How to Encrypt Your Emails: Gmail, Outlook & iOS Guide

Our email inboxes contain sensitive documents, financial records, and confidential business communications. Yet standard email operates like sending postcards through the post—anyone handling the message can read its contents.

When you encrypt your emails, you transform messages into unreadable code that only the intended recipient can decipher. This protection is critical in the UK, where the Data Protection Act 2018 requires organisations to implement “appropriate technical measures” when transmitting personal data. Whether you’re a solicitor sharing client documents, an accountant sending tax returns, or an individual protecting your privacy, this encryption provides essential security for digital correspondence.

This guide demonstrates practical methods to encrypt your emails across the most popular platforms. The article covers free solutions and compliance-grade options for both personal privacy and business compliance.

Understanding Email Encryption: What You Need to Know

Before configuring encryption settings, understanding two fundamental concepts will help you choose the appropriate method for your needs.

Transport Layer Security vs End-to-End Encryption

Gmail, Outlook, and other major providers already use Transport Layer Security (TLS) by default. This encryption protects your email whilst it travels between servers, but once your email reaches Google’s or Microsoft’s servers, the encryption is unlocked. The provider can technically read your messages.

End-to-end encryption (E2EE) provides superior protection. With E2EE, you encrypt the message on your device before sending it. The message remains encrypted throughout its journey and can only be decrypted by your recipient using their private key. Even if Google, Microsoft, or a hacker intercepts the message, they cannot read its contents. This guide focuses on implementing end-to-end encryption methods to ensure your emails are properly encrypted.

The Subject Line Problem

Most encryption methods protect the email body and attachments but leave subject lines unencrypted. Email servers need readable subject lines for routing and delivery. Never include sensitive information in your subject line. Instead of writing “Attached: My Passport and National Insurance Number,” use neutral phrasing, such as “Requested Documents for Application Ref: 12345.”

Choosing Your Encryption Method: Personal or Business?

Encrypt Your Emails, Encryption Method

The proper encryption method depends on whether you’re protecting personal communications or meeting business compliance requirements.

Personal Users: Quick and Free Options

For occasional sensitive emails—such as sending passport scans, bank statements, or confidential personal documents—you need simple solutions. Gmail’s Confidential Mode provides the fastest implementation, requiring no setup. However, it’s not actual end-to-end encryption, as Google retains the ability to access the contents of messages.

For genuine end-to-end encryption, the Mailvelope browser extension offers free PGP encryption that integrates with Gmail, Outlook.com, and Yahoo Mail. When you encrypt your emails using this method, the protection is significantly stronger than that provided by Confidential Mode.

Business Users: Compliance-Grade Solutions

Organisations handling client data, medical records, or financial information must comply with UK GDPR requirements. For business purposes, you need S/MIME (Secure/Multipurpose Internet Mail Extensions), the professional standard for encrypting business emails. It requires digital certificates that verify sender identity and provide legally recognised encryption. S/MIME is included with Microsoft 365 Business subscriptions and Google Workspace Enterprise plans.

How to Encrypt Your Emails in Gmail

Gmail offers three distinct encryption methods to encrypt your emails, each suited to different use cases and security requirements.

Method 1: Gmail Confidential Mode

Confidential Mode is Gmail’s built-in feature for restricting access to emails. It’s not actual encryption, but it provides reasonable protection for moderately sensitive information.

  1. Setting Up Confidential Mode:
    • Open Gmail and click “Compose”.
    • Write your email.
    • Click the lock icon with a clock at the bottom.
    • Set an expiration date (1 day, 1 week, 1 month, 3 months, or 5 years).
    • Choose whether to require an SMS passcode.
    • Click “Save” and send.
  2. What Your Recipient Sees: Recipients cannot forward, copy, download, or print the email. They must click a link to view the message in their browser. If you require an SMS passcode, Google sends a code to your mobile phone before allowing access.
  3. Best For: Personal users who want to encrypt your emails quickly when sending one-off sensitive documents like ID scans or bank statements to recipients who aren’t technically sophisticated.

Method 2: S/MIME Encryption in Google Workspace

Google Workspace Enterprise accounts include S/MIME encryption, providing genuine end-to-end encryption. This professional method enables you to encrypt your emails to the highest legally recognised security standards.

  1. Requirements:
    • Google Workspace Enterprise account (£15.70 per user/month excluding VAT).
    • Digital certificate from a Certificate Authority.
    • The administrator must enable S/MIME in the Admin Console.
  2. Sending Encrypted Emails: Once configured, a padlock icon appears next to your recipient’s email address when composing messages. When you encrypt your emails with S/MIME, click the padlock to toggle between encryption levels: a green padlock (full encryption), a grey padlock (TLS only), or a red padlock (no encryption available).
  3. Best For: Businesses with Google Workspace Enterprise requiring legally compliant encryption for client communications, medical records, or confidential business information.

Method 3: Mailvelope Extension for PGP Encryption

Mailvelope is a free browser extension that adds PGP (Pretty Good Privacy) encryption to webmail services, providing military-grade protection that even Google cannot access.

  1. Installing Mailvelope:
    • Visit chrome.google.com/webstore or addons.mozilla.org
    • Search for “Mailvelope”.
    • Click “Add to Chrome” or “Add to Firefox”.
    • Grant permissions and complete setup.
  2. Generating Your Keys:
    • Click the Mailvelope icon in your browser toolbar.
    • Select “Key Management” → “Generate Key”.
    • Enter your name and email address.
    • Create a strong passphrase (minimum 12 characters).
    • Click “Generate” and wait 30-60 seconds.
  3. Sending an Encrypted Email:
    • Compose a new Gmail message.
    • Click the Mailvelope icon in the compose window.
    • Write your message in the secure editor.
    • Click “Encrypt” to encrypt your emails with PGP protection.
    • Select your recipient’s public key → “Add” → “Transfer”.
    • Send normally.
  4. Best For: Privacy-conscious individuals, journalists, or anyone requiring zero-knowledge encryption where even Google cannot access message contents.

