ProtonBlog(new window)

How to encrypt an email

Condividi questa pagina

Your emails contain a great deal of sensitive information about your identity. If you’re concerned about your online privacy, you should encrypt your inbox and messages to prevent unauthorized third parties from accessing them. As with all online content, the best way to protect your emails is to encrypt them with the gold standard of email encryption: end-to-end encryption (E2EE)(new window).

There are many ways to encrypt your emails using end-to-end encryption, with varying levels of difficulty and security. The best method for you to use to encrypt an email depends on the email service you and your recipient are using and the level of technical know-how you can employ.

Use an encrypted email provider
Use password-protection
Encrypt an email using Gmail
Secure an email using Outlook
Set up PGP by yourself
The best way to encrypt an email

Get Proton Mail button

Encrypt an email using an encrypted email provider

The easiest way to send an encrypted email(new window), especially for beginners, is to use an email provider that automatically protects your communications with end-to-end encryption. With end-to-end encrypted email providers like Proton Mail, all the encryption happens automatically in the background, so you do not need to take any additional steps to secure your emails.

Unlike other email providers that only use TLS(new window) to encrypt your emails while they’re in transit (for example, Gmail and Outlook), Proton Mail uses E2EE by default to protect your messages. E2EE scrambles your email into indecipherable ciphertext(new window), ensuring only your recipient can make it readable again with the right private key. Your email is encrypted on your device and decrypted only after arriving in your recipient’s inbox, meaning no one in between can read its content. 

We also use zero-access encryption to protect emails you receive from other email providers. Proton Mail instantly encrypts these emails when they’re received, meaning they’re stored in an encrypted state on our servers. With zero-access encryption, even if a hacker breaches Proton Mail’s servers, they won’t be able to decrypt your messages.

How to send an encrypted email with Proton Mail

Secure an email using password-protection

If you send an email from an end-to-end encrypted email account, but your recipient uses a service that does not support PGP(new window), your emails won’t be end-to-end encrypted by default. Instead, you can send your recipient a password-protected email(new window).

When you send a Password-protected Email with Proton Mail, your recipient will receive an email that contains a link to your end-to-end encrypted message. They must enter a previously agreed-upon password to open the email, which prevents anyone from reading your message unless they have the password.

Password-protected emails with other email services

You can also send password-protected emails with Gmail and Outlook. Sending a password-protected email with Gmail is called “confidential mode”, and while it protects sensitive emails from unauthorized or accidental sharing, this is not the same as sending an encrypted S/MIME email with Gmail. 

How to send password-protected emails (with Gmail, Outlook, and Proton Mail)(new window)

Encrypt an email using Gmail

If you want to use encryption with Gmail, you can enable S/MIME encryption, but only if you pay for Gmail. S/MIME is only available with certain paid Google Enterprise or Education accounts. Switching from a Gmail account to an end-to-end encrypted email provider is a much easier — and often free — method of sending encrypted emails. For example, Proton Mail offers the same end-to-end encryption with both our free and paid accounts.

Compared to PGP, Gmail’s S/MIME encryption has several drawbacks:

  • S/MIME only works if you and your recipient enable it correctly. Otherwise, your email will fall back to weaker TLS encryption, potentially putting your email exchange at risk. 
  • S/MIME relies on a centralized system of certificate authorities (CA) to verify your digital identity, which means you’ll need to contract your own CA to obtain a certificate. This can be complex and costly to properly set up.

How to send an encrypted email with Gmail(new window)

Send an encrypted email with Outlook

If you want to send an encrypted email in Outlook, you can enable enhanced encryption, but only if you upgrade to a premium account. Upgrading your account allows you to encrypt emails using Microsoft 365 Message Encryption, also known as Microsoft Office 365 Message Encryption (OME). This is not a simple solution to set up, and you’ll need an administrator to manage your premium account.

Outlook’s encrypted email function sends the passcode to decrypt your message to the same address as the encrypted message itself, so the message can be accessed if anyone breaches the recipient account.

