Your IP: Unknown · Your Status: Unprotected Protected

Blog How-To

How to encrypt Gmail to secure your emails

Apr 25, 2019 · 4 min read

How to encrypt Gmail to secure your emails

Gmail is one of the most widely used email service providers, but it isn’t the most secure one. Google encrypts your emails, but the encryption isn’t strong enough to guarantee that your business contracts or personal conversations won’t end up in someone else’s hands (or in Google’s). You can prevent this from happening by encrypting your Gmail emails in a few simple steps.

What encryption Gmail currently provides

Google automatically encrypts your emails in transit with Transport Layer Security (TLS) encryption standard. TLS is better than not using any encryption at all, but you should still take Gmail encryption with a pinch of salt:

  1. TLS encryption only works if the receiver has TLS encryption too. If they don’t, you are sending an unencrypted email.
  2. TLS encryption isn’t very strong. Your message might still pass through a hacked or a third party server. Whoever is sitting behind that server might be able to decipher and read your messages.
  3. TLS isn’t end-to-end encryption. This means that hackers can capture your email once it reaches the destination mail server.
  4. TLS doesn’t encrypt your message, which allows Google’s bots to crawl through your emails, read them, use the information found in them to create your user profile and share your information with third parties.

How to encrypt Gmail

There are ways to give your Gmail an extra layer of encryption. You can do this by either getting a paid G Suite account and encrypting your emails with S/MIME encryption or using a third-party plugin and encrypting your emails manually. Let’s delve into them in more detail.

Google’s S/MIME encryption

Google offers paid G Suite Enterprise and G Suite Education accounts enhanced S/MIME encryption. With S/MIME, you can encrypt your messages with user-specific keys that you will then need to share with the intended recipient. Otherwise, they will not be able to decrypt the message. With this add-on, you will also be able to see the level of encryption your message will have. Just look for a lock icon next to your recipient's name. (Green means that your message will support S/MIME encryption; Gray – TLS encryption; red – unencrypted.)

Even though it’s more secure than TLS, it still presents many vulnerabilities as the receiver also needs to use S/MIME, your message can again be hacked once it gets to the destination server, and Google still can scan your emails. It also creates an extra step you need to complete before sending an email, which might be frustrating for those who send hundreds of emails a day. The encryption isn’t set up by default so you’ll have to ask G Suite admins to do this for you.

Third-party plugins

#1 Flowcrypt

Flowcrypt Gmail encryption

Flowcrypt works as a desktop Firefox or Chrome extension and adds a ‘Secure Compose’ button to your Gmail’s interface. It encrypts your messages with industry-standard Pretty Good Privacy (PGP) encryption. Your recipient can use any email service provider as long as it supports PGP, but you will still need to share your private key for them to decrypt the message. Alternatively, you can set a password, but you will still need to share it with the recipient.

#2 SecureMail

Securemail Gmail encryption

SecureMail is another plugin that works similarly to Flowcrypt but was developed for Google Chrome users only. Once installed, you should see a lock icon next to Gmail’s ‘Compose’ button. Make sure to click on that icon before composing an email or you will send your sensitive information unencrypted.

With SecureMail, you’ll need to set up a password and a password hint for the receiver to decrypt your message. These should be shared with your recipient through other communication channels. The receiver will also need to be a SecureMail user to decrypt your message.

#3 Mailvelope

Mailvelope Gmail encryption

This is another Chrome extension that offers PGP encryption, but this one might require more technical knowledge to set up.

If you used PGP encryption before and already have your public and private keys, you can import them straight into Mailvelope. If not, you’ll have to generate new ones. For the encryption to work, you will need to share your public key with the recipient as well as import recipients’ public keys to Mailvelope’s keyring, too. You can share your public key with others by uploading it on a public key server like the PGP Global Directory or the MIT Key Server.

Once this is set up, you can start composing your encrypted messages. Mailvelope will create a button next to the Gmail ‘Compose’ button. Once you click on it, a new window will pop up. Compose your message and then click ‘encrypt.’ Choose the recipient and transfer the encrypted text into Gmail. Mailvelope provides your with end-to-end encryption meaning that no one snooping on your traffic, not even Google, will be able to read your messages.

You can also try other plugins such as EnigMail, GPGTools, and GNU Privacy Guard.

How to send truly secure emails

Unfortunately, none of the options discussed above provide a perfect solution if you care about your privacy. TLS and S/MIME encryption standards do not guarantee 100% security. Third-party plugins aren’t user-friendly, add extra steps to the emailing process, and don’t encrypt emails composed on a mobile device.

To send truly secure emails, you should look for a privacy-oriented email provider that:

  • Has end-to-end encryption, meaning that your message will be encrypted the moment you compose it and can only be decrypted by the intended recipient. (Google promised to implement end-to-end encryption back in 2014. But since then the project has not been developed);
  • Keeps your messages encrypted even if you send it to someone who uses a different email service provider;
  • Has a zero-knowledge policy so that even their employees can’t see your encryption keys;
  • Encrypts not just your message but your attachments too;
  • Offers ‘burner email accounts’ for complete anonymity.

Click here to see the best Gmail alternatives for your privacy and security.


Emily Green
Emily Green successVerified author

Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.


Subscribe to NordVPN blog