Once, a long time ago, if you wanted to send an important document, you would do that through a postal service. Today, the postal service is far from its heyday thanks in large part to email and file-sharing services like Google Docs, Dropbox, etc. In fact, according to one report from 2010, there were 59 million fewer visits to the post office than there were in 2009. However, there are still people who continue to send and receive their mail the “traditional way” in 2021. Why? One reason is that they see the postal service as safer than email messages to send secure documents, at least paper ones. Is this really the case or is it more secure to send such documents via an email message? We’ll try to answer the big question “What is the safest method to send sensitive documents” in this article. Postal service or email service?
Why Email Messages May Not be Safe for Sending Sensitive Documents?
First, let’s answer an obvious question. Why email is not the best way to send sensitive documents? When we’re talking about email in this context, we are talking about popular, free email services like Gmail, Yahoo, or Outlook. It’s true, this is not the safest way to send a sensitive document to someone. There are a few reasons for this. The biggest is the fact that the recipient’s connection may not be secure. If they are using an unencrypted HTTP instead of the HTTPS Internet connection, it’s easy for a hacker to perform a man-in-the-middle attack (MitM), spy on your communication, and even commit identity theft.
What About Mail or Hand Delivery?
Mail and especially hand delivery (via courier) are still considered the two best options by many to send sensitive documents, at least when it comes to paper copies. The fact that it’s illegal in the United States and many other countries to open someone else’s mail is also a good deterrent against potential criminals. Of course, it’s not all that perfect. Sending a document via mail or by hand delivery is considered slow today. Simply put, our notions of “fast” and “slow” have changed a lot as the Internet evolved and most people are not willing to wait two or three days to get an important file like would be the case with the postal service.
What Email Encryption Method is the Best to Send Secure Documents to Your Recipient?
So both regular email and postal service/hand delivery have their upsides, but also some downsides that don’t let us recommend them fully when you need to send a sensitive document. With email, the problem lies mostly in the security of the network the recipient is using. If it’s not encrypted, the message or data that goes through will have some security vulnerabilities. On the other hand, postal service and hand delivery are usually slow and may often take a couple of days, plus they only work with paper documents. For electronic documents, which are used more often today, you can’t use these. However, email has an ace in its sleeve and it’s called encryption. What is email encryption and how encryption keys work? Email encryption involves protecting potentially sensitive information by encrypting, or otherwise disguising the contents of email messages and attachments so that none but the intended recipient can read them. Typically, email encryption uses PKI, or public key infrastructure to protect email messages and the data within them. This means that email providers use a combination of a public key and a private key. The public key is used to encrypt the data (turn plaintext into ciphertext) and it’s publicly available. On the other hand, the private key is used to decrypt the data. The private key should be only known to the recipient. This is also called “asymmetric encryption” and is used in most email encryption methods, including PGP (pretty good privacy) and S/MIME (secure multipurpose internet mail extensions) encryption.
PGP and S/MIME Encryption Explained
PGP and S/MIME encryption are somewhat similar in that both use public key cryptography, but there are a few differences. For instance, PGP is primarily designed to process plain text, while S/MIMe encryption can process other multimedia files other than email. Also, PGP relies on the users exchanging their keys, while the requires a valid MIME certificate and a digital signature, which you can get from MIME certificate authorities (CA)The biggest problem with S/MIME lies in CA and it’s twofold. On one side, you need to find a MIME certificate authority that you can trust. On the other, your certificate will expire usually after a year. Once that happens and the certificate is lost, you won’t be able to decrypt messages that you’ve encrypted using its key.PGP also has some issues, mainly that it might be too complex for some users. However, there are today more and more secure email providers that use PGP by default instead of having to install a 3rd party PGP software like with popular email services. In both cases, PGP and S/MIME, the best security practice is to avoid using them with webmail because you need to keep the private key away from the webmail’s server. For example, Pistorius encrypts all your email messages by using 4096-bit RSA encryption using the OpenPGP standard on the client side. All messages are encrypted using the recipient’s public key before they are sent to the server.