Page last updated on
Page last updated on
I have to send emails that, if leaked, would put me or my colleagues at risk. How do I send emails that cannot be tracked back to me?
You need to send anonymous messages that you don’t want anyone to be able to link back to you. You might need to work anonymously. You need to take precautions not to expose your and others’ identities in case some messages are intercepted or one of your colleagues’ computers is confiscated.
What you should do
There are many points along the message’s way from you to the recipient that can expose your identity. Nevertheless, you can take some of the following precautions that make it very difficult to link the message back to you:
- Create an email account with a service that is openly committed to user privacy and does not store or disclose user or message details. Every email message travels through the internet with metadata to ensure its recipient receives it. Think of stamps of all the post offices through which a package travels. Some email providers deliberately delete message details about previous servers through which a given email has travelled. This is what you need. If your email provider is based in London, all that can be found from your message about your real physical location is that your messages travelled through London. Note that this is effective only if the email is intercepted after it reaches your email provider. Riseup.net is such an email provider.
- If your use is temporary, use a web-based anonymous remailer service but note that you should not have extended correspondence through an anonymous remailer. In fact, not all of them will even deliver messages back to you. Additionally note that even if you trust the service, you should access the remailer website with Tor Browser to anonymise your IP address.
- With an email client configured to use an email address that cannot be linked to your identity, use The Onion Router (Tor) application. If properly configured, it will pass your email communication through a chain of anonymising servers that will obfuscate the message’s route between you and your service provider.
- Use an email client as a portable application to send and receive your emails from public computers. For example, you could install the email client Thunderbird on a USB drive. You can then write messages on your (or any other) computer, go to a public computer, plug your memory stick into a computer, open Thunderbird, and send your messages. Sending messages from a public computer has the advantage that the computer and IP address are not associated with you. It is advised in case of using public computers to use VPN or Tor before starting your web activity and communication. In all cases there are physical clues that can identify you even with a public computer such as CCTV footage or computer user logs at libraries.
Where to find more help
- Read about Riseup’s secure email and internet services.
- Learn about using the Tor Browser.
- Learn about Portable Thunderbird
- Tips on responding to suspected email surveillance .