1. Clean Email
  3. Blog
  5. Email Security
  7. How to Encrypt Email
  9. How To Encrypt Gmail

How To Encrypt An Email In Gmail: 2026 Guide

Written by David Morelo
Updated Mar 6, 2026

You don’t have to be a hacker to know how to encrypt an email in Gmail because email security is something that concerns everyone. In this article, we explain how to encrypt Gmail, and we also introduce Clean Email as the most convenient tool to help you organize your mailbox and further enhance your security.

What Is Email Encryption?

Encryption is the process of turning plaintext information into meaningless secret code, known as ciphertext. To decode ciphertext and transform it back into its plaintext form, the correct decryption key must be provided.

Is Gmail Encrypted?

Yes, Gmail encrypts all messages by default—both in transit and at rest to protect its users from hackers.

For in-transit encryption, it uses something called TLS, or Transport Layer Security. TLS is a cryptographic protocol that’s used not only by mail services like Gmail but also by various instant messaging and web applications.

As far as at-rest encryption goes, Gmail uses the Advanced Encryption Standard (AES) algorithm to encrypt all data stored on its servers. The same algorithm is also approved by the U.S. National Security Agency (NSA) for top-secret information, so you can rest assured knowing that your messages are protected well.

Thanks to TLS and AES being enabled by default, you don’t need to learn how to encrypt an email in Gmail to enjoy a solid level of protection, but that doesn’t mean you can’t go beyond it.

How to Enhance Gmail Message Security?

Many users are searching for guides on how to encrypt email Gmail offers, to enhance their online security. There are other ways how to send an encrypted email in Gmail, but they’re not enabled by default.

The users of Enterprise, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus editions of Gmail can enable S/MIME for message encryption.

You can enable hosted S/MIME from the Google Admin console:

  1. Log in to the Google Admin console.
  2. Navigate to MenuAppsGoogle WorkspaceGmailUser settings.
  3. On the left, under Organizations, select the domain or organization you want to configure.
  4. Scroll to the S/MIME setting and check the Enable S/MIME encryption for sending and receiving emails box.
  5. Click Save.

Besides S/MIME, there’s also Gmail’s confidential mode. This special mode protects your privacy by making it impossible for recipients to forward, copy, print, and download your messages from Gmail.

To send a confidential message via a web browser:

  1. Log in to your Gmail account.
  2. Click Compose.
  3. Click Toggle confidential mode in the bottom right of the window.
    4. How to send a confidential message via a web browserHow to send a confidential message via a web browser
  4. Set an expiration date and passcode.
  5. Click Save.
Set an expiration date and passcode, then click SaveSet an expiration date and passcode, then click Save

To secure your Gmail emails on Android and iOS:

  1. Open the Gmail app.
  2. Tap Compose (pencil icon).
  3. Enter the recipient and message.
  4. Tap the three-dot menu and select Confidential mode.
  5. Set expiration and passcode and save the settings.
    6. How to secure your Gmail emails on Android and iOSHow to secure your Gmail emails on Android and iOS
  6. Send your encrypted message.

While useful, Gmail’s confidential mode isn’t a bulletproof solution (and it doesn’t claim to be). For example, your privacy can still be compromised by someone taking a screenshot of your message and sharing it that way.

Google Workspace Client-Side Encryption (CSE)

Google introduced Client-Side Encryption (CSE) in 2022 to make Gmail security even better for businesses that need the most control over their data, like those in law, healthcare, or finance.

When you use Gmail's standard encryption, Google has the keys to the encryption, which means that Google can technically read your messages. With CSE, your organization has control over the encryption keys, and messages are encrypted on your device before they get to Google's servers. This means that Google can't read your emails at all, not even to filter out spam or add them to search results.

CSE is available for:

To enable CSE for your organization:

  1. Set up a key management service (KMS) that works with Google's ACME key access API. Some of the providers that work with this are Thales, Virtru, and Stormshield.
  2. In the Google Admin console, go to AppsGoogle WorkspaceGmailClient-side encryption.
  3. Link your external KMS by entering the ACME key service URL.
  4. Enable CSE for the desired organizational units.
  5. Once configured, users will see a lock icon in the Compose window to toggle CSE on for individual messages.

