How to send an encrypted email in Gmail

Harry Bone

Share this page

Gmail uses standard encryption by default, so your messages aren’t private. We explain how to use enhanced encryption in Gmail and the best alternative if you’re looking for genuine privacy.

If you have a free email account from a big provider like Gmail, Outlook, or Yahoo Mail, it’s no secret that your messages aren’t private. The only way to truly secure your emails is by using end-to-end encryption (E2EE). That way, only you and the recipient of your messages can read them.

Gmail doesn’t offer E2EE for any of its services. But you can enable stronger encryption to send more secure Gmail messages if you have an eligible paid Google account.

What is email encryption?
Is Gmail encrypted?
How to use Gmail confidential mode
How to send a secure email in Gmail (S/MIME)
Best way to send an encrypted email

What is email encryption?

Email encryption is a process that encodes a message so that only the intended recipient of the message can read it. The email is encrypted (encoded) into an illegible string of characters. The only way to read it is to decrypt (decode) it into its original, readable format using a unique encryption key.

Learn more about how email encryption works

Is Gmail encrypted?

Gmail uses TLS to encrypt emails by default. That means your messages are secure while in transit, as long as the recipient’s email service supports TLS. But once they arrive, the privacy of your emails depends on what encryption the receiving server uses.

Gmail also holds the encryption keys to your messages. So it can access them and hand over their contents to third parties, like advertisers or governments. Google says it no longer scans emails for advertising purposes(new window) but does scan messages to enable smart features(new window) by default, though you can switch this off.

Gmail offers two other security features for individual messages:

  • Confidential mode — limits options for accessing or sharing a message but doesn’t add stronger encryption
  • S/MIME encryption — stronger encryption that you can enable only with certain paid Google accounts

How to use Gmail confidential mode

Gmail says confidential mode is a way to protect sensitive emails from unauthorized or accidental sharing. With confidential mode, you can: 

  • Set an expiration date for a message and revoke access to it later
  • Remove options to forward, copy, print, or download messages or attachments
  • Require that a verification code (password) be sent by SMS so the recipient has to enter the code to open it

To use confidential mode, click on the icon below in Gmail’s composer window:

Confidential mode icon to create a password-protected email in Gmail

Despite its name, confidential mode does little to enhance the security and privacy of your messages:

  • When you set an expiration date and messages “expire”, they’re still stored in your Sent folder, so they remain accessible to Google.
  • While there are no options to forward, copy, print, or download a message, anyone can easily screenshot it.
  • If you want to send a verification code by SMS, you have to give Google the recipient’s phone number.
  • Messages aren’t end-to-end encrypted, so Google can still access them.

Learn more about why Gmail confidential mode is not secure or private

How to send a secure email in Gmail (S/MIME)

If you want to use enhanced encryption with Gmail, you can enable S/MIME encryption, but only if you pay for Gmail. S/MIME is only available with certain paid Google Enterprise or Education accounts.

S/MIME (short for Secure/Multipurpose Internet Mail Extensions)(new window) allows you to encrypt emails with user-specific keys so that only the intended recipients can decrypt them.

To set up S/MIME, log in to your Gmail administrator account, enable hosted S/MIME(new window), and then reload Gmail. You’ll then need to upload a personal authentication certificate from a trusted certificate authority.

While Gmail’s implementation of S/MIME offers stronger encryption, it has several drawbacks:

  • Messages aren’t end-to-end encrypted, so Google can still scan your emails.
  • S/MIME isn’t available by default. You need to get an eligible paid account and have an administrator enable it.
  • It only works if the recipient of the email also has S/MIME enabled. There’s no way to send a private email to anyone using a regular Gmail account or any other provider without S/MIME support.
  • Unlike PGP(new window), S/MIME has a centralized system of certificate authorities that could be compromised, though this may only matter to you if you’re at high risk of surveillance.

Best way to send an encrypted email

If you want to be sure that no one but you and the intended recipient of your email can read it, you need to use end-to-end encryption (E2EE). 

You can enable E2EE in Gmail using a third-party plugin, like Mailvelope(new window), although that requires some technical knowledge and you can’t use it on your mobile device.

The easiest way to send a truly secure email is to use Proton Mail, which offers the following and more out of the box:

  • End-to-end encryption: Any message you send to someone on Proton Mail is end-to-end encrypted by default. No one except you and your intended recipient(s) can read them.
  • Password-protected Emails: Easily send an end-to-end encrypted email to anyone who isn’t on Proton Mail without any technical knowledge.
  • Zero-access encryption: No one can access any of your stored emails without your authorization, not even Proton.
  • Open-source transparency: All Proton apps are open source and independently audited, so anyone can verify that they’re secure.
  • Proton Easy Switch: Transfer and encrypt all your emails and contacts from Gmail to Proton Mail in a few clicks — a simple and secure way to test how encrypted email can work for you.

At Proton, our vision is to make secure email available to everyone, so join us and send an encrypted email for free. If you’d like to support our vision, sign up for a paid plan.

Together, we can build a better internet where privacy is the default.

Protect your privacy with Proton
Get a free account

Share this page

Harry Bone

A long-standing privacy advocate, Harry worked as a translator and writer in a range of industries, including a stint in Moscow monitoring the Russian media for the BBC. He joined Proton to promote privacy, security, and freedom for everyone online.

Related articles

The first month of 2023 has brought brutal layoffs from Big Tech, a potential ban of TikTok in the US, and another Twitter breach. But the biggest development of this new year has to be the ascent of ChatGPT.  The chatbot can produce remarkably huma
Hackers were able to steal account details from over 200 million Twitter users and posted the database on a hacking forum in early January 2023. These details include users’ email addresses and Twitter handles, allowing people to potentially identify
From your online shopping receipts to financial statements, your emails contain a great deal of sensitive information about your life, interests, and daily schedule. If you’re concerned about your online privacy, it’s therefore vital to keep your inb
At Proton, we’re committed to building privacy-focused products that are convenient to use and improve your productivity. Last year, we released the new mobile apps for Proton Calendar and Proton Drive, letting you manage your schedule and upload imp
Most email services aren’t secure and limit attachment file sizes, but there are ways to send large files securely. If you’ve ever tried attaching multiple images or video files to an email, you’ll know that it doesn’t always work. We explain ways t
Email wasn’t initially designed to be secure. From spam and phishing attempts to malware, unethical marketers and cybercriminals try to undermine the security and privacy of your inbox every day. Since your inbox stores plenty of sensitive informatio