5 min read

How to encrypt emails in Gmail

Posted by Frank Horenberg on 23rd April 2025

How to encrypt emails in Gmail image

Google Workspace has over 3 billion users globally, while Gmail has over 1.5 billion users per month. That’s almost three times more than its closest competitor, Outlook.

Despite Gmail's popularity, its built-in security features aren’t foolproof.

That’s why knowing how to encrypt emails in Gmail is essential.

What is email encryption?

Email encryption software uses algorithms to change readable text (plaintext) into an unreadable format (ciphertext). In other words, the content of an email is scrambled and unreadable until the message is decrypted. That means only authorized recipients can decode and read your message.

Comparison Graphic 1

Eliminate risks without disrupting workflows. See how our seamless Gmail integration improves your email security.

The two types of email encryption in Gmail

Gmail supports two primary encryption methods – Transport Layer Security (TLS) and Secure/Multipurpose Internet Mail Extensions (S/MME).

1. Transport Layer Security (TLS)

TLS is Gmail’s default encryption method. It encrypts messages during transmission between email servers. It doesn’t require setup but only works if the recipient’s server supports it.

2. Secure/Multipurpose Internet Mail Extensions (S/MIME)

S/MIME provides end-to-end encryption and adds another security layer through digital certificates. This protocol uses two cryptographic keys – a public key to encrypt and a private key to decrypt. It verifies the sender’s identity and keeps the email content unchanged during delivery.

How to send an encrypted email in Gmail

Implementing TLS encryption on Gmail

How to check if your email is encrypted

Gmail automatically uses TLS encryption when both the sender and recipient support it. To check if TLS is active for work or school accounts (not personal Gmail accounts), follow these steps:

  1. Open Gmail
  2. At the top left, click Compose
  3. In the 'To', 'Cc', or 'Bcc' field, enter your recipient's email address
  4. To the right of your recipient, hover over Message security:

  • Message security: standard encryption – The message is encrypted with TLS

  • Message security: enhanced encryption – The message is encrypted with S/MIME

  • Message security: no encryption – The message isn't encrypted or Gmail doesn't recognize the encryption type

Optional: to change encryption settings, click Message security > View details

Tip: if there are multiple recipients with various encryption levels, Message security shows the lowest encryption status.

How to check if an email you received is encrypted

  1. Open a message in Gmail

  2. At the top, next to the recipient, click Show details

  3. In the window, next to Security, check the encryption type:

  • Standard encryption (TLS)

  • Enhanced encryption (S/MIME)

  • [Sender name] did not encrypt this message

Setting up S/MIME in Google Workspace

S/MIME requires Google Workspace Enterprise Plus, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, or Education Plus editions.

Here's how to enable it:

  1. Sign in with an administrator account to the Google Admin console

  2. Go to Menu > Apps > Google Workspace > Gmail > User settings

  3. On the left, under Organizations, select the domain or organization you want to configure

  4. Scroll to the S/MIME setting and check the Enable S/MIME encryption for sending and receiving emails box

  5. (Optional) To let people in your organization upload certificates, check the Allow users to upload their own certificates box

  6. Click Save

Note: changes can take up to 24 hours but typically happen faster. Messages sent during this time aren't encrypted.

For individual users to upload certificates:

  1. Go to Gmail

  2. Choose Settings and then See all settings

  3. Select the Accounts tab

  4. Next to Send mail as, select Edit info

  5. Click Upload a personal certificate

  6. Select the certificate and click Open

  7. Enter the password for the certificate when prompted

  8. Click Add certificate

Important: when you compose emails with S/MIME enabled, you'll see a lock icon in the message subject. If the message is encrypted with hosted S/MIME, the lock is green.

Gmail encryption limitations

While Gmail's encryption options offer some protection, there are significant limitations that may necessitate additional email security solutions.

TLS limitations:

  • It only works if both the sender and recipient support it. If the recipient doesn’t use TLS, Gmail will send the email unencrypted without notifying you

  • TLS doesn’t adequately protect your domain reputation

S/MIME limitations:

  • Both the sender and receiver need to have compatible certificates for it to work

  • S/MIME is only available with premium Google Workspace subscriptions

  • S/MME doesn’t encrypt email subject lines

Overall Gmail encryption gaps

Gmail security gaps 2

Human error prevention

Gmail doesn’t have the features that prevent the most common cause of data breaches – human error. The system doesn't detect misaddressed emails or incorrect attachments before sending. 66% of IT leaders admit they lose more data through employee errors than through sophisticated attacks.

Email recall limitations

Gmail recall is limited and the Undo Send feature has a maximum window of 30 seconds.

Fixed storage encryption

Emails are encrypted with Google’s keys, meaning they could have access.

Limited file size

You’re unable to encrypt large files, so can’t send large files securely.

Why strong email encryption matters

The average data breach reached $4.88 million in 2024, putting organizations at significant financial risk. This staggering figure highlights why robust email encryption software has become essential for modern businesses.

Beyond the immediate financial impact, regulatory compliance presents another compelling reason to strengthen your email security solutions. Non-compliance with data protection regulations such as GDPR, HIPAA, DORA, and other industry standards can result in severe penalties.

Enhance Gmail encryption with Zivver

Zivver’s secure email solution integrates directly with Gmail and addresses many Gmail encryption limitations.

The benefits of advanced encryption for Gmail 2

Zero-access encryption

Unlike standard Gmail encryption, zero-access encryption ensures that no one – not even the service provider – can access your encrypted data.

Intelligent error prevention

Advanced systems detect common mistakes like incorrect recipients, sensitive content, or unintended attachments before you send emails.

Seamless integration

Our secure business email solutions work directly within Gmail's interface, maintaining workflow efficiency while adding enterprise-grade security.

Multi-factor authentication

Additional verification ensures only intended recipients can access sensitive information.

Effective email recall

The ability to revoke access to emails even after delivery.

Secure your email beyond Gmail

While email encryption in Gmail provides basic security features, true email security demands multiple layers of protection. Protect your email and preserve your reputation with zero-access encryption, intelligent error prevention, and seamless authentication.

New call-to-action
Frank Horenberg avatar

Frank Horenberg

Published: 23rd April 2025

Subscribe to our newsletter
Share this

Enjoy this article? Share the knowledge

Previous

Back to all

Stay informed with Zivver

Subscribe to get more email security tips straight to your inbox.