📌 Note: It's important to remember that CSE has some downsides. Gmail's server-side search can't find encrypted emails, and some Gmail features, like Smart Reply and spam filtering, don't work with CSE messages. It works best for certain very sensitive communications, not for regular email.

Third-Party Gmail Encryption Apps

There are many third-party apps that offer an added layer of security for Gmail users. These apps typically use end-to-end encryption, making them a go-to choice for those who frequently send sensitive or confidential information via email.

Popular options to consider include FlowCrypt, ProtonMail Bridge, PreVeil, and Virtru. Each one has unique benefits for enhancing your security.

All three apps are built on OpenPGP, the most widely used email encryption standard in the world, so you can trust them to work just as intended.

Boost Your Gmail Security With Clean Email

Clean Email is an inbox management tool that helps you keep your Gmail account organized and secure. Available on iOS, Android, macOS, and the web, it works alongside Gmail's built-in encryption to add an extra layer of privacy, monitoring your address for known data breaches and filtering emails from unknown senders before they reach your inbox.

Take advantage of Clean Email’s Privacy Monitor to regularly check your Gmail address against known data breaches and security incidents.

Privacy Monitor feature in Clean EmailPrivacy Monitor feature in Clean Email

If you find your Gmail account compromised, act quickly. Assume your password is leaked and change it. If this password is used on other sites, they may also be at risk. Create new, unique passwords for each website and service that is in some way connected to the compromised account.

An additional powerful feature to enhance your email security is the Screener tool. This function segregates emails from unfamiliar senders into a distinct folder for your scrutiny.

Once enabled, the Screener tool proactively enhances your email security by isolating incoming messages from new contacts. This gives you the freedom to either block or allow these senders. Approved senders' future emails will go straight to your inbox.

Stop spam emails with Screener feature in Clean EmailStop spam emails with Screener feature in Clean Email

These features make Clean Email an invaluable tool for Gmail users who depend on a well-organized inbox for peak productivity. In addition, Clean Email is available on web, desktop, and mobile platforms.

💡 Interested in learning more about email security? Check out our other guides on how to send a secure email and how to send an anonymous email and protect your privacy.

How to Encrypt an Email in Gmail - FAQ

How to send a secure email in Gmail?

To send a secure email in Gmail, you can use the built-in Confidential Mode or employ a third-party encryption app like Tutanota or PreVeil for added security.

How to send secure email in Gmail mobile?

To send encrypted email Gmail offers on mobile, tap "Compose," then select "Confidential mode" from the three-dot menu. Choose an expiration date and passcode, tap "Save," and then hit "Send" for secure transmission.

Why are some messages not encrypted?

Not all email services encrypt messages by default. Gmail fortunately does, but organizations still need to enable S/MIME manually for additional protection against threats like man-in-the-middle attacks. What’s more, S/MIME won’t work unless both parties support it.

Is Gmail confidential mode encrypted?

No, confidential mode in Gmail doesn’t turn on any additional encryption methods. Its purpose is to be a convenient way for users to improve their privacy.

How to protect email with password?

To password-protect an email in Gmail, enable "Confidential Mode." You can set a passcode and expiration date, and the recipient will need to enter the passcode to read the email.

How to encrypt Gmail attachments?

You can easily encrypt Gmail attachments using third-party apps like FlowCrypt, SendSafely, and Mailvelope, which use OpenPGP, a key-based encryption method for encrypting and decrypting data.

Try Clean Email for Free
*****4.5based on 3,300 user reviews
Get Started
InboxClean Your Mailbox

Use tools like Cleaning Suggestions and Smart Folders to help you quickly clean out an overloaded inbox

Mute unwanted emailsUnsubscribe

Keep unwanted emails out of your inbox by unsubscribing—even from email lists that don’t have an unsubscribe link

Clean your emailsKeep it Clean

Automate repetitive tasks with Auto Clean rules to archive emails as they become old or to sort them into folders

Background
Use filters to find emails you want to clean.Arrow
Screener FeatureArrow
UnsubscribeArrow
Auto CleanArrow
Sender SettingsArrow