How to Encrypt Email (Complete Guide)
Email is a natural part of our lives nowadays. You use it for pretty much anything – work, keeping in touch, making reservations, buying tickets, etc.
But email isn’t as secure as you’d like to believe. Which is why you need to learn how to encrypt email messages ASAP.
Table of contents
- Why Should You Encrypt Emails in the First Place?
- The Types of Email Encryption
- How to Encrypt an Email in Gmail
- How to Encrypt Outlook Email
- How to Encrypt Email on iOS
- How to Encrypt Email on Android
- How to Encrypt Email the Easy Way
- How Can You Encrypt Email Attachments?
- Can You Encrypt Email Address Info?
- Does a VPN Encrypt Emails?
Why Should You Encrypt Emails in the First Place?
The answer is pretty obvious – to keep the contents of your message safe. Of course, we’re not saying you need to encrypt all your emails – like when you send a .gif or meme to your mom, or when you make a restaurant reservation.
But it is a pretty good idea to encrypt emails that contain sensitive info – like login and bank account info, personal photos and videos, or intimate details about your life (like where you keep the spare keys for your house).
Why would you do that?
Well, because email isn’t as safe as you’d like it to be. Chances are you’re using a well-known email service like Gmail, Outlook, Yahoo!, or AOL. The problem with those services is that they suffered breaches before – AOL back in 2014, and Yahoo! back in 2016. In 2019, Microsoft also disclosed a data breach that gave hackers access to user email accounts.
In fact, according to research, popular email services tend to suffer the most breaches. Even Gmail that boasts decent security has problems, with around 74.09% of emails suffering breaches.
And that’s not all. Those popular email providers can actually scan your emails to find data they can sell to advertisers. Yahoo! and AOL allegedly do it. Google said they stopped doing it, but we have to take their word for it. And that’s not easy to do when they still let third-party apps scan and access your Gmail data.
All in all, if you want to keep your privacy intact, you need to learn how to encrypt email messages.
First Things First – The Types of Email Encryption
We should discuss this right now since we’ll be mentioning terms like PGP in this article, and it makes things simpler if you know what we’re talking about.
So, to make a long story short, there are two types of email encryption that can secure the actual email messages:
S/MIME is an encryption method which is built into most iOS and macOS devices. However, you can use it on other platforms through email clients that support it like Gmail, Outlook, CipherMail (for Android), and Thunderbird.
The way it works is pretty simple. When you send an email with S/MIME encryption, the receiver will get a small attachment called “smime.p7s” or something along those lines. That attachment will verify the receiver’s identity to make sure only they can read the message.
S/MIME is pretty convenient to use since it’s all centralized, and it already comes fully integrated in some email clients.
Unlike S/MIME, PGP/MIME is decentralized, and offers you a wider degree of control over the encryption process. For example, you can choose how strong the encryption should be, you can make your own encryption key, and you can decide what level of encryption the emails you’ll receive should have.
While PGP/MIME is pretty simple to use with web-based email clients, you will usually need third-party software to set it up. Yahoo! and AOL support PGP/MIME, and so do Android devices.
While we’re on the topic, we need to mention a few things to avoid any confusion:
- Symantec fully owns PGP. You can’t exactly use it on your own for free with software like Gmail. That’s where OpenPGP comes into play. It’s based on PGP, but is open-source and free to use.
- GPG is a different take on PGP that is open-source.
A Few Words on EFAIL
While S/MIME and PGP/MIME offer decent levels of security, they are not 100% fool-proof. Back in 2018, security researchers found that both encryption methods were vulnerable to EFAIL, a security hole that would give hackers the power to decrypt secured emails.
Now, the issue did receive a patch. Also, the cybercriminal would have needed to access the email in its encrypted form first, and they also would have had to be able to send a message to at least one recipient of said email.
So, not every run-of-the-mill script kiddie would have managed to exploit EFAIL.
Still, this should show you that even strong encryption methods can sometimes fail. Which is why you should always make sure you’re using the latest encryption software and email client versions.
And if you feel like you can’t trust S/MIME or PGP/MIME after EFAIL, the only thing you can really do to enjoy secure messaging is replace email with reliable encrypted messaging apps like Signal.
How to Encrypt an Email in Gmail
Does Gmail encrypt email messages?
It offers TLS encryption, but it’s not as good as S/MIME or PGP/MIME since your messages can be read by anyone, not just the recipient.
With Gmail, you can use both types of encryption. But PGP is better because it’s more accessible.
How to Encrypt Email With S/MIME
Since S/MIME is built into Gmail, you just have to enable it. Here is the support article from Google that shows you how to do it.
After you enabled S/MIME, just remember to click on the lock icon that will appear to the right of the recipient when you write an email. To encrypt your message, you need to change the encryption level to the green color code.
Pretty simple, right?
Well, there are some problems:
- Both you and the receiver need to enable S/MIME.
