At the moment I'm doing the following:
noteshred.comBut it's a big hassle, and today security folks can block zip files that cannot be inspected.
Is there an easier method? What would happen if I encrypt the complete email and send it to the recipient?
When communicating vulnerabilities to clients, the report is provided through a website under our control. The URL and their username is sent through email, and send the password via SMS. It's not much of a hassle if the steps are simple and largely automated (uploading the file, creating a user, sending the password to a phone number) and the recipient does not need to be tech savvy.
Alternatively, PGP encryption can be used for people who have a public key and the fingerprint has been verified. There are very few people who prefer this, typically only other security teams (and even then, not always).
Note that when encrypting zip files, as you do, the filenames are still readable. This might inadvertently leak information.
Your current setup is not the most secure because the noteshred.com may intercept your password and url. Even though they claim to be secure or whatever, they could have been hacked or have malicious intentions.
Encrypt the file with symmetric encryption using Zip password, Veracrypt or OpenSSL. Upload the file to a file sharing service. Send the file url and password using asymmetric encryption via email with PGP or for convenience use something like the FlowCrypt extension for Chrome.
Alternately, if speed is not an issue, you can use OnionShare, which lets you transfer files using Tor. This also makes it unnecessary to encrypt the file because it is not on some third party server, and all traffic is encrypted, and it cannot be discovered because it uses tor and a random password is included in the url. You still have to encrypt the URL though.
https://github.com/micahflee/onionshare/wiki/Security-Design
There is some tool already exist on the market that will let know send some confidential information's by email.
Tool like Privnote, XMedius SendSecure, SendInc or Secure Exchanges.
From my point of view i prefer Secure Exchanges. It's fully integrated with Microsoft Outlook, Gmail or Office 365 and it's very cheeps in term of fees. Something like 2$ or 3$ CAD per month. They other solution cost a little bit Higer.
There are also Gmail that are working on a encrypted solution, but to be honnest, i think Gmail (Google) already get to much information's on us ..
You may want to consider using EncryptedSend to send/receive files and messages with end-to-end encryption. Information that you send through this service is encrypted using javascript running in the sender's web browser, and decrypted using javascript running in the recipient's web browser, so that only encrypted information passes through the service's servers. This is a good solution for non-tech-savvy people who don't have the technical know-how to use tools like GPG, PGP, etc. In fact, the sender does not even have to be registered with the service.
Just a remark on today security folks can block zip files that cannot be inspected. Currently, all filters I know let pass plain text mails. If you have to pass a crypted message through a mail server that blocks crypted mails and/or crypted attached zip files, there is a stupid simple way:
uuencode/uudecode can do that on any Unix-like system, and UUEnview/UUDeview does the same on Windowsbegin line and the terminal end line or replace them with something different that will not trigger MIME decoders (<<< and >>> for example)Ok, as it is willingly not automatic, the recipient will have to do same operations in reverse order:
begin and end lines
Use a message encryption service. If you use Office 365 for your email, it has one built in. This works well because you can pair it with a transport rule to automatically apply encryption to messages that meet certain criteria (e.g. The user puts CONFIDENTIAL in the subject).
https://products.office.com/en-us/exchange/office-365-message-encryption
Barracuda has a similar service: https://www.barracuda.com/products/emailessentials
So does Symantec: https://www.symantec.com/products/information-protection/encryption/gateway-email-encryption
And many others do as well.
Using a service like this, the message is sent to the recipient as an encrypted attachment. The recipient must login to a portal to view the message. (The message isn't actually held by the third party, they just provide the "decoder ring".)
security folks can block zip files that cannot be inspected.
"Questions asking us to break the security of a specific system for you are off-topic unless they demonstrate an understanding of the concepts involved and clearly identify a specific problem."
While there are lots of ways of transferring files, you explicitly asked about sending files via email.
There are lots of ways of sending encrypted messages via email; you have already described one.
The most common solution is to use PGP encryption - that depends on asymmetric encryption - you can publish your public key for anyone to use - but only you can decrypt the messages they send you encrypted with that key. But this depends on both correspondents having PGP software and a keypair which they can use.
There is a variation on this using x509 certificates - but IME it is not as widely used / supported as PGP.
In terms of seting up the trust (exchanging keys) there is some pain, but you only need to do this once.
If you are concerned that your email may be blocked by security because it cannot be inspected, then (although its surprisingly easy to fool such tools) you are attempting to break a security policy and hence your question is off topic.
