How to Encrypt Email in Gmail

Secure your emails and have peace of mind

Email code encryption lock

Warchi/Getty Images

by Amanda Derrick
Amanda Derrick is a mechanical engineer, business strategist, and freelance writer who has written for USAF Civil Service, ATK, and Boeing.
Updated March 27, 2019

Gmail passed the 1 billion active user mark back in 2016, so it's likely you have a Gmail account. If you do, you might be concerned about the privacy and security of your emails. Wondering what Google is doing to keep your email safe, and if you can do more? Read on and we'll dissect Gmail security.

How to Send Encrypted Email in Gmail

If you're a user with a free Gmail account, your messages are protected by Google's standard method of encryption, Transport Layer Security (TLS). Here's the catch: TLS only works if the person you're emailing uses an email provider that also supports TLS. Most major providers use TLS, so this isn't a huge risk, but it's good to know. Assuming mutual TLS compatibility, all messages you send through Gmail will be encrypted via TLS.

TLS makes it very difficult for your message to be intercepted when en route to the recipient. However, it doesn't promise to keep messages private between you and the recipient once it reaches them. Google, for example, can see messages associated with your account, and scans them for potential spam and malicious email, as well as to support features like Smart Reply.

If the person you're emailing is using a mail server that doesn't use TLS, your message won't be encrypted at all; you probably won't know. So choose wisely what you send!

How to Encrypt Gmail for Business

Businesses in particular have a demand for encrypted email. Google for Business, commonly known as GSuite, comes with a plethora of features. One of those is S/MIME, an encryption method that encrypts emails with user-specific keys so they remain protected during delivery. They can only be decrypted and read by your intended readers.

For S/MIME to work, both you and your recipient need to have it enabled in your GSuite accounts. GSuite will automatically encrypt your emails with this method when your account and the destination allow for it.

How to Check If Your Sent Email Will Be Encrypted

  1. Start writing a new message.

  2. Add your recipient(s) to the "To" field.

  3. Look to the right of the recipient names and you'll see a lock icon indicating the level of encryption your recipient's email provider supports. If there are multiple users with various encryption levels, the icon will indicate Gmail is held to the lowest encryption status.

  4. Select the lock to change your S/MIME settings or learn more about your recipient's level of encryption.

How to Check Encryption for a Received Email

  1. Open a message.

  2. On an Android device, tap View Details > View Security Details.
    On an iPhone or iPad, tap View Details.

  3. You'll see a colored lock icon that shows what level of encryption was used to send the message. There are three different colors of encryption lock icons:

    • Green: Indicates enhanced S/MIME encryption, which is appropriate for most sensitive information and requires the recipient to have the correct key to decrypt the email.
    • Gray: The message is encrypted via TLS.
    • Red: There's no encryption at all, indicating the recipient's email provider doesn't support encryption.

  4. You're done!

How to Encrypt Email on Gmail Using Third-Party Options

If you're looking for more serious encryption that S/MIME or TLS, third-party apps and services like FlowCrypt and Virtru offer solutions to improve security of Gmail messages.