How to Send a Secure Email Attachment

April 2, 2019

10:00-11:00AM PST

If you are interested in sending a secure email attachment, you’ll need to encrypt your email message. One of the easiest ways to do so is by sending your attachment through Trustifi. Sending a secure email attachment in gmail or other means can often be a challenging process for the sender. Once the recipient receives the email, opening that secured email attachment can be an even more difficult process. We'll show you the best practices on how to properly send secure email attachments during your email communications to prevent hackers from compromising your data.

In this article, we’ll breakdown how to send a secure email attachment so the sensitive information such as banking details and customer data can't be read by third parties, which is important when sending a secure email. We’ll explore what options there are for sending secure email attachments, how they function, and what the strengths and drawbacks of those options are. Trustifi isn’t the only way to send a secure email attachment, but it is the most seamless method available. We’ll look at why that is, and what the process for sending and opening a secured email attachment within Trustifi looks like. You'll learn how to send encrypted files over email to protect your documents and confidential information.

What is A Secure Email Attachment?

A secure email attachment is another way of saying an encrypted email attachment. You might have heard of message encryption before, but don’t understand exactly what it is or how it functions in regards to email. If so you aren’t alone! Encryption is an incredibly complex topic that we will only scrape the surface of.

In order to send an attachment or file securely over email, you’ll need to encrypt it using an S/MIME certificate (Secure/Multipurpose Internet Mail Extensions). This is because you need security in two areas. The first is when email is transmitted to its destination or its recipients. The second is once an email arrives at its destination. In order to understand how encryption aids in both of these aspects of securing your emails and attachments, let’s take a deeper look at what encryption is and how it works.

What is Encryption?

In the simplest terms, encryption is the process of taking data in a file attachment or email and scrambling it so that it is unreadable. In order to read or access the data in an encrypted secure message, you will need an encryption key. Keys are used to both encrypt and decrypt data. There are currently two broad categories of message encryption used for the purposes of an email server. The first is public-key encryption which is the most common form of encryption you will run into. The second is symmetric-key encryption, which is less common in the public sphere and more common in the private and governmental sector.

Public-Key Encryption

Public-key encryption requires the use of two sets of keys. One key is publicly available. The other key is private and is only shared between the sender and recipient. Public-key encryption relies on third-party trusted entities that are responsible for validating an organization or individual. They utilize protocols like S/MIME encryption. So, how does this all work together?

In essence, the sender and recipient both need to know the public key of the other party. The sender will usually send their private key prior to sending the encrypted email message, or in some cases along with it. This private key is often in the form of a digital signature (which is also known as digital ID or digital certificate), which is validated by an external Certificate Authority. An example of a Certificate Authority that you may have seen before is the company DocuSign.

The sender finds the public key of the recipient, encrypts the message, and sends it along with their digital signature if it hasn’t already been sent. The recipient verifies the authenticity of the sender by comparing the private and public key. Depending on the email client, much of the work is done on the back-end provided the private key has already been received and the public key is already known. This is a standard procedure in email security.

Symmetric-Key Encryption

Symmetric-key encryption is the other type of email encryption method you might run into, whether you use Gmail from G Suite or Microsoft Office. The most robust of this type of encryption is Advanced Encryption Techniques (AES) 256 bit, but there are other types of symmetric-key encryption methods available. The process for sending and receiving symmetric-key encrypted emails is relatively simple. Prior to sending an encrypted email, the sender must share the key with the recipient. This key is the only way to decrypt the email. The same key is used to encrypt and decrypt the email.

How Secure is Encryption?

Encryption scrambles the contents of a message so that only the sender and recipient can open the message. But how reliable is encryption? The fact is, encryption is incredibly powerful. You might be wondering whether the security of encryption comes down to computing power alone. While older, outdated methods of encryption can be broken by a brute-force attack given a certain level of resources and time, today’s highest levels of encryption will continue to be secure in the future. Given current computing power, there is no feasible way that a malicious actor can access the contents of a message encrypted with AES 256 bit or an equivalent encryption standard.

What Are The Advantages of Encrypting Email Attachments?

If you have never encrypted your emails or file attachments, you might be wondering why you should bother. The fact is, most people underestimate the level of threat facing them and overestimate the security of their personal or business email. The threat landscape facing both individuals and organizations is rapidly expanding. Cyber threat actors, such as those who take advantage of security vulnerabilities via phishing attacks, are becoming more numerous, while the tools they deploy are becoming more advanced and easier to access. That's why using email encryption software is so important to make sure that your messages and documents will be safe.

Most people assume that their personal or business email address is already secured. The assumption is that the transportation of the email from source to destination occurs across a secured channel. Although some email services like Gmail or Microsoft Outlook offer Transport Layer Security (TLS) and confidential mode to protect emails in-transit, this only applies if the destination email service utilizes TLS as well. Additionally, this only protects the email while it is on its way to the destination.

So, if you are transmitting sensitive data or information across email, how can you be sure that it won’t be intercepted along the way? On top of this, how can you be sure that once it arrives at its destination the intended recipient is the one opening it? In addition, the mail server itself can be intercepted too. While an increasing number of email providers are offering 2-factor authentication for their service, the problem is that the adoption of 2-factor authentication is still slow.

Encryption offers a means of securing an email while it is in-transit and ensuring that the intended recipient is the one opening it. In this way, encryption is the best method of protecting privacy and preventing data breaches while also offering a method of authenticating the sender or recipient and helps you remain compliant with the data protection laws.

Sending a Secure Email Attachment Or File The Standard Way

In order to send a secure email attachment, you’ll have to go through a somewhat complex process. We’ll break down the steps of this process in broad terms, but understand that each specific email provider has different encryption capabilities that may require additional steps.

  • Obtain a digital certificate or signature.
  • Obtain the public key of the recipient.
  • Encrypt your email with the attachment.
  • Send your email with either your digital signature attached or send your digital signature in a prior email.
  • The recipient must have both your digital signature (private key) and public key.
  • Using both of these the recipient can authenticate the sender, decrypt the email, and download the attachment.

Here's How To Send a Secure Email Attachment Or File With Trustifi

As you’ll notice, sending a secure email attachment through a standard method can be an enormous hassle. Once the process has been done a few times between a sender and recipient it becomes easier, but the initial process of each party exchanging private and public keys can present complications.

In contrast to the standard method of sending secure email messages and attachments, Trustifi simplifies and streamlines the process for both the sender and recipient.

Here’s how sending a secure email attachment:

  • Generate an email.
  • Open the Trustifi extension pane and select the security options desired.
  • Send the email with the attachment.
  • The recipient opens the email, which redirects to a 2-factor authentication page.
  • 2-factor authentication occurs with either a code or password sent to the recipient’s phone via text message or a code that was already shared between sender and recipient.
  • The recipient opens the attachment. If needed, the recipient can send an encrypted reply directly from the same page.

Closing Thoughts On Sending Encrypted Files Over Email

In the end, sending and receiving secure email messages and attachments is not as intuitive or straightforward as it should be without using a third-party resource like Trustifi. Sending a secure mail attachment or file through standard encryption methods incorporated into your preferred email client can be a hassle to set up. It requires coordination between the sender and recipient prior to the secured email being sent. While this type of approach can work for specific needs, it is difficult to incorporate into normal business operations.

With Trustifi - trusted by the most popular email clients, sending secure mail attachments and files is simple for both the sender and recipient. An added advantage is that the recipient doesn’t have to be a user of Trustifi to access the encrypted email. They must simply complete the two-factor authentication process, which gives them access to the content of the email and gives them the option to reply with an encrypted message of their own. Moreover, you can even revoke access to both the message text and the files after sending the email. If you have struggled to send secure attachments in the past, adopt Trustifi for all of your secure email needs.


Orman, Hilarie. “Introduction: What Is Secure Email?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 1–7. Cham: Springer International Publishing, 2015.

Orman, Hilarie. “How Does Secure Email Work?” In Encrypted Email: The History and Technology of Message Privacy, edited by Hilarie Orman, 33–57. Cham: Springer International Publishing, 2015.

Try Trustifi Today


See if Trustifi Is Right for Your Organization