How to send a secure email with Outlook(new window)

Set up PGP by yourself

If you have some technical expertise, you can also set up PGP on your own. PGP is an acronym for Pretty Good Privacy(new window), one of the world’s most widely used E2EE systems . PGP allows you to digitally sign and encrypt messages, ensuring they cannot be tampered with.

Using a PGP client

You can set up PGP on your own using a PGP email application like OpenPGP(new window). When you use a PGP client, you first need to generate a key pair: your public key and your private key. You can share your public key with your contacts, but you should always keep your private key secret.

To send you a fully encrypted email, your contact will need to use your public key to encrypt their messages to you. To decrypt their incoming messages, you need to use your private key. 

However, sending fully encrypted emails with your own PGP client is more challenging than it sounds. Both you and your recipient must use compatible versions of PGP for the encryption to work. And if you don’t share or store your key pair properly, you might accidentally create vulnerabilities in your security defenses. To prevent this, you could use a trusted E2EE email provider to handle the complex operations of email encryption for you. Alternatively, third-party plugins may do the job as well.

Using a third-party PGP plugin 

Third-party PGP plugins, such as Mailvelope(new window), help make encryption simple and straightforward. They are browser extensions that build PGP directly into your webmail, so you can easily send fully encrypted emails in an environment that’s already familiar to you. All encryption and decryption are handled locally on your computer, and your email provider can’t access your private key. 

While a third-party PGP plugin simplifies E2EE, it’s far from being a perfect system:

  • Most third-party PGP plugins don’t offer email client support, meaning if you send emails via Thunderbird or Apple Mail, you won’t be able to encrypt your emails. 
  • These plugins don’t work in browsers on mobile devices.
  • Your attachments must be encrypted separately from your emails.

What is the best way to encrypt an email?

If you’re looking for a hassle-free way to encrypt your emails, you need to find a trustworthy encrypted email provider like Proton Mail. As the world’s largest encrypted email provider, one of our goals is to make sending fully encrypted emails as easy as possible. This is why we’ve made our email encryption automatic. 

All emails sent between Proton Mail addresses are fully protected with E2EE and zero-access encryption, so no one other than you and your recipient can read your messages. And if you’re sending emails to non-Proton Mail addresses, you can use our Password-protected Emails feature. Your recipient can only read your email after they enter the correct password and can easily reply with guaranteed E2EE.

We also offer the following advanced security features:

  • End-to-end encryption(new window): All messages sent between Proton Mail addresses are automatically end-to-end encrypted.
  • Zero-access encryption(new window): Your emails are stored with zero-access encryption on Proton Mail’s servers, meaning nobody (not even Proton) can read or access them.
  • Message expiration: Set a timer on your email so it’s automatically deleted from your recipient’s inbox after the time runs out.
  • Enhanced tracking protection: Proton Mail automatically blocks all spy pixels in the marketing emails you receive, so you can safely read your emails and load images without being tracked.
  • Sender verification: Proton Mail’s sender verification proves that an email has not been tampered with and comes from a trusted sender.
  • Encrypted contacts: Securely store your contacts’ details in your inbox, such as their phone number, address, birthday, and personal notes.
  • Spam detection: Our smart spam detection system automatically filters unwanted emails to your spam folder. You can also block senders you no longer want to receive emails from.  

Besides our intuitive and easy-to-use web app, you can also download Proton Mail on your mobile device (iOS(new window) and Android(new window)) to send encrypted emails even when you’re on the go. If you’d like to support our mission of building a better internet, consider signing up for a free account or upgrade to a paid Proton Mail plan for the most comprehensive email security features.

Proteggi le tue email e difendi la tua privacy
Passa gratis a Proton Mail

Condividi questa pagina

Lydia Pang(new window)

Lydia is a lifelong book-lover and her professional experience spans several industries, including higher education and editorial writing. She's excited to write for Proton and champion privacy as a fundamental right for everyone.

Articoli correlati

Can you password-protect a folder in Google Drive?
en
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
en
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
en
  • Le basi della privacy
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
en
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
en
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
en
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
en
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail