Exploring Canary Mail’s SecureSend and Other Privacy-Focused Features
I recently received an email from the bank filled with documents I was to save and store. The email had a link that took me to a secure portal where I had to create an account with a password. Once created, I could then log into the portal and download the documents. Finally, each document (all PDFs) were locked behind the same password I had created for the account.
The whole document delivery workflow seemed so secure, it was almost annoying. It took more than five minutes to simply download the documents to my Mac and required password creation and storage to ensure I can properly access those documents again in the future.
But then, if the bank feels it’s necessary to secure their documentation in this manner, there’s likely a strong reason behind their intentions.
Obviously, sending documents and other private information over general email comes with its share of risks. If unencrypted, there’s a chance prying eyes can find the email. If hacked, files you’re sending back and forth have a chance of falling into the wrong hands.
I’ve been working with Canary Mail over the last few weeks to better secure my email workflow. Canary recently debuted SecureSend, a smart encryption feature that secures your email and attached files. SecureSend also has revocation features, enabling you to revoke access to an email or attached files after a certain amount of time, or if the email security has been breached.
We previously looked at Canary Mail as part of our look at the best email apps for iPhone and iPad and Mac. Canary Mail of course made that list, but SecureSend is a new feature that may well put the app at the top of the list for those folks looking for a more secure way to send email.
How SecureSend Works
Canary has long had encryption features. In the past, you could manually encrypt your email via PGP. PGP would require your recipient to have encryption keys setup to read your encrypted email — a tedious, albeit secure workflow.
SecureSend is much simpler. When composing an email, you can toggle the SecureSend switch right in the composition window. Once toggled, Canary auto-encrypts your email.
On the other side, when your recipient receives a SecureSend email, there are two courses of action:
- If your recipient views your email in Canary, Canary will automatically decrypt the SecureSend email and your recipient can read the email right within the Canary app.
- If your recipient does not have Canary installed, the email will provide a link to a secure portal in a web browser. Once you work through the magic URL Canary sends to securely view the email, the email will be decrypted and read in the browser. You can also access the attached files in that SecureSend browser portal and download them to your computer directly.
SecureSend has a few additional features worth noting:
- You can revoke access to a sent email any time after the email is sent. So if your recipient has downloaded and received the documents in the SecureSend email, you can revoke the email and ensure those sensitive documents don’t live online, waiting for prying eyes.
- SecureSend is HIPAA compliant and you can request a BAA for your organization.
In short, SecureSend is an easy to use secure method of email delivery that can be turned on with the flick of a toggle and can be used to send email to any recipient. Security is at its best when it’s easy to implement.
Two Anecdotes About SecureSend
Canary’s SecureSend feature is easy to use and secure for both sender and receiver, but how is it in real life?
Security in email is likely subject to the lowest common denominator in the email thread. Put another way: If your recipient isn’t using a secure email client of their own, security features are often lost.
Canary nicely steps outside this issue by sending SecureSend emails to a browser. When you receive a SecureSend email, you click the link to view in the browser and you enter your email again to receive a second link that opens the secure portal.
This is both good and bad.
First, if your email is compromised, the hacker can simply receive the second email with the second URL and jump into the secure portal. The second email isn’t the most secure method for two-factor authentication. Obviously, there are difficulties in providing SecureSend accessibility to all users — not just Canary users — so two-factor authentication via a phone number would be almost impossible. Either way, this is a bit of a hiccup in the SecureSend workflow.
Second, I had trouble accessing SecureSend emails in the browser on my iPhone. I would input my email address for the second email and the SecureSend workflow would just continue in circles, asking me for my email address over and over. Completing the SecureSend workflow on the Mac worked on the first try. So whether there was some user error when viewing a SecureSend email on the iPhone or if I have some privacy settings set for Safari that causes SecureSend to go into circles, I’m unsure.
But if SecureSend has these hiccups, it deserves big praise for how easy it is to view a secure email in the browser on the recipient side. When you receive the SecureSend email, it’s clear that the sender sent the email with security in mind, and the two-step process in the browser is relatively easy for anyone to pick up and use. By moving the secure portal into a browser, at least some security is added to the entire email workflow for sender and recipient, and I applaud the Canary team for making it so easy to access that boosted security.
All in all, SecureSend is a net positive in my book. Despite some inherent issues when working with automatic encryption and providing accessibility to all recipients (rather than just those with your manual PGP encryption key), SecureSend adds some security to the email workflow.
Putting the secure portal into the browser ensures anyone can access your securely sent email and can download any attachments you’ve included with the email. And SecureSend’s other features — like the ability to revoke access to sensitive emails — are bits of sprinkles on the cake.
There are of course a range of other features inside Canary that make it an excellent email client. I especially like the ease of determining if your emails have been read by your recipients. I also love the fourth panel on the far right side of Canary for Mac, which shows various details about your recipient and any prior files they’ve shared with you.
Canary is available on iPhone, iPad, and the Mac. You can purchase Canary for iPhone and iPad for $20 and you can purchase Canary for Mac for $20 each after a 30-day trial.