Want to secure your messages? In this quick guide, we’ll show you how to encrypt an email in Gmail. So that you can protect your sensitive information. And keep your inbox private and secured.
Your Gmail inbox is filled with sensitive information. Think about it… This is where you store some of your holiday photos, as well as your private correspondence with your friends, colleagues and family members.
If hackers were to dig into your old emails, they would probably find truckloads of confidential data, such as passwords, bank details and maybe even your purchase history. Which is why protecting your inbox and messages is so critical.
The best way to do that is to secure your Gmail account with a strong password, and to use email encryption to prevent hackers from intercepting your messages. Both while they’re at rest and in transit.
In this quick guide, we’ll cover everything you need to know about encrypted emails in Gmail, including ⤵️
- What is email encryption?
- How does Gmail protect your emails?
- How to turn on S/MIME encryption in Gmail?
- How to use Gmail confidential mode?
- Best tools to encrypt emails in Gmail
- How to check if an email is encrypted?
Sounds good? Then let’s dive right in.
What is email encryption?
Let’s start with the basics. Sending an unencrypted email is pretty much like writing on a postcard. Your message is written in plain text. So anyone that intercepts your email is able to read its content.
So to add a layer of security and protect your confidential messages, most email service providers (ESPs) use a process called email encryption. In short, they apply a cryptographic algorithm to turn your message into ciphertext.
That way, even if an unauthorized party snatches your email or gains access to your server, they won’t be able to decipher its content. All they will see is an illegible string of characters, like the one below ⤵️
Once your encrypted email reaches its destination, it can be decrypted by your recipients thanks to a private key. Most ESPs use email encryption to protect your messages’ confidentiality and integrity.
But they don’t necessarily use the same encryption protocols. Which can be a problem. We’ll get back to that in just a bit :) For now, all you need to know is there are multiple types of encryption.
Here are the ones worth keeping in mind ⤵️
- At-rest encryption – Your emails are protected while they’re stored in your inbox.
- In-transit encryption – Your emails are protected while they’re traveling from and to your inbox.
- End-to-end encryption – Your emails are encoded before they’re uploaded to an email server. And they stay encrypted until they reach your recipient.
But what about Gmail? How does Google protect your messages? Are your emails encrypted? And if so, what encryption protocol does Gmail use? Let’s keep digging and you’ll understand.
How does Gmail protect your emails?
Gmail does a pretty good job at protecting your emails. According to Google’s transparency report, 90% of outbound and 96% of inbound messages in Gmail have been encrypted since the beginning of 2024.
To secure your emails, Gmail uses not one but two encryption protocols. The first one is called Transport Layer Security (TLS). Over the years, this protocol has become a standard for secure email.
But it’s not perfect. Emails encrypted with the TLS protocol are safe while they’re in transit between email servers. But only if your recipient’s ESP also supports it.
There’s more. Once your TLS encrypted email has reached its destination, its privacy depends on the at-rest encryption protocol used by your recipient.
So while TLS is definitely a good start, it’s not a foolproof way to encrypt email in Gmail. Which is why Google decided to add an extra layer of security. But only for certain paid users.
If you have a Google Workspace account with an Enterprise or Education Fundamentals subscription, you can enable Secure/Multipurpose Internet Mail Extensions (S/MIME), which is a much stronger encryption protocol.
S/MIME allows you to encrypt emails with user-specific keys. This means that only the recipient of the email can decode its content. But this Gmail encryption protocol has some drawbacks as well ⤵️
- S/MIME only works if your recipient also has enabled it.
- This feature is only available for certain paid users
- Your messages are not end-to-end encrypted
Despite these flaws, S/MIME is a great way to encrypt email in Gmail and to protect your sensitive information. But to send S/MIME encrypted emails in Gmail, you need to turn on this feature first.
How to turn on S/MIME encryption in Gmail?
Want to enable the S/MIME encryption protocol on your Gmail account? Here’s how to do it. In just a few clicks.
Step 1: Go to your Google Admin console.
Step 2: Navigate to Apps > Google Workspace > Gmail.
Step 3: From there, click on “User settings”.
Step 4: In the left-hand panel, select the domain or organization for which you wish to activate S/MIME encryption.
Step 5: Next, click on “Enable S/MIMEencryption for sending and receiving emails”.
