Email Encryption

How to Encrypt Emails in a Step-by-Step Process

Last updated on May 2, 2021

As recent as 2018, Apple, Google, Microsoft and Yahoo reserved the right to read our emails, not just through machines but through their employers too. Despite the subsequent furor, it’s not uncertain that they don’t do so today. It’s for security reasons, they say, although experts report that contents of our email have been sold for marketing and research purposes.

How can you protect sensitive emails?

End-to-end email encryption technology, which shows you how to encrypt email and how to send encrypted email, is your best bet. This technology locks your emails from snooping bosses, gossipy colleagues, or people all too ready to scoop out our personal lives. Then, too, there’s the confidential data like credit card information, passports, and other security details that too many owners trust to their emails.

The concept behind encryption technology is simple: Mathematically based protocols spin your readable emails into unreadable form. The only ones that can read it are the sender and recipient through a public and private key. The public key is used for encryption, while the private one is used to decrypt the message. Private keys can also be used to digitally sign messages, attesting they come from the appropriate sender.

End-to-end encryption is not always convenient since both sender and recipient need the tools to encrypt and decrypt the emails, but the technologies are improving as we read. 

How Email Encryption Works

The two most popular encryption protocols that all email providers use are:


S/MIME (Secure/Multipurpose Internet Mail Extensions) uses public and private key cryptography to sign, encrypt and decrypt emails.  The sender uses the public key to convert the plain text into ciphertext and shares their private key with the recipient.  Recipient uses the private key to decode the message. If either sender or receiver wants to confirm that the message has been read by only the appropriate sources, the message is signed with the private key and decoded through the other’s public key.


With PGP (Pretty Good Privacy), both sender and recipient have their own private and public keys. The public key can be shared, but the private one should never be shared. The public key is the key that others use to encrypt the message that only you can open. The private key is the key that helps you decrypt the messages sent to you, based on your public key.  The private key can also be used to sign documents and emails. While S/MIME works through a trusted third party Certificate Authority, in PGP, all you need is the other’s public key to “open” and decode emails.

How to Encrypt Emails in Gmail

  1. Write your email in Gmail as you normally would.
  2. Turn on confidential mode (the lock icon) in the bottom margin.
  3. Set your expiration date and passcode.

Gmail gives you two options:

  • No SMS passcode – If your recipient doesn’t have Gmail, they’ll get a passcode by email.
  • SMS passcode – Recipients get a passcode by SMS (text message).

Save and Send. That simple.

How to read emails sent with confidential mode

  1. You get a message telling you the email is confidential and just for you. The message also gives you the expiration date. If you’re not a Gmail user, Gmail gives you a one-time passcode to open the email.
  2. Click on “View the Email”.
  3. Options to copy, paste, download, print, and forward the message text and attachments are disabled.

How to Encrypt Emails in Outlook

Before sending secret admirer notes on Outlook, you need to prove you can be trusted. So Outlook’s first requirement is that you sign up for a secret digital signature.

Getting your Outlook digital signature

  • Access File > Options > Trust Center > Trust Center Settings > Email Security, Get a Digital ID.
  • Choose which certification authority you want to receive a digital ID from (we recommend Comodo).
  • Sit tight for your Outlook email with the digital ID.

Outlook encryption options

Outlook has two encryption options:

  • S/MIME encryption that comes with “regular” Microsoft
  • Microsoft 365 Message Encryption (Information Rights Management) for Microsoft Office 365 subscribers.

Encrypting with S/MIME in Outlook

First attach your digital certificate:

  1. Under the Microsoft File menu, select Options > Trust Center > Trust Center Settings.
  2. In the left pane, select Email Security >Encrypted email >Settings.
  3. Under Certificates and Algorithms, click Choose > S/MIME certificate.
  4. Select OK.

Encrypting Email with Microsoft 365 Message Encryption

In an email message, choose Options > Encrypt and pick the encryption with the restrictions you want to enforce, such as Encrypt-Only or Confidential/ All Employees.

Now that you have your digital signature, you’re ready to encrypt your messages:

(i) Encrypt a single message

  1. In the message that you’re composing, click File > Properties.
  2. Click Security Settings < Encrypt Message Contents and Attachments. Check the box.

(ii) Encrypt all outgoing messages

Recipients must have your digital ID to decode or view your messages.

  1. Access File. Choose Options >Trust Center > Trust Center Settings.
  2. Click Security Settings < Encrypt Message Contents and Attachments. Check the box.

How to Encrypt Email on iOS devices

iOS devices have inbuilt S/MIME support.

  1. Access advanced settings and activate S/MIME.
  2. Change “Encrypt by Default” to Yes.
  3. Compose your message and turn on the lock icon (near the recipient) to encrypt the email.

Email Providers that Need Extra Setup for Encrypting Emails

Email providers that don’t have inbuilt S/MIME or PGP/MIME protocol compatibility need a third-party tool, and sometimes extra set-up, for encrypting emails. Such providers include Yahoo, Android and AOL. 

How to Encrypt Email on Your Phone or iPad

  1. Open your iPhone or iPad’s Settings
  2. Select Accounts and Passwords. Choose your email account (e.g., Gmail).
  3. Choose Advanced options < S/MIME
  4. Activate the S/MIME switch
  5. Select and activate the Sign option.
  6. Return to Advanced Menu < Encrypt by Default. Activate that button.
  7. Compose your email. You’ll get a blue unlocked lock icon in the recipient field. Tap it to lock it. This will encrypt your email.

 Other Email Encryption Services

While email providers give you inbuilt security measures, each provider comes with its encryption glitches, with their primary focus being to deliver your emails rather than guarantee your email privacy.

That’s where you have email encryption utilities that dedicate themselves to keeping snoops out of your messages. Some of these providers are free, others have tiered services. As of 2021, we can safely say the best-rated email encryption services are Prevail, ProtonMail, Virtru, PrivateMail and StartMail.

For one time encryption, you may want to try SafeMess or InfoEncrypt where you paste in the message you want to encrypt and give the recipient a secret password where they can decrypt it online. On SafeMess, the message expires after a pre-programmed period of time.


Want the world to read your email? No? Then you should encrypt them to protect your privacy. That’s where mathematically-based protocols spin your readable emails into unreadable form.  To ensure that your emails are really secure, turn to the free or premium email encryption services.

Please remember subjects lines don’t get encrypted and are a clear giveaway. If you want to protect your emails,  you may want to consider innocuous subject lines.