How to Encrypt Email in Gmail

Gmail passed the 1 billion active user mark in 2016, so you likely have a Gmail account. If you do, you might be concerned about the privacy and security of your emails. Wondering what Google is doing to keep your email safe, and if you can do more? Here's what you should know about Gmail security.

How to Send Encrypted Email in Gmail

If you use a free Gmail account, your messages have Google's standard encryption method, Transport Layer Security (TLS). Here's the catch: TLS only works if the person you're emailing uses an email provider that also supports TLS. Most major providers use TLS, so this isn't a huge risk, but it's good to know. Assuming mutual TLS compatibility, all messages you send through Gmail are encrypted via TLS.

TLS makes it difficult for anyone to intercept your message when it's en route to the recipient. However, it doesn't promise to keep messages private between you and the recipient once it reaches them. For example, Google sees messages associated with your account and scans them for potential spam and malicious email, as well as supporting features like Smart Reply.

If the person you're emailing uses a mail server that doesn't use TLS, your message won't be encrypted. You probably won't know, so choose what you send carefully.

How to Encrypt Messages in Gmail for Business

Businesses, in particular, have a demand for encrypted email. Google for Business, commonly known as GSuite, comes with a plethora of features. One of those is S/MIME, an encryption method that encrypts emails with user-specific keys, so they remain protected during delivery. They can only be decrypted and read by your intended readers.

For S/MIME to work, both you and your recipient must enable it in your GSuite accounts. GSuite automatically encrypts your emails with this method when your account and the destination allow for it.

How to Check If Your Sent Email Will Be Encrypted

1. Start writing a new message.

2. Add your recipients to the To field.

3. Look to the right of the recipient names to see a lock icon indicating the encryption level your recipient's email provider supports. When multiple users have various encryption levels, the icon indicates Gmail is held to the lowest encryption status.

4. Select the lock to change your S/MIME settings or learn more about your recipient's level of encryption.

How to Check Encryption for a Received Email

1. Open a message.

2. On an Android device, tap View Details > View Security Details. On an iPhone or iPad, tap View Details.

3. A colored lock icon shows the level of encryption used to send the message.

There are three colors of encryption lock icons:

• Green: Indicates enhanced S/MIME encryption, which is appropriate for most sensitive information and requires the recipient to have the correct key to decrypt the email.
• Gray: The message is encrypted via TLS.
• Red: There's no encryption, indicating the recipient's email provider doesn't support encryption.

How to Encrypt Email on Gmail Using Third-Party Options

If you're looking for more serious encryption than S/MIME or TLS, third-party apps and services like FlowCrypt and Virtru offer solutions to improve the security of Gmail messages.