorithms (a “cipher suite”) that specify the encryption to be used for that session. Following this, the server uses public keys to authenticate itself with the client. Finally, the data integrity is ensured by signing it with a MAC or Message Authentication Code, finishing the TLS encryption process.
Email encryption basically transforms data on its way from the sender to the recipient into ciphertext and prevents someone without authorization to read it.
This can be achieved on the transport layer, using TLS, or at the end-to-end, using PGP, GPG, or S/MIME.
On the transport layer, the email is encrypted “in transit”, meaning as it travels from point A to point B (sender to recipient), while with the end-to-end, the data is encrypted and decrypted at the endpoints (sender and recipient).
Depending on the type, email encryption either needs to be set up by the user (PGP), or using a certificate client (TLS).
An email name, a display name, or a sender name, is the name that will be displayed to the person receiving your email.
This should not be confused with the username, which cannot be changed.
For instance, your username is email@example.com, but your email name is Frank.
The process of changing your email name is similar for most email services. If you are using Gmail, for example, go to:
Settings > See all settings > Accounts and Import > Send mail as > Edit info > And under “Name” specify the name you want to be displayed on your emails.
On CTemplar go to:
Settings > Signature and aliases > Display name.
To create an anonymous email you first need to find an email provider that allows you to sign up without any information that can be used to identify you like real name, address, SMS verification, 2nd email verification, IP address or credit card.
A good example of an anonymous email is CTemplar. With CTemplar you can sign completely anonymously using a free or paid account. CTemplar does not record, monitor, store, log or share any data you submit on signing up, including your IP address.
In addition, thanks to Zero-knowledge password protection, only the email owner knows his or her private keys and password. This information is kept hidden (encrypted) to even the provider.
To create anonymous email use an anonymous email service that won’t ask you for any potentially identifiable information.
For instance, Gmail will require you to verify your SMS number, which can be used to track you.
On the other hand, a fully-anonymous and encrypted email service like CTemplar will allow you to sign up without requiring any such information on your part.
To create anonymous email with CTemplar, simply visit CTemplar, go to Sign Up, select a plan and on the Creat Your Account choose your username and password. Your username can be anything you want and your password will be protected by Zero-knowledge proof, meaning even CTemplar won’t know it.
If you need to email secure documents, there are three ways you can go with:
1. Encrypt the entire email using an encrypted email service. Make sure to find one with a strong encryption level, that won’t show your IP and will keep your data and logs for the least amount possible.
2. Encrypt the attachment itself. In particular, you can use the .zip standard with either 7-zip or WinZip. 7-zip uses AES-256 and WinZip uses legacy Zip 2.0 and AES (not supported by Windows). To encrypt an attachment: Launch the .zip program > Locate the file you want to encrypt (in the file manager) >Highlight it and click Add > In the drop-down menu change Archive Format to Zip > In the Encryption Method choose AES-256 > Type your password > Ok.
3. Password-protect the file. Create a file (for example Word) > Click Save As > Select Info > Next to Permissions select Protect Document > Select Encrypt with Password > Type your password in the new window > Click Ok.
If you are using G Suite (this is not available for regular Gmail), you can enable S/MIME by signing in to your Admin console and then Apps > G Suite > Gmail > User settings > Selecting domain you want to configure (under Organizations) > Scrolling to find S/MIME > Enable S/MIME > Save.
Another way to encrypt an email is to use an end-to-end encryption service that uses OpenPGP that is either compatible to set up with the email you are already using or is a stand-alone E2EE like CTemplar, Protonmail or Tutanota. These will allows you to encrypt your emails automatically, without having to set encryption up first.
If you need an anonymous email, you should first make sure that web browsers are not able to track you by IP address. This will either require using a VPN service or a Tor Browser.
Once you do that, find an anonymous email service that will allow you to sign up without asking for information that can identify you like SMS or a second email verification.
It’s also important that you find a provider that doesn’t store, monitor, log or share your data and has Zero-knowledge protection for your private key and password.
If you need to create an anonymous email that can’t be traced back to you, you will first need to create an anonymous email account. You cannot be fully anonymous with standard email services like Gmail, Yahoo or Outlook as they collect data like IPs and require phone verification.
To create a 100% anonymous email, you can visit an email service like CTemplar. Here are the steps to create an anonymous and secure email there:
1. Go to CTemplar.com
2. Click Pricing or Sign Up
3. Select a Plan. CTemplar offers five types of plans, including a Free plan and four paid plans (Prime, Knight, Marshall and Champion).
4. Next, in Create Your Account type your username and password. Your username can be anything you want and doesn’t have to be your name. You are also the only one who will know your password as it will be protected with Zero-knowledge. You can also provide an optional recovery email in case you forget your password.
5. If you’re choosing a Free Plan, type your invitation code (you can get one from someone with a paid CTemplar plan, by contacting CTemplar on social media, or by contacting them on email firstname.lastname@example.org.
6. Click Create Account.
An email signature is a piece of text that is added to the end of your email message as a footer. This can give your recipients more information about you and your company, links to your social media pages, phone number, a favorite quote, or a simple sign off message like “Kind regards”.
To make an email signature with email like CTemplar:
1. Log on to your CTemplar email account
2. Go to Settings
3. Click Signature & aliases
4. In the box next to Signature type the text you want your emails to end with.
Here are 7 tips you can use to secure your email from hackers:
1. Use a strong password. Avoid short passwords or passwords like “1234567”.
2. Don’t click on any links or download attachments that seem even a bit suspicious.
3. Use 2FA (two-factor authentication).
4. Avoid using public Wi-Fi to sign up to your email.
5. Make sure your antivirus protection is up to date.
6. Forward your emails only when that is really necessary.
7. Encrypt your email. By far, the best way to secure your email is to encrypt it with a strong encryption like PGP. If you are using regular email like Gmail you will need a third-party service like Mailvelope. However, a much easier way to send secure email is to use an encrypted email service like CTemplar where you don’t have to set up encryption yourself.
