What Is Email Encryption?
Encryption is the process of turning plaintext information into meaningless secret code, known as ciphertext. To decode ciphertext and transform it back into its plaintext form, the correct decryption key must be provided.
In the context of email communication, encryption is used for two different purposes:
- In transit encryption: This type of email encryption protects messages as they travel between mail servers. Its main purpose is to prevent the so-called man-in-the-middle attacks, in which the attacker positions himself or herself between two parties communicating with each other.
- At rest encryption: Messages can be compromised not only when traveling from server to server but also when being stored on a hard drive, and that’s where at rest encryption comes in, making it impossible for a hacker to break into Google’s data center, steal bunch of hard drives, and read the messages stored on them.
Obviously, you want to encrypt your messages both in transit and at rest to keep them as secure as possible.
Is Gmail Encrypted?
Yes, Gmail encrypts all messages by default—both in transit and at rest to protect its users from hackers.
For in transit encryption, it uses something called TLS, or Transport Layer Security. TLS is a cryptographic protocol that’s used not only by mail services like Gmail but also various instant messaging and web applications.
Thanks to TLS, it’s impossible for an attacker to intercept a Gmail message and read it, such as by setting up a malicious Wi-Fi hotspot in a public area. The attack would see only meaningless secret code, and it would be impossible for them to decipher it.
As far as at rest encryption goes, Gmail uses the Advanced Encryption Standard (AES) algorithm to encrypt all data stored on its servers. The same algorithm is also approved by the U.S. National Security Agency (NSA) for top secret information, so you can rest assured knowing that your messages are protected well.
Thanks to TLS and AES being enabled by default, you don’t need to learn how to encrypt an email in Gmail to enjoy a solid level of protection, but that doesn’t mean you can’t go beyond it.
How to Enhance Gmail Message Security?
There are other ways how to send an encrypted email in Gmail, but they’re not enabled by default.
The users of Enterprise, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus editions of Gmail can enable S/MIME for message encryption.
This advanced encryption technology is based on asymmetric cryptography, using a key pair consisting of one private key and one public key to ensure that nobody besides the intended recipient can read your messages.
You can enable hosted S/MIME from the Google Admin console:
- Log in to the Google Admin console.
- Go to Apple > Google Workspace > Gmail > User settings.
- Select the domain or organization you want to configure using Organizations.
- Enable S/MIME encryption for sending and receiving emails.
- Click Save.
Besides S/MIME, there’s also Gmail’s confidential mode. This special mode protects your privacy by making it impossible for recipients to forward, copy, print, and download your messages from Gmail.
To send a confidential message:
- Log in to your Gmail account.
- Click Compose.
- Click Turn on confidential mode in the bottom right of the window.
- Set an expiration date and passcode.
- Click Save.
While useful, Gmail’s confidential mode isn’t a bulletproof solution (and it doesn’t claim to be). For example, your privacy can still be compromised by someone taking a screenshot of your message and sharing it that way.
Third-Party Gmail Encryption Apps
There are many third-party apps that help encrypt Gmail attachments and messages. Such apps are often available as convenient web browser plugins. Examples include:
All three apps are built on OpenPGP, the most widely used email encryption standard in the world, so you can trust them to work just as intended.
Boost Your Gmail Security With Clean Email
Clean Email is an inbox organizer that can boost your Gmail security and privacy in two different but equally important ways.
First, you can use Clean Email’s inbox organization features like Auto Clean and Unsubscriber to declutter your inbox:
- Auto Clean lets you automatically apply various actions to new messages as they arrive, so you don’t need to organize them manually.
- Unsubscriber is designed to stop reoccurring subscription messages from finding their way into your inbox, and you can use it to unsubscribe from multiple subscriptions in one go.
Second, you can take advantage of Clean Email’s Privacy Guard to regularly check your Gmail address against known data breaches and security incidents.
Here’s how it works:
- Go to: https://app.clean.email/
- Sign in to Clean Email with your Gmail account.
- Select the Privacy Guard feature from the left pane.
- Check if your email address has been found in any breaches.
Privacy Guard uses data collected by the Have I Been Pwned (HIBP) project, one of the most comprehensive collections of database dumps and pastes containing information about billions of leaked accounts.
If you discover that your Gmail address has been compromised, then you need to take action immediately. You should assume that your password has been leaked and change it to a new one. If you’re using the same password elsewhere, you also need to address the fact that other websites and services may be compromised as well.
Ideally, you want to create a new, unique password for each website and service that is in some way connected to the compromised Gmail account. A password manager like Bitwarden can make this much easier.
FAQ
Why are some messages not encrypted?
Not all email services encrypt messages by default. Gmail fortunately does, but organizations still need to enable S/MIME manually for additional protection against threats like man-in-the-middle attacks. What’s more, S/MIME won’t work unless both parties support it.
Is Gmail confidential mode encrypted?
No, confidential mode in Gmail doesn’t turn on any additional encryption methods. Its purpose is to be a convenient way for users to improve their privacy.
How to encrypt Gmail attachments?
You can easily encrypt Gmail attachments using third-party apps like FlowCrypt, SendSafely, and Mailvelope, which use OpenPGP, a key-based encryption method for encrypting and decrypting data.