Step 6: Once you’re happy with your settings, click on “Save”.
And voila. You’ve successfully enabled S/MIME. The members of your organization or domain can now encrypt email in Gmail. And safeguard their private and confidential data from unauthorized access.
How to use Gmail confidential mode?
S/MIME is only available for certain paid accounts. But you can still send secure emails from a free Gmail account. To do so, you can use another feature, called the Gmail confidential mode.
This mode doesn’t add any layer of encryption to your emails. However, it allows you to protect your messages by:
- Preventing your recipient from copying, downloading, forwarding or printing the content of your email and its attachments
- Setting an expiry date after which the recipient can no longer access your email
- And sending an SMS passcode to the recipient to verify their identity before allowing them to view your email
Here’s how to send confidential emails in Gmail ⤵️
Step 1: Go to Gmail.
Step 2: Compose a new message.
Step 3: Toggle the Gmail confidential mode on.
Step 4: Choose the date on which your email will expire.
Step 5: Decide whether you want your email to be password-protected or not.
If you turn on this feature, Gmail will ask for your recipient’s phone number and send them a SMS passcode.
Your recipient will then need to enter this text passcode to verify their identity and access the content of your email.
Step 6: When you’re done setting up your confidential email, click on “Save”.
Step 7: Hit the “Send” button.
And that’s it. You’ve successfully sent a confidential email in Gmail. This is (a bit) safer than sending a regular email. But keep in mind that even in confidential mode, your emails are not 100% secure. Here’s why ⤵️
- When your message “expires”, it doesn’t disappear. Its content can still be found in your “Sent” folder.
- Your recipient may not be able to print, copy, forward or download your email, but they can take a screenshot or a photo.
- Your messages aren’t end-to-end encrypted. So Google can still access their content.
For these reasons, some users rely on third-party tools to encrypt emails in Gmail and secure their confidential data.
Best tools to encrypt emails in Gmail
There are dozens of encryption services that you can use to encrypt your emails in Gmail. But not all of them are on par. Here are some of the most popular platforms to protect your email privacy.
1. Virtru
Virtru is among the best Gmail encryption tools available today. This free Chrome plug-in lets you send encrypted emails and attachments from your Gmail account to anyone – regardless of what email service provider they’re using.
Just like Mailmeteor, the app integrates seamlessly with the native Gmail user experience. It allows you to protect your Gmail messages with end-to-end encryption powered by the Trusted Data Format (TDF) open standard.
Other security features can help ensure your privacy, such as watermarking, file sharing privileges and persistent protection for attachments. For all these reasons, Virtru is a great way to encrypt email in Gmail.
2. Mailvelope
Mailvelope is another well-known Gmail encryption service. It’s not as easy to use as Virtru. But once you install this Chrome extension, you can send end-to-end encrypted emails directly from your Gmail account.
The app uses the Pretty Good Privacy (PGP) standard, which is one of the most popular encryption protocols. Mailvelop lets you encrypt email in Gmail, so that you can (at last) send and receive email messages securely.
3. Trustifi
Last but not least, Trustifi is an award-winning cloud-based email security platform that provides AES-256-bit encryption capabilities. Your emails are end-to-end encrypted and the app is compliant with the latest data protection laws.
What’s more, Trustifi integrates seamlessly into Gmail, making this software easy to use, even for beginners. The app also lets you block users, enable two-factor authentication, send disappearing emails and disable printing.
How to check if a Gmail message is encrypted?
Want to make sure that emails you’ve sent or received in Gmail are encrypted? Here’s how to do it.
Step 1: Open Gmail.
Step 2: Open the email you want to check.
Step 3: Under the sender’s name, click on the down arrow.
Step 4: A small window will appear. In the “Security” section, you should be able to see the level of encryption of your email.
- If the encryption icon is green, it means that S/MIME enhanced encryption is turned on. Your emails are secured.
- If the encryption icon is gray, it means that TLS standard encryption was used. This is suitable for most messages.
- If the encryption icon is red, it means the message is unencrypted. Your communication is not secure.
You can click on the lock icon and then “View details” to change your S/MIME settings or learn more about your contact’s encryption level.
That’s it. You’re ready to encrypt emails in Gmail and safeguard your sensitive information. And if you want to make the most out of your Gmail account, make sure to check out what we do here at Mailmeteor ⤵️