I needed to send sensitive documents to a business. Their system blocks encrypted files so that wasn’t an option and we were struggling to come up with a way they would accept it. I guess I’m the first person they interacted with that cares about encrypting sensitive files. They agreed to accept the password protecting email that Proton offers .
I have a free Proton account currently and for this business, I use a Proton Pass alias. Since I’m paranoid and wanted to make sure it worked properly, I tested this by first sending an email from a non-Proton email to the alias. I then responded back, enabling the External Encryption button.
The email I received in the non-Proton inbox does say it came from the alias. But, the email body itself says “You have received an encrypted email from [my actual Proton email address].”
Accidentally deleted my comment I am such a goose. I said:
I believe with Proton drive links the recipient does not see the actual email address associated with the drive. Then you could just send the drive link over from the email alias.
Also is it just me or is it strange for a business to not accept encrypted content? How bizzare.
I just tried sharing and the recipient e-mail shows my primary PM e-mail address associated with the account.
This appears to be a good workaround. The link doesn’t reveal the address. Sharing it in the way that would make sense (I.e. via the share button) should be avoided and maybe just the link. The downside of this of course is you have to revoke the link for everyone not just specific people you want to share with. So not a good UX.
There are good reasons for this, mainly data protection/prevent theft/fraud etc.
This isn’t that strange, at least to me. Many business will block certain file types or file encapsulation methods for spam and security reasons, and I can’t really blame them for that.
Also as the OP said, this is appears to be a niche use case, and perhaps even the first time this particular business ran into this issue.
Also is it just me or is it strange for a business to not accept encrypted content? How bizzare.
Very common in my experience. No encrypted files, no encrypted folders, and if I visit them in person, they won’t accept a flash drive.
It’s likely a security policy to prevent malicious attachments and files. Not the dumbest rule considering they lose nothing by allowing my sensitive data to be transmitted without encryption, but they expose themselves to potential security risks by accepting encrypted files and random flash drives.
The only people I’ve encountered that accept encrypted files are small business professionals, like my former accountant.
And no, they’re not going to install Signal lol.
I was truthfully surprised this business was even willing to accept the Proton encrypted password option. Most businesses are either using Microsoft 365/Outlook or Google Workspace.
It took a few minutes for me to explain that Gmail’s “confidential mode” (which they recommended) is not the same as an encrypted email and that Google can still read the content.
I don’t believe I have ever tried sending a Proton password-protected email to a business, but I am doubtful they would refuse. The only reason I can think of for them refusing is not the fear of malicious content, but their desire to have a permanent record of your exchange. When you send a password protected email from a Proton address to a non Proton address, not only are the messages only saved on Proton’s servers, but they will self-destruct after 30 days.
HOW I SEND DOCUMENTS
By default, I never send documents as attachment in emails. I always upload them to an encrypted service like Tresorit Send. And this is where I encounter resistance. Many businesses have told me they cannot accept files via external cloud services, because they are not allowed to visit other sites. They might even be blocked.
I personally find this annoying, because those same businesses expect me to visit other sites that are not theirs, but they won’t do it themselves. If it’s not safe for you, why would it be safe for me?
WHAT CAUSED YOUR PROBLEM?
With all that being said, this does not explain your problem.
Firstly, Proton aliases cannot send E2EE emails.
I don’t know where you got that idea.
If you can’t send an encrypted link from Tresorit or another E2EE cloud service, I would password protect the documents themselves. Make sure you have a display name for your alias, so the business can easily identify you.
Secondly, I use aliases every day to email businesses. In fact, it is my primary way of emailing people, and my inbox/Proton address is never exposed.
Do you have a free or paid Proton Pass account?
If it’s the former, I would hope that Proton doesn’t remove protections by exposing your inbox/Proton address. They shouldn’t.
THE ONLY WAY YOUR INBOX/PROTON ADDRESS CAN BE EXPOSED
There is only one way your inbox/Proton address can be exposed when you use aliases, and that’s when someone has not replied to you after you emailed them, and you decide to send them a second follow-up email, as a reply to your first email.
When you do that, when you reply to an email that you sent with an alias, your inbox address is exposed in the history thread, and you have to remember to delete it and replace it with your alias.
Nope, almost all the businesses I’ve tried to send password protected Tuta emails to have been unable to open them due to security protocols. I can understand why, they can’t scan them for malware.