Gmail has released a new feature called Confidential Mode that allows you to send self-destructing emails to recipients that can't be forwarded to other users or printed. When using this mode, senders can configure an email to delete itself after a certain amount of time or even restrict access to an email after it was sent.
When a user sends an email in Confidential mode they will be able to configure various options such as when the email will expire, or self-destruct, and whether it requires a password to open. When setting email expirations, you can configure it from 1 day all the way up to 5 years.
This feature works with all email providers because the email sent to the recipient does not contain the actual confidential email. Instead, the recipient will receive an email containing a link to the Google servers, which hosts the email, as shown below.
When a recipient clicks on this link, Google will first ask you to login to confirm that you are the intended recipient. If are you are logged in as the recipient, it will show you the email, otherwise it will deny you access.
If an email was sent by mistake or a sender would like to withdraw access, the sender can simply open the email in their Sent folder and click on the Remove access button as shown below.
This process works well because the actual emails are hosted on Google's servers rather than in a user's email program. Therefore, a sender can control at any time whether the recipient can see the email or not.
One feature that is missing that I think would be useful is the ability for the sender to see if a recipient has opened the email or not. This way they can revoke access knowing that the email was never read.
While I find this feature very useful, it is important to remember that there is nothing stopping a recipient from simply taking a screenshot of the email. So this should not be considered a very secure way of sending someone information.
After publishing this article, important concerns were raised that there is a good chance that this feature will be used in future phishing attacks.
This doesn't help one bit either "When a recipient clicks on this link, Google will first ask you to login to confirm that you are the intended recipient.".— Christopher Budd (@ChristopherBudd) August 20, 2018
So basically, you've got something that's meant for "high security" situations that is primed for phishing for credentials. So, it's perfect for high value targets with low sophistication (though that's usually redundant). What could possibly go wrong.— Christopher Budd (@ChristopherBudd) August 20, 2018
A successful phishing attack would then allow an attacker to gain access to the recipient's email credentials and thus their email.
Confidential Mode is available in both the webmail version of Gmail and in the Gmail mobile apps for iOS and Android.
To use it in webmail, you should compose a new email as normal and then click on the lock button as indicated in the image below.
This will bring up a settings screen where you can configure the expiration time and whether the email requires a password.
For mobile Gmail app users, it works a little differently. First you would compose your email and then click on the ... menu as shown below. This will open a menu, where you should select Confidential mode to bring up the feature's settings.
Once you configure the settings you wish to use in Confidential mode, you can then send the email as normal.