You can use any challenge question you like. However, you must remember that your recipient will need to be able to answer this question before they will be permitted to open the email that you are sending. Your challenge question MUST therefore be something that your recipient will either know or something that you have agreed in advance.
We suggest that you don’t use anything which can be easily 'socially engineered' e.g. a piece of information about your recipient that might easily be discovered in a Facebook or LinkedIn profile such as a child's or a pet's name.
Business users might wish to consider the use of a suitable 'customer id’ or agreed ‘password’ that is recorded against the client record in a CRM system.
The recipient of your secure email will be allowed five attempts to answer the challenge. After five failed attempts, the email will be set to 'revoked' and you will be notified of the revocation.