- S/MIME in Gmail is only available for G Suite for Enterprise, G Suite for Education, and G Suite Enterprise for Education. G Suite for Education is free to use, but you need to qualify for it first.
How to Encrypt Email With PGP
Gmail doesn’t have built-in support for PGP, but you can use many tools to force the client to use the encryption. Here’s what the process would look like:
- Download and install software or an extension that lets you use PGP (in this case, Mailvelope).
- Once that’s done, you’ll need to generate an encryption key. If you already have one, you can import it.
- Mailvelope will ask you for your full name, Gmail address, and a password. Make sure the password is strong enough.
- After you get your key pair, you’ll have to add contacts. To do that, you’ll need the recipients’ public encryption keys. If the recipients can’t provide you with them, you’ll have to look them up on Mailvelope’s key server. Once you have the key, just import it.
- From then on, whenever you write an email in Gmail, you’ll see a small Mailvelope icon in the top right of the body text. Just click on it, and you can start writing your encrypted message.
- Lastly, just add the recipient, click on Encrypt, and send the email.
That’s the summary of what you need to do. If you want a much more in-depth guide, follow this link.
How to Encrypt Outlook Email
Since Outlook supports S/MIME, it’s the main way to encrypt emails with it. Before you do anything, though, you’ll need to get a digital certificate (also called a digital ID or digital signature). You’ll either have to get one from your company, or do the following:
- Head to File > Options > Trust Center > Trust Center Settings > Email Security > Get a Digital ID.
- Pick who you want to get the digital ID from.
Once you do that, you’ll get an email with your digital ID.
Next, you’ll have to make sure Outlook enables the digital ID on your emails. Here’s what you have to do:
- Go to Tools > Options > Security.
- In the Security Settings Name field, type any name you want.
- On the Secure Message Format box, check S/MIME. Also, check the Default Security Setting option.
- Now, head to Certificates and Algorithms > Signing Certificate, and click Choose. Look for the Selected Certificate box, and pick your Secure Email Certificate (it might already be selected by default).
- Check the Send These Certificates with Signed Messages option, and click OK.
When you finish that, you also have to make sure your digital ID is visible by default. So, you’ll need to attach it. Here’s how:
- Click on New Message, and go to Tools > Customize > Commands.
- Pick Standard in the Categories list, and Digitally Sign Message in the Commands list.
- Click and drag the listing to your toolbar. It’ll make it easier to add your digital signature in the future. Do the same for Encrypt Message Contents and Attachments.
Even after all this, you’re still not done. To send someone an encrypted message with Outlook, you’ll need one email from them with their digital signature first. You’ll also have to send such an email to someone if you want them to send you encrypted emails. To do that, click Sign before you send the email.
Once you have what you need, you can start exchanging encrypted messages with your recipients. All you’ll have to do is click Encrypt before sending the email.
If you have any other questions about the process, check out the support article.
Can You Use PGP With Outlook?
Apparently you can. You’ll have to use Gpg4win – a package that includes GPG, an Outlook extension called GpgOL, and a certificate manager called Kleopatra. The entire package is free, but you can donate if you want.
Next, just install the Gpg4win package. When it finishes, Kleopatra will automatically run. Use it to generate a key pair, or import existing keys. Once you get the public key, give it to people you want to communicate with. You’ll also have to import public keys to Kleopatra to add contacts.
GpgOL is automatically added to Outlook when you install Gpg4win, so that’s nice. It will show up as a new tab appropriately called GpgOL. That’s where you’ll send encrypted messages and decrypt emails.
This is more of a tl;dr version, though, so check out this guide for a full step-by-step tutorial.
Besides that, we also found an add-in for Outlook called Encryptomatic. It doesn’t seem to be as popular as Gpg4win, but you can check it out if you want. Here’s their guide showing how to use the add-in. Though, it’s a bit weird they say it’s free when their pricing page doesn’t show any free trial.
How to Encrypt Email on iOS
You’ll do that in the Mail app using S/MIME since it’s built into iOS devices.
- Open the Mail app.
- Head to > Advanced Settings.
- Turn on S/MIME.
- Switch Encrypt by Default to Yes.
After you do that, you’ll see lock icons next to recipients’ names. Click on them to encrypt the messages you send.
Keep in mind you’ll need the digital ID from recipients before you email them. iOS devices will check GAL (Global Address List), a keyserver of S/MIME digital IDs, for them. If it can’t find the certificate you need, you’ll have to ask the recipient to send you an email with it. When you get it, do the following:
- Click on their address, and tap View Certificate when the red question mark pops up.
- Tap Install. The process will be done when the button changes color to red and says Remove.
How to Encrypt Email on Android
Unlike iOS, you can use both S/MIME and PGP/MIME on Android.
For S/MIME, you can use the CipherMail app. It mostly works with the Gmail app, but also works with S/MIME clients like Outlook.
Since it’s S/MIME, you’ll of course need to get recipients’ certificates first.
