How to Encrypt Email in Gmail

Secure your emails and have peace of mind

What to Know

  • Gmail uses the TLS encryption protocol, but encryption is only end-to-end if the recipient email provider also uses TLS.
  • In Google for Business, look for the lock icon in the To field next to the recipient address. This indicates encryption level.
  • Third-party apps and services like FlowCrypt and Virtru offer ways to improve the security of Gmail messages.

If you use Gmail and are concerned about the privacy and security of your emails, encryption can add an extra layer of security. Learn all about encryption in the standard version of Gmail and Gmail for Business, as well as how to encrypt messages using some third-party options.

How to Send Encrypted Email in Gmail

If you use a free Gmail account, your messages have Google's standard encryption protocol called Transport Layer Security (TLS). TLS only works if the person you're emailing uses an email provider that also supports TLS, but most major providers use TLS. Assuming mutual TLS compatibility, all messages you send through Gmail are encrypted via TLS.

TLS makes it difficult for anyone to intercept your message when it's en route to the recipient. However, it doesn't promise to keep messages private between you and the recipient once it reaches them. For example, Google sees messages associated with your account and scans them for potential spam and malicious email, as well as supporting features like Smart Reply.

If the person you're emailing uses a mail server that doesn't use TLS, your message won't be encrypted. You probably won't know, so choose what you send carefully.

Email code encryption lock

Warchi / Getty Images

How to Encrypt Messages in Gmail for Business

Google for Business, commonly known as GSuite, comes with a variety of encryption options. One of those is S/MIME, an encryption protocol that encrypts emails with user-specific keys, so they remain protected during delivery. They can only be decrypted and read by your intended readers.

For S/MIME to work, both you and your recipient must enable it in your GSuite accounts. GSuite automatically encrypts your emails with this method when your account and the destination allow for it.

How to Check If Your Sent Email Will Be Encrypted

  1. Start writing a new message.

  2. Add your recipients to the To field.

  3. Look to the right of the recipient names to see a lock icon indicating the encryption level your recipient's email provider supports. When multiple users have various encryption levels, the icon indicates Gmail is held to the lowest encryption status.

  4. Select the lock to change your S/MIME settings or learn more about your recipient's level of encryption.

How to Check Encryption for a Received Email

  1. Open a message.

  2. On an Android device, tap View Details > View Security Details. On an iPhone or iPad, tap View Details.

  3. A colored lock icon shows the level of encryption used to send the message.

There are three colors of encryption lock icons:

  • Green: Indicates enhanced S/MIME encryption, which is appropriate for most sensitive information and requires the recipient to have the correct key to decrypt the email.
  • Gray: The message is encrypted via TLS.
  • Red: There's no encryption, indicating the recipient's email provider doesn't support encryption.

How to Encrypt Email on Gmail Using Third-Party Options

If you're looking for more serious encryption than S/MIME or TLS, third-party apps and services like FlowCrypt and Virtru offer solutions to improve the security of Gmail messages.

Was this page helpful?