Instructions for Sending Encrypted Email

Messages between people who are using Tufts email accounts, where both the sender and the recipient(s) are using @tufts.edu addresses, are already encrypted. This makes email between people using Tufts addresses more secure than regular email (e.g. Gmail) and allows students, faculty, and staff to safely share private information with each other when appropriate. It is always a good idea to limit the use of email for any sensitive information, and if email is used, to be sure to securely delete the email as soon as possible. See Securely Deleting Email.

But what if you need to send a secure message to someone outside of the University? Tufts Secure Email provides a safe and encrypted way to send sensitive and/or private data to people outside of Tufts. These are messages to non-Tufts email addresses (e.g. jumbo.smith@gmail.com, etc.). 

Recipients will receive an email with a link that they can click on to securely view your message and respond to it. An example of a secure message sent to a Gmail address is shown below. After clicking Read the message, the recipient may be asked to authenticate their identity by signing in to their email account again or by using a one-time passcode that is sent to their email address.

Options to verify identity in order to read a secure email

 

If you plan to collect sensitive information from non-Tufts people via email, please see the page on securely collecting sensitive information.

Tip: Let your recipients know ahead of time about this secure email so they don’t think it’s a phishing scam. Also, there is a brief delay between when the recipient receives the initial email and when the link is functional. If they click on the link and it doesn’t work, ask them to try again in a few minutes.

1. Open your Tufts email.

2. Start a new email message.

3. In the subject line, include the word “secure” in square brackets. Any capitalization will work. The subject line may contain other text as well.

  • e.g. [secure] Request for Information
  • e.g. Encrypted message [secure]
Draft email with secure in square brackets in subject line

4. In the body of the email, type your message. You may also include attachments if you wish.

5. In the body of the email, include the following instructions for the recipient. You can copy and paste these directions directly into your email.

 

-Start of Instructions for Recipient-

If you wish to reply, please reply using encrypted email. Since you do not have an @tufts.edu account, you need to follow these instructions, rather than simply sending an email directly from your account.

Follow these steps when this email is open:

  • Click Reply all toward the top right of the window.

    Reply All button

     

  •  If you do not wish to receive a copy of your reply, remove yourself from the Cc field.
     
Adjusting the Cc field to remove yourself as a copied recipient
  • Type your message in the body of the email window.
  • To add an attachment, click on Attach and select the file.

    Attach

     

  • Click Send.
     

    Send button

     

  • It’s recommended that you delete all emails you received and the email you sent as soon as possible. Be sure to empty the trash.

  • Be sure to store any documents with sensitive information securely.

-End of Instructions for Recipient-

 

6. Click Send

Note: If the recipient sees red or blue X icons in their browser, their email client is blocking images. These images are just the Tufts logo and the encrypted email symbol. They can display the images or ignore them without affecting their ability to read the message.

Question: My secure email recipient says that they haven’t received my message. What happened?

Answer: Ask them to check their Junk folder.

Question: Can the recipient forward the message?

Answer: Yes. If the non-Tufts recipient elects to forward the message to another recipient, it can be read.

Question: How long does an encrypted email remain available?

Answer: Currently, it will remain available indefinitely, but Tufts reserves the right to implement an expiration setting at some time in the future.

Question: Can the message be read on a smartphone?

Answer: Probably. Most smartphones can follow the link to the encrypted message. Most smartphones have trouble downloading the message as an attachment though. The recipient will probably have to download the attachment on a computer.