Using Email Securely

General tips

Using BCC: When writing to a number of people use the BCC (blind carbon copy) field to send the email rather than To or CC fields. This ensures that no recipient knows who else has received the mail. Unless you have the permission of everyone on the your list to share their address with the other people, use BCC keep it secret. If you need the features of a mailing list, use one.

Issues with corporate email providers: There are two key issues with a commercial webmail provider (such as Google, Hotmail or Hushmail).

  1. They log usage and hand over your communications to the authorities on demand.
  2. They reserve the right to terminate your account as they see fit, effectively terminating a digital identity that you may have invested a lot of time in.

So when using email for your activism, consider choosing a provider you can trust, such as  Riseup, Aktivix or Autistici. See the section on getting an independent email.

Overview of more secure Email

Here is a really quick summary of our advice about making your email more secure.

  • Install Thunderbird on your computer and  learn how to use security settings
  • Install Enigmail and learn how to send messages with PGP encryption

unencrypted mail

Install Thunderbird on your computer

Having virtually unlimited onine mail storage is an appear to those of us with chaotic lives. However, we would also reccomend that you also install a main client on your computer. There are a few reason fo rthis.

  • It makes it easier to send encrypted messges (see below)
  • You can archive your emails offilne which is generally better for security
  • You read and compose draft messages even when you are offline
  • You can read email from mulitple accounts in one place

Mozilla Thunderbird is a feature-rich, reliable, and secure tool for managing your email. It's free and open source and it comes from the folks at Mozilla, the people who created the Firefox web browser. Thunderbird has been around since 2004, and is used by many people around the world. Best of all, it runs on Windows, Mac OS X, and Linux. You can connect to many email services with it, (including Gmail and Hotmail ) Finally, Mozilla regularly releases new versions of the software that keep Thunderbird secure and up to date.

Secure your email with GPG and Enigmail for Thunderbird

If you are concerned about privacy but not using a secure webmail service, or are communicating with someone who is not, or want an addition of level of personal security, you will want to encrypt your email. Encryption is the process of taking a plain text message and converting into something that looks like gobbledygook, which at the other end can be decrypted and the original message restored.

The Free Software tool of choice for this is called GPG, the GNU Privacy Guard.  Most people, even well rounded techies, find GPG tricky to get their heads around.  Give yourself time to look at this - and it may take some time - but it is worth it. It is worth attending a hands on workshop to get some guidance.

GPG encryption uses pairs of numbers we refer to as key pairs. GPG will help you generate your key pair, comprised of a public key and a private one. You need to give your public key to anyone you wish to have encrypted communication with.

Your private key you will keep absolutely secret and never ever reveal to anyone ever, as it is used to decrypt email sent to you. It is so very secret that it needs protecting with a passphrase, which is basically a very long password.

GPG helps because by encrypting the email using the recipients' public keys, the sender can be assured that only the authorised recipients will be able to read it (privacy).  If the email is signed by the sender's GPG key, the recipient can be assured of the identity of the sender (authenticity). 

Hand On Instructions Enigmail and Thunderbird

Step by step instructions about setting up and using GPG with the popular Thunderbird email client can be found in the book Basic Internet Security. There is also a full manual for using Enigmail here.

What Next?

  • Try to set up an email account with or similar
  • Encourage your contacts to set up secure Email accounts
  • Install Thunderbird and migrate your contacts there
  • Try out using GPG encryption