For PGP/MIME, OpenKeychain seems to be the only option. It’s an app that stores certificates and generates or imports key pairs. It also helps you find other people’s public keys. OpenKeychain doesn’t work with clients like Gmail.
How to Encrypt Email the Easy Way
You could follow the guides we discussed and linked above, or you could do a more time-efficient thing – use an email service with end-to-end encryption (basically, how PGP works).
“Wait, big email providers don’t offer it?”
Apparently not. Both Yahoo! and Google said they will implement end-to-end encryption some time ago, but they have yet to do it.
Luckily, there are other email services that actually use end-to-end encryption by default. So you don’t need to install any additional software or do any complicated setups. Just use their service, and you’re good to go.
Here are three good recommendations:
- ProtonMail – An open-source email solution with end-to-end encryption and built-in PGP that is very user-friendly. ProtonMail also has zero access architecture to make sure the devs can’t see your messages, and doesn’t even log your IP address.
- Tutanota – An email service that’s open-source, doesn’t log IP addresses, and uses end-to-end encryption. What’s more, you also get an encrypted calendar, and Tutanota’s servers won’t even know what your password is.
And yes, both services have cross-platform compatible apps that also run on iOS and Android. And they also have free versions.
Mailfence is also a decent option with end-to-end encryption, digital signatures, and a keystore. But it doesn’t have any mobile apps, so ProtonMail and Tutanota are more flexible.
How Can You Encrypt Email Attachments?
If you want to be extra safe, you might consider encrypting the files you will attach in your emails.
No, services like Gmail and Yahoo! Mail won’t encrypt the files you attach to emails. They don’t use end-to-end encryption, first of all, and if they were to do that, they couldn’t really scan your emails for data they can sell to advertisers.
Really, the easiest thing you can do is just use a secure email provider with end-to-end encryption. Tutanota says their service automatically encrypts attachments, as well as the subject. And ProtonMail does the same thing.
If you don’t want to do that, though, there are other things you can try:
- If you are a Windows user, you have built-in methods to encrypt files and folders. Here’s a useful guide for that.
- You can actually use WinZip to encrypt files. You can also do that with 7-Zip. WinRAR only “encrypts” archives with a password, so it’s not as reliable.
- Virtru is a service that lets you encrypt attachments (and emails) with a click of a button. But the service is aimed at companies, institutions, and organizations, so it might not be available to regular online users. And if it is, it won’t be cheap.
- You can use AxCrypt, software that encrypts files by changing the extension. You can only decrypt them with AxCrypt and the right password.
Keep in mind you’ll still need to get the decryption key/password across to the recipient somehow. Otherwise, they won’t be able to open your attachments.
Can You Encrypt Email Address Info?
This is a tricky one.
To start off, we’ll tell you that even an email service with end-to-end encryption can’t encrypt your email address.
In fact, there’s not really any way to encrypt your email address. If you were to do that, you wouldn’t be able to receive any emails.The closest thing to that would be an email address encoder – like this service. You just type your email address, click Encode, and you get an encrypted-ish address.
But this will only protect you from email harvesters, scrapers, and hunters – basically, bots that collect email addresses for spam bots or spammers. And it’s only useful if you run a website or a blog since you need to copy-paste the encoded address over instances of your real email address in the web page code.
Besides that, you can also try burner email addresses. They’re essentially temporary fake addresses you can use. Not exactly encrypted, but close enough since they’re not tied to you in any way.
Guerrilla Mail is a great option for that. It doesn’t require any registration, and it even has a password manager to help you keep track of burner email addresses.
And if you prefer software over web apps, check out ZMail.
Does a VPN Encrypt Emails?
Because when you use an email service, your traffic is no longer in the encrypted VPN tunnel. It already reached the VPN server, and was forwarded to the email service you use. So, it’s out of the VPN encryption’s reach.
Does that mean you shouldn’t use a VPN when you send emails?
Not at all. It’s definitely a good idea to run one in the background. It still encrypts your traffic, so it stops your ISP, hackers, or your government from knowing what email services you’re using.
It also hides your IP address, so it prevents email services from associating it with your sessions. That, and it prevents advertisers from linking your IP address to the email services you use. That’s the kind of info they use to spam you with personalized ads, after all.
Need a reliable VPN?
Special Deal! Get CactusVPN for $3.5/mo!
And once you do become a CactusVPN customer, we’ll still have your back with a 30-day money-back guarantee.
How to Encrypt Email – The Bottom Line
Most email services are pretty secure, but they can still suffer leaks and data breaches. That’s why email encryption is necessary. It provides a nice layer of extra security.
Your options for how to encrypt email mainly include S/MIME and PGP/MIME. While they’re not exactly hard to set up or use, it can take a bit of effort. Also, they had a serious vulnerability called EFAIL (which was luckily patched, but still).
In the end, your best bet is to use an email service with end-to-end encryption. It’s simple, efficient, and really secure.