Tutorial - Sending and Receiving Hushmails


First things first - what is HushMail?


HushMail was established in 1999 as a free to use e-mail service (albeit with a number of the inevitable "premium" options). It provided then, and continues to provide today an e-mail facility which, unlike standard webmail providers such as Hotmail, GMail, Yahoo!Mail and numerous others, encrypts emails at source.

This means that even if mails sent via HushMail could be intercepted as they ping from one server in London to another in Sydney (via servers in Bucharest, Cairo, Singapore or wherever), they cannot be read by any snoopers along the line.

This makes HushMail an ideal means for people to send sensitive or otherwise confidential material from one side of the planet to the other (or even to send a mail to the woman in your kitchen to demand a top-up to your coffee) - in any event, if HushMail does do what it says on the tin, then you can be quite confident that only the intended recipient of your mail will be able to read it.

Of course, the HushMail service guarantees the confidentiality of your mail only while it is in transit. Once the mail is downloaded on to the recipient's computer, the integrity of the information is then only as good as the recipient's own security measures.

On a sort of side note - the HushMail service would appear to be a great tool for criminals, too - fraudsters, purveyors of dubious pornography, terrorists and others who indulge in nefarious activities. I say appear, but there is a school of thought (well, my school of thought, anyway) that while HushMail does encrypt mail to the nth degree, the entire HushMail operation is, among other things, a honey-trap set up by Mossad / CIA /MI5 /B&Q whose primary purpose is to corale and identify these criminals. Who knows? And (unless of course you are one of those criminals) who cares?

So here we go. You are not a criminal, and for your own good reasons, you are eager that any mail you send is sufficiently scrambled or encrypted so that no one (apart of course from Mossad, but hey! you can trust them!) will be able to see any part of your mail while it wings its way to the recipient.

Let us assume that you have a HushMail account already, and you are signing in for the first time:



Hit the sign in button - and you will typically next see an account options screen. I will leave it to your imagination to guess the likely preferred option of most people...



Note in the screenshot above - if using the free option - that you should: "Sign in at least once every 3 weeks to keep your account active..."; it's no idle "threat" either - leave it longer than 21 days between log-ins and your only choices then will be to abandon the account or to retrieve it through taking on one of the paid account options.


You will next be presented with the field into which to enter your HushMail account password;



One thing to note on this password screen; you have the option while here to "Enable Java"; (whether you do or not will make no difference to the fact that your mail will be sent and delivered securely; essentially the Java On / Java Off decision will determine whether your outgoing e-mail will first be encrypted on your own computer (Java On) or whether it will be sent unencrypted (yet securely) via a secure sockets layer (https as used by online banks and PayPal etc.), then encrypted on HushMail's own system before being forwarded for delivery (Java Off). This is explained on HushMail's own website here.

Either way, you should enter your password and hit the "Authenticate" button. Sometimes, when you do this, you might get a message on the screen which says; "Loading the Hush Encryption Engine may take up to three minutes"; possibly, if you are still relying on dial-up internet. Doesn't it sound very exciting though..."Loading the Hush Encryption Engine...?"...on the occassions when I do read that on my screen, I always ensure to put on my made for purpose Apollo 17 Astronaut's Helmet.

The somewhat disappointing reality however is that with a half decent broadband connection you will typically see this process finished in around 10 seconds or less. I never manage in that time to get higher than the ceiling, so it's quickly back to earth, off with the helmet, and on with the er.... where was I again? Ah, yes. On with the tutorial.

You may also on occasion see a message on your screen saying "If you are asked to install software from Hush Communications please choose yes." (Presumably, the factors which determine whether you do need to accept such a download relate to the nature and type of your operating system, the browser you are using, or some other aspect of the machine you are using to connect to HushMail; In my own experience I have not yet had to accept any such download).

In any event, you will then find yourself in your inbox. One thing about the HushMail interface - it is (in my opinion) neither as clear cut nor as intuitive as it might be, so forgive me if I use a few pointers here and there as they may clarify some of my points. Here then is your inbox, with the hand pointer indicating the "Compose" link to create a new mail:



Let's hit that "Compose" button and ramble on (as we do...)



The HushMail "Compose" fields feature all of the usual suspects: To: Cc: Bcc: and Subject. That much is straightforward.

Within that HushMail compose box however, you will also see three tabs situated directly under the "Subject" field; these are "Edit Your Message", "Message Options" and "Attachments".

