Your emails contain a great deal of sensitive information about your identity. If you’re concerned about your online privacy, you should encrypt your inbox and messages to prevent unauthorized third parties from accessing them. As with all online content, the best way to protect your emails is to encrypt them with the gold standard of email encryption: end-to-end encryption (E2EE)(new window).
There are many ways to encrypt your emails using end-to-end encryption, with varying levels of difficulty and security. The best method for you to use to encrypt an email depends on the email service you and your recipient are using and the level of technical know-how you can employ.
Encrypt an email using an encrypted email provider
The easiest way to send an encrypted email(new window), especially for beginners, is to use an email provider that automatically protects your communications with end-to-end encryption. With end-to-end encrypted email providers like Proton Mail, all the encryption happens automatically in the background, so you do not need to take any additional steps to secure your emails.
Unlike other email providers that only use TLS(new window) to encrypt your emails while they’re in transit (for example, Gmail and Outlook), Proton Mail uses E2EE by default to protect your messages. E2EE scrambles your email into indecipherable ciphertext(new window), ensuring only your recipient can make it readable again with the right private key. Your email is encrypted on your device and decrypted only after arriving in your recipient’s inbox, meaning no one in between can read its content.
We also use zero-access encryption to protect emails you receive from other email providers. Proton Mail instantly encrypts these emails when they’re received, meaning they’re stored in an encrypted state on our servers. With zero-access encryption, even if a hacker breaches Proton Mail’s servers, they won’t be able to decrypt your messages.
Secure an email using password-protection
If you send an email from an end-to-end encrypted email account, but your recipient uses a service that does not support PGP(new window), your emails won’t be end-to-end encrypted by default. Instead, you can send your recipient a password-protected email(new window).
When you send a Password-protected Email with Proton Mail, your recipient will receive an email that contains a link to your end-to-end encrypted message. They must enter a previously agreed-upon password to open the email, which prevents anyone from reading your message unless they have the password.
Password-protected emails with other email services
You can also send password-protected emails with Gmail and Outlook. Sending a password-protected email with Gmail is called “confidential mode”, and while it protects sensitive emails from unauthorized or accidental sharing, this is not the same as sending an encrypted S/MIME email with Gmail.
Encrypt an email using Gmail
If you want to use encryption with Gmail, you can enable S/MIME encryption, but only if you pay for Gmail. S/MIME is only available with certain paid Google Enterprise or Education accounts. Switching from a Gmail account to an end-to-end encrypted email provider is a much easier — and often free — method of sending encrypted emails. For example, Proton Mail offers the same end-to-end encryption with both our free and paid accounts.
Compared to PGP, Gmail’s S/MIME encryption has several drawbacks:
- S/MIME only works if you and your recipient enable it correctly. Otherwise, your email will fall back to weaker TLS encryption, potentially putting your email exchange at risk.
- S/MIME relies on a centralized system of certificate authorities (CA) to verify your digital identity, which means you’ll need to contract your own CA to obtain a certificate. This can be complex and costly to properly set up.
Send an encrypted email with Outlook
If you want to send an encrypted email in Outlook, you can enable enhanced encryption, but only if you upgrade to a premium account. Upgrading your account allows you to encrypt emails using Microsoft 365 Message Encryption, also known as Microsoft Office 365 Message Encryption (OME). This is not a simple solution to set up, and you’ll need an administrator to manage your premium account.
Outlook’s encrypted email function sends the passcode to decrypt your message to the same address as the encrypted message itself, so the message can be accessed if anyone breaches the recipient account.
Set up PGP by yourself
If you have some technical expertise, you can also set up PGP on your own. PGP is an acronym for Pretty Good Privacy(new window), one of the world’s most widely used E2EE systems . PGP allows you to digitally sign and encrypt messages, ensuring they cannot be tampered with.
Using a PGP client
You can set up PGP on your own using a PGP email application like OpenPGP(new window). When you use a PGP client, you first need to generate a key pair: your public key and your private key. You can share your public key with your contacts, but you should always keep your private key secret.
To send you a fully encrypted email, your contact will need to use your public key to encrypt their messages to you. To decrypt their incoming messages, you need to use your private key.
However, sending fully encrypted emails with your own PGP client is more challenging than it sounds. Both you and your recipient must use compatible versions of PGP for the encryption to work. And if you don’t share or store your key pair properly, you might accidentally create vulnerabilities in your security defenses. To prevent this, you could use a trusted E2EE email provider to handle the complex operations of email encryption for you. Alternatively, third-party plugins may do the job as well.
Using a third-party PGP plugin
Third-party PGP plugins, such as Mailvelope(new window), help make encryption simple and straightforward. They are browser extensions that build PGP directly into your webmail, so you can easily send fully encrypted emails in an environment that’s already familiar to you. All encryption and decryption are handled locally on your computer, and your email provider can’t access your private key.
While a third-party PGP plugin simplifies E2EE, it’s far from being a perfect system:
- Most third-party PGP plugins don’t offer email client support, meaning if you send emails via Thunderbird or Apple Mail, you won’t be able to encrypt your emails.
- These plugins don’t work in browsers on mobile devices.
- Your attachments must be encrypted separately from your emails.
What is the best way to encrypt an email?
If you’re looking for a hassle-free way to encrypt your emails, you need to find a trustworthy encrypted email provider like Proton Mail. As the world’s largest encrypted email provider, one of our goals is to make sending fully encrypted emails as easy as possible. This is why we’ve made our email encryption automatic.
All emails sent between Proton Mail addresses are fully protected with E2EE and zero-access encryption, so no one other than you and your recipient can read your messages. And if you’re sending emails to non-Proton Mail addresses, you can use our Password-protected Emails feature. Your recipient can only read your email after they enter the correct password and can easily reply with guaranteed E2EE.
We also offer the following advanced security features:
- End-to-end encryption(new window): All messages sent between Proton Mail addresses are automatically end-to-end encrypted.
- Zero-access encryption(new window): Your emails are stored with zero-access encryption on Proton Mail’s servers, meaning nobody (not even Proton) can read or access them.
- Message expiration: Set a timer on your email so it’s automatically deleted from your recipient’s inbox after the time runs out.
- Enhanced tracking protection: Proton Mail automatically blocks all spy pixels in the marketing emails you receive, so you can safely read your emails and load images without being tracked.
- Sender verification: Proton Mail’s sender verification proves that an email has not been tampered with and comes from a trusted sender.
- Encrypted contacts: Securely store your contacts’ details in your inbox, such as their phone number, address, birthday, and personal notes.
- Spam detection: Our smart spam detection system automatically filters unwanted emails to your spam folder. You can also block senders you no longer want to receive emails from.
Besides our intuitive and easy-to-use web app, you can also download Proton Mail on your mobile device (iOS(new window) and Android(new window)) to send encrypted emails even when you’re on the go. If you’d like to support our mission of building a better internet, consider signing up for a free account or upgrade to a paid Proton Mail plan for the most comprehensive email security features.