SecureSend in Canary Mail: What It Is and How It Works

By:

Support Team

Published:

February 19, 2023

Updated:

February 19, 2026

What is Canary Mail SecureSend?

SecureSend is Canary Mail’s built-in encrypted sending feature that protects email content and attachments with an additional layer of security.

It secures:

  • Email body content
  • Attachments and files

It is not:

  • A separate email provider
  • A different mailbox
  • A system that requires manual encryption key exchange like PGP

Unlike PGP, SecureSend does not require you or your recipient to manage encryption keys.

If you’re ready to use it, see SecureSend: Composing a Secure Email for step-by-step instructions.

SecureSend Key Facts

  • Works with recipients who do not use Canary Mail
  • Recipient opens a secure access link
  • Identity verification is required to access the message
  • Secure replies are supported in the Secure Reader
  • You can set an expiration date
  • You can revoke access after sending

When Should You Use SecureSend?

Best for:

  • Financial information
  • Legal documents
  • Medical records
  • Contracts and agreements
  • Private documents
  • Credentials or sensitive data

Best when:

  • You need encryption without setting up PGP
  • You want revoke or expiration controls

Not ideal when:

You already use established PGP keys end-to-end with a technical recipient group

SecureSend vs PGP in Canary Mail

SecureSend and PGP both provide encryption, but they are designed for different workflows.

Choose SecureSend when you want encrypted email without managing keys, especially when sending to non-technical recipients.

Choose PGP when both you and your recipient already use established encryption keys and require traditional key-based end-to-end encryption.

Feature SecureSend PGP
Setup required No key exchange Requires key setup
Recipient requirements Any email address Must have PGP keys
Key management None Manual key management
Best use case Financial, legal, medical sharing without complexity Technical end-to-end encryption workflows
Tradeoffs Cloud-based secure reader model More setup and key management responsibility

If you prefer traditional key-based encryption, see:

For a deeper overview, you can also review the PGP encryption guide.

How SecureSend Works (Step by Step)

  • Step 1: The sender enables SecureSend and sends the email.
  • Step 2: The recipient receives an email containing a secure access link. 
  • Step 3: The recipient verifies their identity to unlock the message.
  • Step 4: The message opens inside the Secure Reader.
  • Step 5: If enabled, the recipient can send a secure reply.

For a detailed explanation of the recipient experience, see How recipients access SecureSend emails.

How Recipients Access a SecureSend Email

What the recipient sees

  • The recipient receives a standard email containing a link to securely view the message.
  • If the recipient has Canary Mail installed, the message will open automatically within the app.

How the Secure Reader flow works

  1. Click the secure access link.
  2. Complete identity verification.
  3. View the encrypted message in the Secure Reader.

Recipients do not need to install Canary Mail or create a new account.

Common recipient issues

Cannot verify identity

  • Ensure the correct email address is being used.
  • Check spam or junk folders.

Link expired

  • The sender may have set an expiration date.

Access revoked

  • The sender may have revoked access.
  • The Secure Reader will display that the message is unavailable.

Expiration and Revoke Controls (SecureSend Access Management)

SecureSend gives you control over how long your message remains accessible and allows you to disable access after sending.

How to set an expiration date

Before sending a SecureSend email:

  1. Enable SecureSend while composing your message.
  2. Open SecureSend settings in the compose window.
  3. Select an expiration date.
  4. Send the email.

For detailed steps with screenshots, see Revoke emails and set an expiration date.

How to revoke a SecureSend email after sending

You can revoke access to a SecureSend email at any time, even after it has been delivered.

To revoke access:

  1. Open the sent SecureSend email in your Sent folder.
  2. Locate the SecureSend controls.
  3. Select the revoke option.
  4. Confirm the action.

Revocation works whether or not the recipient has already opened the message.

What happens after revoke or expiration?

If a SecureSend message is revoked or expired:

  • The secure link becomes inactive.
  • The recipient cannot view or download the content.
  • Secure replies are no longer available.
  • The Secure Reader displays that the message is unavailable.

If access is needed again, the sender must resend the content using SecureSend.

How to Send a SecureSend Email in Canary Mail

iOS: Send a SecureSend Email

  1. Compose a new email.
  2. Toggle “Not Secure” above the keyboard to enable SecureSend.
  3. Send the message.

macOS: Send a SecureSend Email

  1. Compose a new email.
  2. Enable SecureSend from the compose window.
  3. Send.

Windows: Send a SecureSend Email

  1. Compose a new email.
  2. Enable SecureSend from the compose controls.
  3. Send.

Android: Send a SecureSend Email

  1. Compose a new email.
  2. Toggle SecureSend.
  3. Send.

If you do not see the SecureSend toggle:

  • Confirm SecureSend is enabled in settings.
  • Review your account permissions.
  • Check the Frequently asked questions page for additional troubleshooting.

SecureSend Security and Compliance

SecureSend encrypts your email content and attachments end-to-end. Only you and your intended recipient can access secure content.

What SecureSend protects against

  • Unauthorized inbox access
  • Compromised accounts
  • Accidental forwarding of sensitive information

For technical details, see How and where Canary stores encryption keys.

HIPAA Compliance

SecureSend is HIPAA-compliant.

If your organization requires a Business Associate Agreement (BAA), you may request one from Canary Mail.

For more information about privacy standards, see Privacy standards and compliance.

SecureSend FAQ

Can I send SecureSend to someone who does not use Canary Mail?

Yes. SecureSend works with any email address.

Do recipients need to install Canary Mail to read SecureSend?

No. They access the message through a secure web reader.

How does the recipient verify their identity?

The recipient completes an identity verification step before viewing the encrypted message.

Can the recipient reply securely?

Yes. Secure replies are supported within the Secure Reader.

Can I revoke a SecureSend email after the recipient opens it?

Yes. You can revoke access at any time. Once revoked, the message is no longer accessible.

What happens when a SecureSend email expires?

After expiration, the recipient cannot access the message.

What does the “Not Secure” toggle mean?

“Not Secure” indicates the message will be sent as a regular email. When toggled ON, SecureSend encryption is enabled.

Does SecureSend encrypt attachments too?

Yes. Attachments are encrypted along with the email content.

Related SecureSend Resources

When to Contact Support

Contact Canary Mail Support at hello@canarymail.io if:

  • SecureSend is not appearing
  • A recipient cannot access or verify a message
  • Revoke or expiration controls are not working

To help us investigate quickly, please include:

  • A brief description of the issue
  • Your ticket number (if available)
  • Your email logs