Using common email providers like Gmail, Yahoo or Hotmail increases a journalist’s risk of exposure to hackers, simply because the security and privacy standards are not as strict. Keep in mind, the more users one provider has the more attractive it is for hackers to challenge their security standards. You can secure your email services by checking if your email provider has a
1) Secure Sockets Layer (SSL) or
2) Transport Layer Security (TLS).
Do not use mail providers that do not offer these services. SSL and TLS ensure your emails are encrypted as they ‘travel’ from one network to another. However, the email will be stored as a non-encrypted text file on both of the servers. This means that server administrators can access your emails, read them or change them.
For the encryption of the content of an email, ‘Pretty Good Privacy’ (PGP) offers a very secure solution. If you encrypt your emails via PGP, no one except the recipient can access it. The bad news is that it is not easy to install, and therefore not widely employed.
PGP is a cryptographic system generating two keys, one public and the other a private. The public key is needed to encrypt the email, the private key to decrypt it. The public key, as the name indicates, is accessible by everybody, whereas the private key is only owned by the user. If you want to send a PGP-encrypted email to another person, you need his public PGP key to encrypt the email. You get this key either from the recipient or from a public key server. The receiver can open it with his private key and its respective password. To use PGP, your email client has to support the service.
Recommended email clients are ‘Thunderbird’ or the popular ‘Microsoft Outlook’ that offers add-ons for PGP. If you want to use PGP with a different email client, like Gmail, try ‘Mailvelope’. However, be aware that with these common email providers, PGP cannot hide the sender, recipient or the subject of the email.
For more information about how PGP works, watch this video:
Another recommended email provider that offers an end-to-end encrypted service is ProtonMail. The service encrypts emails and user data at the client’s end before sending it to ProtonMail servers. The servers are located in data-secure Switzerland, the encryption techniques are a mix of SSL and PGP. The code is open-source.. The difference between ‘Thunderbird’ and the similar tool ‘Evolution’ is that ProtonMail is an actual email provider and not only a client.