There are three basic options to send an anonymous email to someone:
1. Create a new Gmail, Yahoo or Outlook account and use a fake name. The problem with this method is that you will still have to provide a phone number for verification and you can still be traced via your IP address. Still, if the other side is not looking very hard, this can still work.
2. Use a one-time “burner” anonymous email service like TrashMail. With this, your emails self-destroy after a certain period of time and they don’t have an account it would link to.
3. Use an encrypted email service like CTemplar. While “burner” emails are okay if you need to send just one email, if you regularly need to send emails that won’t be traced back to you, you can use CTemplar. With CTemplar your emails are encrypted at rest and at transit and your email body, subject (on paid plans) and attachments will all be encrypted so only you and the recipient can read them.
If you need to send an email to someone that contains personally identifiable information, or otherwise sensitive or proprietary information, you need to know how to send a secure email.
The best and safest way to do this is to use a secure end-to-end email service like CTemplar. With CTemplar you don’t have to configure PGP yourself or use a plugin like you would with Gmail.
Instead, you can create a secure email account that won’t be tracked back to you.
To send a secure email with CTemplar:
1. Click Compose.
2. Write your message.
3. If you are sending an email to another CTemplar user, your email will automatically be encrypted. If it’s to a non-CTemplar user, click on the envelope icon at the bottom labeled “Encryption for Non-CTemplar Users”.
4. Type and confirm your Message Password, Password Hint, select an Expiration Time and click Confirm.
5. Click Send
When sending secure email attachments, you can:
1. Encrypt the entire email
For example, CTemplar encrypts attachments for all plans. For this though, both the sender and the recipient would need to use the end-to-end encrypted email service.
2. Encrypt the attachment
Another option, if one or both users are not using E2EE is to encrypt the attachment itself using the .zip standard.
To do this:
-Launch the .zip program (WinZip or 7-zip)
-Locate the file you want to encrypt
-Highlight it and click “Add”
-In the “Add to Archive” window in the drop-down menu click on the “Archive Format” and change that to “Zip”
-Select the encryption method (for example AES-256)
-Enter your password
3. Secure the document with a password
Finally, if you’re sending .doc attachments you can password protect them directly by:
-Creating a file
-Click “Save As” in the “File” menu
-In the drop-down menu in “File” click “Info”
-Next to “Permissions” select the “Encrypt with Password” option
-Type your password in the next window
If you want to send an anonymous email, there are three options:
1. Create a new Gmail, Yahoo or Microsoft Outlook account using a fake name. Keep in mind that these email services can still track your IP and also require a phone verification code which will lead back to you.
2. Use a “burner” email. With a burner email account you can send or receive emails while staying anonymous. The account will expire after a certain period of time, so this is not a long term solution.
3. Create an encrypted email account. The best way to send anonymous email is to send it through an end-to-end encrypted email provider like CTemplar or Tutanota. Simply visit CTemplar.com, go to Pricing and select the account type.
From here you can create an account using whatever name you want and start sending anonymous emails without worrying that someone will learn your identity.
To encrypt a Gmail email with PGP you will need to use a Chrome extension like Mailvelope.
1. Install the extension from the Google Store
Open the “Options” menu
2. Click “Generate Key” and type in your name, email, and password
3. Upload the public key you just created to a keyserver like MIT by 4. going to Navigate Keys>Export>>Copy to clipboard
5. Go to MIT PGP Keyserver and paste the key in the “Submit a Key” field.
6. Now people will be able to find your public key on the homepage there.
Keep in mind that both sides have to enable encryption for it to work.
To send anonymous email:
1. Go to CTemplar.com
2. Click on Pricing or on the Sign Up icon
3. Select the account type you want to use
4. Create an account using a fake name. CTemplar also doesn’t log your IP or require SMS verification so this can’t be used to track you
5. Start composing anonymous emails.
CTemplar allows you to stay fully anonymous when sending emails as it doesn’t track your IP or store any information that can lead back to you.
One option to send anonymous email without being traced is to create a Gmail or Yahoo account under a fake name in combination with a VPN (Virtual Private network) service which will mask your IP address.
Essentially, what a VPN does is that it tunnels your Internet traffic through a VPN server under a different IP address.
The best option to send anonymous email is to use an email provider that does not keep your IP stored. CTemplar for instance strips your IP address from all logs and metadata, which makes email untraceable to you.
To send a secure email attachment in Gmail:
1. Log in to your Gmail account.
2. Click Compose to start a new message
3. At the bottom of the New Message window click on the lock/clock icon to turn on Confidential Mode
4. In the next pop-up window set the expiration date for your emails and an SMS passcode (the passcode is optional and will be generated by Google.
To set up email forwarding in Gmail follow these steps:
1. Login to your Gmail account.
2. Click the gear icon on the top-right of your Gmail screen to go to Settings.
3. Click on See all settings
4. Select the Forwarding and POP/IMAP tab
5. Next to Forwarding: click on the Add a forwarding address button.
6. In the pop-up window type in the email address that you want to forward to. For example, I’ll use my CTemplar account as a forwarding email.
7. Click Next.
8. In the next window select Proceed.
9. Now go to the inbox of your forwarding email account. You should have received a message from Gmail Team about successfully setting up forwarding from your Gmail address. It will look like this:
10. Click on the link to confirm your request. If you can’t click on the link, highlight and right-click it and then select Go to Address.
11. A new confirmation window will open. Click the Confirm button here.
12. You’ll receive a Confirmation Success! message informing you that you can now forward your Gmail mail to a new email address.