The "Send" button is situated top left of the Compose box; once you have written your mail and hit "Send" (and whether you have chosen to add an attachment or to explore the "Message options" or not) - HushMail will, more likely than not, first default to that "Message options" (middle) tab section; this is because HushMail will always first determine if the intended recipient(s) of any e-mail you send using their service have previously registered with them to receive encrypted email.



Note at the foot of the above the screenshot; !"At least one recipient has not registered to receive encrypted email. Please enter a question and answer, or uncheck the "Encrypt Message" option above.

That second option - to "uncheck the Encrypt Message" - sort of defeats the whole point of using HushMail in the first place, and is best ignored. Better, is to take take the first option given - using a question and answer. As HushMail states, again from the above screenshot;

"If your message cannot be automatically encrypted for all recipients, it can be encrypted using a question and answer. In order to read the message, the recipient will have to answer the question correctly"

Type both your question, and your answer, into the appropriate fields. It goes without saying (so why am I saying it?) that you should be confident that the answer to the question you choose will be known to the recipient(s) of your mail!



Please ensure to take particular care when typing in the answer, to do it exactly; while it is not case sensitive, the recipient of your mail will need to spell the answer exactly as it was typed by you! In that respect, HushMail is (quite rightly) unforgiving, and a seemingly minor detail such as a missing full stop or hyphen will leave the recipient unable to view the mail.

So, you have written your e-mail, added any attachments as appropriate, ensured that you have the name of the correct recipient(s) in the To: field, and entered a security question, the answer to which, you are confident that your recipients will know correctly. All that remains is to hit the Send: button.

As far as the sending of e-mails via HushMail goes, that's the basics of it covered. What does the person receiving such an e-mail typically experience though?

Firstly, they will receive an e-mail notification mail from HushMail; it will look startlingly similar in style to this...



The notification mail will feature the phrase and a link;

"....has sent you a secure email using HushMail. To read it, please visit the following web page":

http://www.HushMail.com/express/RANDOMSTRING



That link within the HushMail notification message will always be safe to follow ('though like it goes on to say within the body of the notification mail);

"...it is safe to visit the HushMail web site by following the link provided in this email. However, you should never open an email attachment unless you know the person who sent it, were expecting to receive the file from them, and have scanned the file for viruses."

Clicking on that link should take you to a URL formed of the string http://www.HushMail.com/express/SAMESTRINGASABOVE and the words "HushMail - Free Email With Privacy" should form the title tag in the bar at the very top of that page.

The page itself will be styled exactly as the one shown below (although the question posed will of course be the question you chose, and the required answer will of course be the one which you set):



The intended recipient of your mail will also see these instructions on that page:

"Your message has been protected using a question and answer which was created by the sender. You must correctly answer this question, word for word, to retrieve your message. You will be limited to five incorrect responses."

In this particular case, HushMail is demanding the answer to "The World's Least Viewed Website" before it will divulge the contents of the mail. Hmmmm...let's give this a go...



My own answer of choice to the question above: "What Is The URL Of The World's Least Viewed Website?" is http://www.carcraft.co.uk/satisfiedcustomers.

I then hit "Continue" but oh dear, what is this? When I hit that Continue button, it would appear that I am incorrect?



Warning: Your previous answer did not match the answer entered by the sender. Remember, you must spell the answer in exactly the same way as the sender.

You have 4 tries remaining.


There are two possible reasons why I have given the incorrect answer - one of which is that the spivs in cheap suits at CarCraft do not actually have any satisfied customers.

Possibly I was digressing there, and if so, please excuse me; the second, and real reason that my answer was incorrect was that it did not match exactly (or even nearly!) the correct answer.

Not in the least part embarrassed, I now input the true answer posed by the question "What is the world's least viewed website?" - it's www.martin-kearns.com !

And whaddaya know??



Both the mail, and its message is laid bare for the recipient to view. So, with the possible exception of the prying eyes of MI5, KGB and other Government snoops, your mail has been delivered to the recipient with no likelihood of it having been read by curious telephone engineers or bored agents in ISP data-centres.

Now that the recipient has received your mail, HushMail will allow him to respond in kind - without him even having to create a HushMail account. The recipient only has to hit the reply button on the incoming mail, and his response to you will also be encrypted before being sent back.

That's the very basics of both sending and receiving mail via HushMail; anyone reading this is welcome to contact me should you require clarification of any aspects of this tutorial.


HushMail Home
Wikipedia Article About HushMail
Back To Tutorials Page



Martin Kearns' Home