Sending encrypted email

Sending encrypted email to someone who uses Hushmail

To send an encrypted email, sign in to our website or open our Hushmail for iPhone app, click the Compose button and type your message. When you’re ready to send it, make sure the Encrypted checkbox is selected. If you are sending to someone who uses Hushmail, the checkbox will be checked automatically and you can simply click the Send button.

Sending encrypted email to someone who doesn’t use Hushmail

When you send an encrypted email to someone who doesn’t use Hushmail, they will read it on a secure web page. The email will be available to them for 2 weeks.


The first time you send an encrypted email to someone who doesn’t use Hushmail, you have the option to add a security question, but you don’t have to. The recipient will receive a notification in their inbox saying they have a secure email from you, but after they click the link to see your message, they are prompted to create a passphrase, which they will be able to use to access any future encrypted emails you send them.

The first time you send someone an encrypted email, you may want to include the security question as an added layer of protection and to ensure you’re emailing the right address. But after they create a passphrase, all you’ll have to do is check the Encrypted checkbox.

If you use a third-party email app, such as Mac Mail or Outlook, to email someone who doesn't use Hushmail, it's sent as a regular email. To ensure you are adding an extra layer of security, use our webmail or Hushmail for iPhone app and check the Encrypted checkbox.

How to create effective security questions

Make sure only the intended recipient can correctly answer your security question, by asking questions only he or she will know the answer to. For example, “Where did we last meet?” or “What is your patient ID number?” General knowledge questions that anyone can answer, such as “What is 2 + 2?”, are not recommended. Answers are not case sensitive. Spaces, periods, commas and hyphens are ignored.

The recipient has five attempts to answer correctly before we permanently delete the message from our servers. Secure messages are deleted 14 days after they are sent.