Email encryption is the process of disguising the content of your email messages to protect them from being read by unwanted parties. Sensitive information such as Social Security numbers, passwords, login credentials and bank account numbers are vulnerable when sent via email.

When encrypting emails, it’s important to encrypt all of them — not just the ones with sensitive information. If only some of your emails are encrypted, it is an open invitation for a hacker and could make your inbox even less secure. They will only have to hack into a few emails rather than sift through hundreds to find data they can use. We explain how to encrypt emails on multiple providers and summarize our tips in an infographic.

Types of Email Encryption

The two main types of email encryption protocol are S/MIME and PGP/MIME. Both models work by way of user key exchange — the sender and receiver each have a public and private key for encrypting and decrypting messages. We’ll look at each type more in-depth below.

S/MIME

S/MIME (Secure/Multipurpose Internet Mail Extension) is built into most iOS devices and relies on a centralized authority to pick the encryption algorithm, issuing certificates to encrypt and “sign,” or verify, email messages.

S/MIME is used most often because it is built into large web-based email companies such as Gmail and Outlook and can secure plain text messages and attachments. It is most common for industrial or commercial use.

PGP/MIME

PGP/MIME (Pretty Good Privacy/Multipurpose Internet Mail Extension) relies on a decentralized trust model and was developed to address security issues facing plain text messages.

Within this model, there is more flexibility and control over how well you want your emails to be encrypted, but it requires a third-party encryption tool. PGP/MIME is most common for personal or organizational use and is compatible with Android devices. It can also be used in VPNs, whereas S/MIME cannot.

How to Encrypt Emails in Gmail

Gmail already has S/MIME built into the app, but it only works if both the sender and receiver have it enabled.

  1. Enable hosted S/MIME. You can enable this setting by following Google’s instructions on enabling hosted S/MIME.
  2. Compose your message as you normally would. 
  3. Click on the lock icon to the right of the recipient.
  4. Click on “view details” to change the S/MIME settings or level of encryption.

When changing the encryption levels note these color codes:

Green — Information is protected by S/MIME encryption and can only be decrypted with a private key.

Gray — The email is protected with TLS (Transport Layer Security). This only works if both the sender and recipient have TLS capabilities.

Red — The email has no encryption security.

How to Encrypt Emails in Outlook

Outlook is also compatible with the S/MIME protocol, but it requires additional setup.

  1. Enable S/MIME encryption. This process will involve getting a certificate or digital ID from your organization’s administrator and installing S/MIME control. Follow Office’s steps for setting up to use S/MIME encryption.
  2. Encrypt all messages or digitally sign all messages by going to the gear menu and clicking S/MIME settings. Choose to either encrypt contents and attachments of all messages or add a digital signature to all messages sent.
  3. Encrypt or remove individual messages by selecting more options (three dots) at the top of a message and choosing message options. Select or deselect “Encrypt this message (S/MIME).” If the person you are sending a message to doesn’t have S/MIME enabled, you’ll want to deselect the box or else they won’t be able to read your message.

How to Encrypt Emails on iOS

iOS devices also have S/MIME support built in as a default.

  1. Go to settings, then click “Mail.”
  2. Select “Accounts.”
  3. Click on the email account you want to encrypt messages from.
  4. Select “Advanced” and change “Encrypt by Default” to yes.
  5. When you compose a message, a lock icon will appear next to the recipient. Click the lock icon so it’s closed to encrypt the email.

Note: If the lock is blue, the email can be encrypted. If the lock is red, the recipient needs to turn on their S/MIME setting.

Email Providers That Need Third-Party Encryption Tools

Email providers and devices that don’t have S/MIME compatibility built-in will need a third-party tool that allows them to use S/MIME or PGP/MIME protocol.

Encrypting Emails With Yahoo

Yahoo uses SSL (Secure Sockets Layer) as a layer of security to protect the account but requires third-party services to encrypt with S/MIME or PGP/MIME.

Encrypting Emails With Android

Android emails can be encrypted through S/MIME and PGP/MIME, but both require extra setup and a third-party app.

Encrypting Emails With AOL

Encrypting emails in AOL can be done manually, but requires a third-party tool to implement the PGP/MIME criteria. You first must download the PGP implementation and then obtain a program that allows you to use PGP encryption with your webmail provider.

