Your email contains a great deal of sensitive information about your identity. If you’re concerned about your online privacy, you should learn how to encrypt email to prevent unauthorized third parties from accessing them. The best way to protect your emails — and any online correspondence — is to encrypt them using the gold standard in security: end-to-end encryption (E2EE).

There are many ways to encrypt your emails using end-to-end encryption, with varying levels of difficulty and security. The best method to use to encrypt an email depends on the email service you and your recipient are using and the level of technical know-how you can employ.

What is encryption?
Why is encryption essential?
Other types of encryption
How to send an encrypted email
Using password-protection
Encrypt an email using Gmail
Secure an email using Outlook
Set up PGP by yourself
The best way to encrypt an email

Get Proton Mail button

What is encryption?

You keep hearing about it, but maybe you’re not sure what exactly encryption means. Encryption scrambles plaintext (like the kind in your emails) into unreadable symbols called ciphertext. The recipient of an encrypted email has a cryptographic key and is the only one who can decrypt the message.

End-to-end encryption (E2EE) protects the contents of your email on every stage of its transfer. Unlike other email providers that only use Transport Layer Security (TLS) to encrypt your emails while they’re in transit (for example, Gmail and Outlook), Proton Mail uses E2EE by default to protect your messages. Your email is encrypted on your device and decrypted only after arriving in your recipient’s inbox, meaning no one in between can read its content. 

Why is encryption essential?

Whether you’re an individual, have a business, work in the healthcare sector, or are in an industry dealing with sensitive information, encryption is necessary to keep your information secure. According to IBM(ventana nueva), the average cost of a data breach in 2024 was $4.9 million, and, according to Verizon(ventana nueva), there was a 34 percent increase in data breaches over 2024 due to security vulnerabilities.

Data breaches are expensive, but they can also cost your business additional strain on its reputation and destroy client trust. Robust E2EE encryption is the best way to stop hackers in their tracks and prevent a data breach.

Additionally, certain industries, like the healthcare industry, require businesses to adhere to compliancy laws and regulations like GDPR and HIPAA. E2EE encryption ensures that your patients data is always safe and your business always compliant, no matter the regulations.

Other types of encryption

  • PGP encryption: Otherwise known as Pretty Good Privacy, PGP is the most popular encryption model used today and is the backbone of end-to-end encryption (Proton Mail’s encryption method, for example, is based on an open-source version of PGP). It scrambles data into unreadable cyphertext, ensures that the message wasn’t tampered with in transit, and it authenticates the sender’s identity.
  • S/MIME: This method relies on a centralized system of certificate authorities (CA) to verify your digital identity. To use S/MIME, you’ll need to contact your own CA to obtain a certificate, which can be complex and costly to properly set up. Additionally, S/MIME only works if you and your recipient enable it correctly. If S/MIME isn’t set up properly, your email will fall back to weaker TLS encryption, potentially putting your email exchange at risk. 
  • TLS encryption: This is the standard encryption employed by Gmail, Outlook, and most free internet providers. Unlike PGP or E2EE, TLS encryption only encrypts emails in transit, meaning your messages can be read by your email provider or host company, such as Google, once the email is in your or your recipient’s inbox.

How to send an encrypted email

The easiest way to send an encrypted email, especially for beginners, is to use an email provider that automatically protects your communications with end-to-end encryption. With end-to-end encrypted email providers like Proton Mail, all the encryption happens automatically in the background, so you don’t need to worry about keys or take any additional steps to secure your emails.

We also use zero-access encryption to protect emails you receive from other email providers. Proton Mail instantly encrypts these emails when they’re received, meaning they’re stored in an encrypted state on our servers. With zero-access encryption, even if a hacker breaches Proton Mail’s servers, they won’t be able to decrypt your messages.

How to send an encrypted email with Proton Mail

Secure an email using password-protection

If you send an email from an end-to-end encrypted email account, but your recipient uses a service that does not support PGP, your emails won’t be end-to-end encrypted by default. Instead, you can send your recipient a password-protected email.

When you send a password-protected email with Proton Mail, your recipient will receive an email that contains a link to your end-to-end encrypted message. They must enter a previously agreed-upon password to open the email, which prevents anyone from reading your message unless they have the password.

Password-protected emails with other email services

You can also send password-protected emails with Gmail and Outlook. Sending a password-protected email with Gmail is called “confidential mode”, and while it protects sensitive emails from unauthorized or accidental sharing, this is not the same as sending an encrypted S/MIME email with Gmail. 

How to send password-protected emails (with Gmail, Outlook, and Proton Mail)

Encrypt an email using Gmail

If you want to use encryption with Gmail, you can enable S/MIME encryption, but only if you pay for Gmail. S/MIME is only available with certain paid Google Enterprise or Education accounts. Switching from a Gmail account to an end-to-end encrypted email provider is a much easier — and often free — method of sending encrypted emails. For example, Proton Mail offers the same end-to-end encryption with both our free and paid accounts.

