Ways to encrypt an email in Gmail

By default, all messages in Gmail are transmitted through the TLS (Transport Layer Security) encryption protocol. This protocol will only secure your email if the recipient's mail service also supports TLS encryption. Below you can see several ways to secure your email correspondence.

By default, all messages in Gmail are transmitted through the TLS (Transport Layer Security) encryption protocol. This protocol will only secure your email if the recipient's mail service also supports TLS encryption.
Below you can see several ways to secure your email correspondence.

S/MIME encryption for G Suite subscribers

Enhanced encryption of emails is mainly in demand in the business environment, which is why this feature is available to all G Suite Enterprise (Gmail for Business) subscribers. Users who use free Gmail, alas, will not be able to use it.

Moreover, to use S/MIME encryption, G Suite Enterprise subscribers must have both the sender and the recipient of the message.

Enabling S/MIME encryption:

  1. Go to Google Admin console (admin.google.com).
  2. Go to Apps -> G Suite -> Gmail -> User settings.
  3. Select an organization on the left.
  4. Set Enable S/MIME encryption for sending and receiving emails box. at the bottom of the settings window.
    You can also configure optional certificate settings.
  5. Click the Save button.

Your encryption settings will be updated within one hour.

How to apply encryption to email:

  1. Create a new email.
  2. Add the recipient to the To field.
  3. A lock icon will appear to the right of the recipient’s email. Click this button and select the S/MIME settings.

Besides S/MIME, you can also configure the MTA-STS (SMTP MTA Strict Transport Security) mechanism for your domain. This mechanism prevents attacks that are aimed at intercepting messages and modifying them during transmission between servers.
You can read more about configuring MTA-STS in the article About MTA-STS and TLS reporting (original howto by Google) .

What can we do to increase the security of our free Gmail account?

You can enable Confidential mode in Gmail for any message. In this mode, the recipient will not be able to download, forward, print, copy this email.
Gmail - confidential mode button

In addition to read-only mode, you can select the expiration date of your email.
You can also choose to send an SMS passcode to the recipient's phone in the settings. If you have selected this option, then only with the help of the SMS code sent you can read the message being sent.
Gmail - confidential mode settings

Adding the encryption with Chrome extensions.

In addition to getting a G Suite subscription, you can also use third-party extensions for the Google Chrome browser to encrypt your email. Go to the Chrome Store and search for Gmail encryption. You'll see a list of extensions that extend what Gmail is used to and encrypt your messages.

The disadvantage of this method is that you'll have to give your Gmail box full (most likely) access to the extension creator. Granting such rights to a third party is in itself a vulnerability.

And if you want to encrypt the message (i.e., so that NO one other than the recipient can read it), does it make sense to give permission to someone else to read the mailbox (and this letter as well)?


Read more:

  1. Enable hosted S/MIME for enhanced message security (original howto by Google)
  2. Protect Gmail messages with confidential mode (original howto by Google)

Have questions? Contact us: [email protected]

Terms of Service    Privacy policy    Contact us   

Made with favorite in Arlington, VA