While email exchanges between Neomailbox users are secure by default, there are probably many people you need to correspond with who use free email services. So the question arises: how can you prevent the big free email companies from content scanning and data mining messages you send to your correspondents who use their services?
PGP, and unwieldy hacks
Usually the answer involves PGP, public and private keys, and a fairly high level of computer skills and motivation on the part of both the sender and the recipient of the message. In the absence of an easy way to send encrypted messages to people who don't use public key encryption systems, even the most privacy conscious of us often have no option other than to send plain-text messages to correspondents on GMail, Hotmail and other email services that are known to scan and data mine the contents of their users' email messages.
Some privacy-oriented email services provide the inconvenient and insecure workaround of storing the message on a server and requiring the recipient to visit a website and provide a passphrase to view it. However many people will just ignore any message that asks them to go to a website to read an email. As they rightly should, given the many risks of visiting unknown and untrusted sites from a link in an email message.
A better idea
Our new Encrypt to Anyone service provides a simple and secure alternative. Now you can send a plain text email from any device, put a passphrase on the top of it, and it will be delivered as a PDF file to the recipient, encrypted with 256-bit AES encryption. The recipient simply types in the passphrase (which you've communicated to them by some other means - phone, text message, in person) and can decrypt and read your message. Because the decryption happens on the recipient's own computer or mobile device, their privacy-invading email provider can't readily access the plain text of the message for their own nefarious purposes.
That's as simple as it gets. With no special software or skills needed on either side, you can send end-to-end strongly encrypted messages to anyone. While you do need an alternate method to communicate the passphrase to the message recipient, that is usually much easier to arrange than installing encryption software, managing keys, and so on.
How to use it
Sending an email using Encrypt to Anyone is exactly the same as sending a normal email message. Except for two small differences:
From the fourth line your actual message begins. Here's an example message correctly formatted to be sent to email@example.com.
Unicycle8692Watermelon firstname.lastname@example.org Hey... this is my message for you (and not for the surveillance scanners at GMail). Take care
That's all there is to it. Now all you need to do is let your message recipients know the passphrase to use to decrypt the message, in some other way than by email to the same address you sent the message to. Letting recipients know the passphrase by an alternate communications channel allows them to decrypt and read the message, while still keeping it private from their email service provider(s) and anyone who may be able to intercept or get access to the message.
Some things to be aware of
Note that you must send Encrypt to Anyone messages from your Neomailbox account. You can't send a message using Encrypt to Anyone from a non-Neomailbox account. That would compromise the end-to-end encryption of the message. Therefore the Encrypt To Anyone system only accepts messages sent from Neomailbox accounts.
Also note that if you and/or your recipient forget the passphrase for a message, you won't be able to decrypt it. So either keep a plaintext copy of the message in your Sent folder, or arrange to preserve the passphrase and also associate it with the correct message and/or recipient. Using random numbers as Subject: lines for these messages can help with this as well as with eliminating the leaking of information via the Subject: line, which is not encrypted by Encrypt to Anyone.
The Encrypt to Anyone system performs very basic validation of the recipient email address before attempting to send the encrypted message. If you send to an invalid email address that isn't detected by this first level check, your message will silently disappear into the ether with no error message back to you. So be careful to use the right email address (and only the bare email address -
Someone Somewhere <email@example.com> or variants).
Finally, remember that your message encryption is only as good as your passphrase, so choose one that's difficult to guess. Using a simple formula like in the example above (two random words and some random numbers) is an easy way to come up with memorable and secure passphrases.
The Encrypt to Anyone service is in beta testing. If you have any problems with it please contact us. Encrypt to Anyone is available for plain text messages in ASCII and Unicode only. Non-text messages and messages that contain attachments are not currently supported by the Encrypt to Anyone service.