Compared to PGP, Gmail’s S/MIME encryption has several drawbacks:

  • S/MIME only works if you and your recipient enable it correctly. Otherwise, your email will fall back to weaker TLS encryption, potentially putting your email exchange at risk. 
  • S/MIME relies on a centralized system of certificate authorities (CA) to verify your digital identity, which means you’ll need to contract your own CA to obtain a certificate. This can be complex and costly to properly set up.

How to send an encrypted email with Gmail

Send an encrypted email with Outlook

If you want to send an encrypted email in Outlook, you can enable enhanced encryption, but only if you upgrade to a premium account. Upgrading your account allows you to encrypt emails using Microsoft 365 Message Encryption, also known as Microsoft Office 365 Message Encryption (OME). This is not a simple solution to set up, and you’ll need an administrator to manage your premium account.

Outlook’s encrypted email function sends the passcode to decrypt your message to the same address as the encrypted message itself, so the message can be accessed if anyone breaches the recipient account.

How to send a secure email with Outlook

Set up PGP by yourself

If you have some technical expertise, you can also set up PGP on your own. PGP is one of the world’s most widely used E2EE systems. PGP allows you to digitally sign and encrypt messages, ensuring they cannot be tampered with.

Using a PGP client

You can set up PGP on your own using a PGP email application like OpenPGP(ventana nueva). When you use a PGP client, you first need to generate a key pair: your public key and your private key. You can share your public key with your contacts, but you should always keep your private key secret.

To send you a fully encrypted email, your contact will need to use your public key to encrypt their messages to you. To decrypt their incoming messages, you need to use your private key. 

However, sending fully encrypted emails with your own PGP client is more challenging than it sounds. Both you and your recipient must use compatible versions of PGP for the encryption to work. And if you don’t share or store your key pair properly, you might accidentally create vulnerabilities in your security defenses. To prevent this, you could use a trusted E2EE email provider to handle the complex operations of email encryption for you. Alternatively, third-party plugins may do the job as well.

Using a third-party PGP plugin 

Third-party PGP plugins, such as Mailvelope(ventana nueva), help make encryption simple and straightforward. They are browser extensions that build PGP directly into your webmail, so you can easily send fully encrypted emails in an environment that’s already familiar to you. All encryption and decryption are handled locally on your computer, and your email provider can’t access your private key. 

While a third-party PGP plugin simplifies E2EE, it’s far from being a perfect system:

  • Most third-party PGP plugins don’t offer email client support, meaning if you send emails via Thunderbird or Apple Mail, you won’t be able to encrypt your emails. 
  • These plugins don’t work in browsers on mobile devices.
  • Your attachments must be encrypted separately from your emails.

What is the best way to encrypt an email?

If you’re looking for a hassle-free way to encrypt your emails, you need to find a trustworthy encrypted email provider like Proton Mail. As the world’s largest encrypted email provider, one of our goals is to make sending fully encrypted emails as easy as possible. This is why we’ve made our email encryption automatic. 

All emails sent between Proton Mail addresses are fully protected with E2EE and zero-access encryption, so no one other than you and your recipient can read your messages. And if you’re sending emails to non-Proton Mail addresses, you can use our Password-protected Emails feature. Your recipient can only read your email after they enter the correct password and can easily reply with guaranteed E2EE.

We also offer the following advanced security features:

  • End-to-end encryption: All messages sent between Proton Mail addresses are automatically end-to-end encrypted.
  • Zero-access encryption: Your emails are stored with zero-access encryption on Proton Mail’s servers, meaning nobody (not even Proton) can read or access them.
  • Message expiration: Set a timer on your email so it’s automatically deleted from your recipient’s inbox after the time runs out.
  • Enhanced tracking protection: Proton Mail automatically blocks all spy pixels in the marketing emails you receive, so you can safely read your emails and load images without being tracked.
  • Sender verification: Proton Mail’s sender verification proves that an email has not been tampered with and comes from a trusted sender.
  • Encrypted contacts: Securely store your contacts’ details in your inbox, such as their phone number, address, birthday, and personal notes.
  • Spam detection: Our smart spam detection system automatically filters unwanted emails to your spam folder. You can also block senders you no longer want to receive emails from.  

A better way to encrypt email

Besides Proton’s intuitive and easy-to-use web app, you can also download Proton Mail on your mobile device (iOS(ventana nueva) and Android(ventana nueva)) to send encrypted emails even when you’re on the go.

At Proton, we’re on a mission of building a better internet for everyone. When you sign up for a free account or upgrade to a paid Proton Mail plan, you’re joining hundreds of thousands of users who put their privacy first.

Proton was founded by scientists who believe in transparency and community. When you sign up for a Proton Mail account, you’re protecting your data 24 hours a day, seven days a week. Whether it’s ensuring your data isn’t sold to third parties for a profit, or keeping your personal information safe from hackers and cybercriminals, Proton is with you every step of the way to make your internet experience safe, secure, and private.