Using c.Email

8 articles c.Email Support By c.Email Support

Sending and receiving secure emails.

Sending emails

You can send emails from any of the email addresses you have added to c.Email by choosing from the drop-down menu in the From field. You can change your default email address by clicking the button to show your active accounts in the top right of your inbox.  You can send emails with four different security levels:  Not secure: Not authenticated or encrypted. Unencrypted emails can be read by email providers and hackers – leaving you vulnerable to surveillance, data theft, and fraud. Not recommended. Authenticated: Signed with cryptographic proof of the sender’s identity.  Secure: Authenticated and protected with post-quantum secure encryption. Can only be read by you and the intended recipient. For when privacy and trust matter. For Your Eyes Only: Authenticated and only decrypted when the intended recipient is looking at the screen. The reader must pass a continuous liveness check using our face unlock technology and a template of the biometric data from their initial identity verification (which is stored on their device, nowhere else). For when absolute secrecy matters. If you haven’t confirmed your identity in the app, you won’t be able to authenticate or encrypt your emails.  By default, all your drafts will be encrypted automatically. c.Email will also prompt you to confirm your identity via face unlock when sending encrypted emails. You can turn both of these off in your c.Email settings. 

Receiving emails

As with the emails you send, every email you receive will come with a security label:  Not Secure: Not authenticated or encrypted. This means that it’s technically possible for your email provider or a hacker to read it, and that it lacks cryptographic evidence that it’s from who it says it’s from.  These emails will display the message ‘Real name: unverified’ below the sender’s name, even if they have verified your identity before sending. This is because emails can only be sent authenticated and encrypted, or not authenticated or encrypted.  Authenticated: Appears with the sender’s verified real name, meaning you can be sure that the email is really from who it says it’s from.  Secure: Authenticated and end-to-end encrypted, meaning it can only be read by you. Secure emails display the sender’s verified real name.  For Your Eyes Only: Authenticated, end-to-end encrypted, and protected with our face unlock technology. To decrypt a For Your Eyes Only email, you need to look continuously at the screen, passing a continuous liveness check using a template of the biometric data from your initial identity verification (stored only on your device).  If you look away from the screen, the email content will turn back into encrypted text. This is our highest security level and means that even if someone else were to access your unlocked device, they wouldn’t be able to read your emails.  By default, c.Email groups your messages (meaning you can see all emails from the same thread in one place). You can turn this off in your c.Email settings. 

Searching emails

Even though your emails are encrypted, it is still possible to search them. Emails stored locally (i.e. any email you’ve received or searched for since installing c.Email) can be searched, because emails are decrypted on your device rather than on our servers.  Emails not stored on your device (i.e. historical emails pre-dating your use of c.Email) are still searchable, but only with the text in their sender addresses and subject lines. For this reason, these elements are not encrypted in c.Email.  If you type your search query and don’t immediately see the email you’re looking for, hit the search button. This triggers a query to the API, which returns all relevant results rather than just the emails stored on your device. 

Adding email signatures

To create a new email signature, go to your c.Email settings. You can either create individual signatures for different accounts, or a global signature to apply automatically across all accounts. 

Adding contacts

You can give c.Email access to your contacts to improve automatic contact suggestions when you compose an email. This feature is turned off by default, but you can enable it in your c.Email settings. 

Blocking emails and senders

Individual email addresses can be blocked in the same way as on legacy email clients. In addition, you can block senders. This means they will not be able to send you emails even from a new address. 

Recovering your account

Your private key for email decryption is stored on your device to avoid compromising your privacy. However, to prevent you losing your email data if you lose access to your device, c.Email automatically encrypts a backup key for you. The retrieval process for this key is only triggered when you sign in using biometrics on a new device.  When you first download c.Email, you will be prompted to set a password for your backup. Once you have done this, c.Email automatically encrypts and uploads a backup key to your cloud provider, such as Google Drive, iCloud, or OneDrive.  To recover your data, install c.Email on a new device and choose the email address you were using previously. Once you have completed authentication with your email provider and identity verification with c.Email, you will be asked for your backup password. c.Email will then retrieve the encrypted backup from the cloud and restore your keys. You can configure this process and change your backup password in your c.Email settings. 

Rotating your keys

As an extra security measure, you can rotate your public signing and encryption keys within c.Email whenever you want. This step is optional.  To rotate the key for one of your verified email addresses, go to your c.Email settings, tap Security, then tap the Rotate key button. The process will only take a few seconds, and you don’t have to do anything else.