Email Encryption Services

Email encryption can be done manually or by a secure email service. These email service apps each have unique offerings such as encrypting emails, attachments and contact lists. They do this in the background so you don’t have to worry about doing it manually.

Some notable providers are:

Proton Mail

Proton Mail is an end-to-end encryption and zero-access encryption email service with PGP compatibility. It has different pricing levels depending on the number of domains needed and messages sent per day.

CipherMail

CipherMail supports encryption through S/MIME, OpenPGP, TLS and PDF. It is popular for its compatibility with Android devices.

Mailvelope

Mailvelope is a browser extension that enables OpenPGP encryption for webmail. It’s compatible with Gmail, GMX, Outlook, Posteo, WEB.DE, Yahoo and more.

Virtru

Virtru provides end-to-end email encryption services for Gmail and Outlook.

StartMail

StartMail supports encryption through PGP and is compatible with email services such as Outlook and Apple Mail.

  • Price: paid plans
  • Apps: none

Sendinc 2.0

Sendinc offers military-grade encryption and is compatible with Outlook, Gmail, and Thunderbird.

PreVeil

PreVeil is an end-to-end encryption service compatible with Gmail, Outlook and Apple Mail. It works on browsers and mobile devices.

Skiff Mail

Skiff Mail offers end-to-end email encryption on iOS and Android devices.

Security Best Practices With or Without Email Encryption

With or without an email encryption service, it’s always a good idea to implement security best practices when using email. Keep these tips in mind: 

  • Create strong passwords: Using complex passwords with a mix of uppercase and lowercase letters, numbers and symbols makes it harder for hackers to guess your passwords and access your personal accounts. 
  • Enable 2FA on email accounts: Two-factor authentication (2FA) serves as an additional layer of security for your email accounts. For example, you might enter a code that’s sent to your phone after inputting your login information.
  • Don’t click on links or attachments from unreliable sources: Malware often lurks in email attachments or links. Before clicking on a link or opening an attachment, verify that you know the sender and check for signs of phishing. Never open an attachment from someone you don’t know.
  • Scan attachments, even from encrypted emails: Use antivirus software or an online service to scan your email attachments and look for malware before you open them. 
  • Avoid logging in to check emails on public Wi-Fi: Cybercriminals can monitor your online activities and steal your personal information on public Wi-Fi, so avoid logging in to accounts like email or your bank accounts if possible.

FAQ

What Is Email Encryption? 

Email encryption is essentially mixing up the contents of an email so it becomes a puzzle that only you have the key to solve. The public key infrastructure (PKI) is used to encrypt and decrypt emails. Each person is assigned a public and private key in the form of a digital code. 

The public key is stored on a key server along with the person’s name and email address and can be accessed by anyone. This public key is what is used to encrypt the email. If someone wanted to send you an email with sensitive information, they would use your public key to encrypt it. The private key is used to decrypt emails. It is stored somewhere safe and private on the person’s computer, and only that person has access to it. The private key can also be used to digitally “sign” a message so the recipient knows it came from you.

Why Is Email Encryption Important? 


Email encryption is important because it protects you from a data breach. If the hacker can’t read your message because it’s encrypted, they can’t do anything with the information. 

In the first quarter of 2023 alone, data breaches exposed more than 6 million data records. Data breaches can be costly because they take a while to identify. The average global cost of a data breach in 2023 is $4.45 million, a 15% increase since 2020. Email encryption is a preventive measure you can take to avoid being part of a cybersecurity statistic.

Is It Safe to Encrypt Email?

Yes, it is safe to encrypt email. Emails often contain sensitive information, and without encryption, they are vulnerable to attack at every stage of their journey from sender to recipient. End-to-end encryption ensures that only the users communicating with each other can access the encryption keys — not even the system provider.


Protect yourself and your business from new cybersecurity threats by taking preventative measures. Implementing an advanced cybersecurity solution will help you find the best prevention techniques and instruct you on efficient ways to apply them to keep you safe from hackers.  

Sources:

PC Mag I Comparitech I Digital Guardian I Difference Between I Paubox I Office I Virtru I Ponemon Institute I Forbes I Breach Level Index