How to Encrypt Your Emails in Outlook

Outlook and Microsoft 365 provide integrated encryption options with varying methods depending on your subscription level.

Method 1: The Encrypt Button (Microsoft 365 Only)

Microsoft 365 subscriptions include Message Encryption with one-click functionality.

  1. Using Microsoft 365 Message Encryption:
    • Open Outlook and click “New Email”.
    • Write your email.
    • Click “Options” → “Encrypt” → “Encrypt-Only”.
    • Finish composing and send.
  2. Requirements: Microsoft 365 Business Basic (£4.80/user/month excluding VAT) or higher.
  3. Best For: Businesses already using Microsoft 365 who need straightforward methods to encrypt your emails without managing certificates.

Method 2: Digital ID Certificates (S/MIME)

S/MIME provides the highest level of encryption security in Outlook, adhering to legally recognised security standards.

  1. Obtaining a Digital Certificate:
    • Sectigo (formerly Comodo): Personal certificates from £15/year excluding VAT.
    • GlobalSign: Personal certificates from £45/year, excluding VAT.
    • DigiCert: Enterprise certificates from £85/year excluding VAT.
  2. Installing Your Certificate:
    • Download the certificate file (.pfx or .p12 format).
    • Double-click the certificate file.
    • Select “Current User” → “Next”.
    • Enter the certificate password
    • Select “Automatically select the certificate store” → “Finish”.
  3. Configuring Outlook:
    • Open Outlook → “File” → “Options”.
    • Select “Trust Centre” → “Trust Centre Settings”.
    • Click “Email Security”.
    • Under “Encrypted email”, click “Settings”.
    • Click “Choose” next to “Signing Certificate”.
    • Select your certificate → “OK”.
    • Repeat for “Encryption Certificate”.
  4. Sending an Encrypted Email:
    • Compose a new email
    • Click “Options” → “Encrypt” (padlock icon) to encrypt your emails with S/MIME protection.
    • Complete your message and send.
  5. Best For: Legal professionals, financial advisors, medical practitioners, and businesses requiring legally compliant encryption with non-repudiation.

How to Encrypt Your Emails on Mobile Devices

Mobile encryption requires different approaches for iOS and Android devices.

Encrypting Emails on iPhone (iOS)

iOS includes native S/MIME support, allowing you to encrypt your emails directly within the built-in Mail app.

  1. Installing Your S/MIME Certificate:
    • Obtain your S/MIME certificate as a .p12 or .pfx file
    • Email the certificate file to yourself.
    • Tap the certificate file on your iPhone.
    • Go to Settings → General → VPN & Device Management.
    • Tap the certificate profile.
    • Enter your device passcode.
    • Tap “Install” → enter certificate password → “Done”.
  2. Enabling S/MIME in iOS Mail:
    • Open Settings → Mail → Accounts.
    • Select your email account → “Account” → “Advanced”.
    • Toggle “S/MIME” to on.
    • Under “Sign” and “Encrypt”, toggle both to on.
  3. Sending Encrypted Emails: Once configured, iOS Mail automatically encrypts your emails when composing to recipients whose certificates you’ve received. A blue padlock indicates encryption is active.

Encrypting Emails on Android

Android’s native email clients provide limited encryption support, making it more challenging to encrypt your emails on these devices.

  1. Gmail App: The Gmail app doesn’t support S/MIME or PGP encryption directly. You can use Confidential Mode, but it doesn’t provide true end-to-end encryption for your emails.
  2. Third-Party Apps: Several Android email apps support S/MIME, allowing you to encrypt your emails with professional-grade security:
    • Nine Email: £11.99 one-time purchase, includes full S/MIME support.
    • Aqua Mail: Free with in-app purchases, supports S/MIME.
  3. Secure Email Services: For reliable mobile encryption, switching to an encrypted email service provides better results. These services make it simple to encrypt your emails on mobile:
    • ProtonMail: Free tier available, Plus from £3.99/month. Automatic encryption, no configuration needed to encrypt your emails.
    • Tutanota: Free tier available, Premium from £2.99/month.

Advanced Email Encryption: PGP Explained

PGP (Pretty Good Privacy) offers the strongest encryption available with zero-knowledge protection that even your email provider cannot break.

Understanding Public and Private Keys

PGP uses asymmetric encryption with two different keys. Your public key is designed to be shared openly. When someone encrypts a message with your public key, only your private key can decrypt it. Your private key must remain absolutely confidential.

When to Use PGP to Encrypt Your Emails

  1. Use PGP when:
    • You require encryption that no email provider can break.
    • You’re communicating with journalists or privacy advocates who already use PGP.
    • You need to encrypt your emails without paying for certificates annually.
  2. Use S/MIME when:
    • Your organisation requires legally compliant encryption.
    • You need encryption that works seamlessly within corporate systems.
    • You want encryption recognised in legal proceedings.

Free PGP Tools to Encrypt Your Emails

  1. GPG Suite (macOS): Free from gpgtools.org, integrates with Apple Mail.
  2. Kleopatra (Windows): Included with Gpg4win from gpg4win.org, works with Outlook.
  3. GNU Privacy Guard (Linux): Pre-installed on most distributions.

These tools enable you to generate PGP key pairs and manage keys associated with contacts when encrypting your emails using this method.

UK Email Encryption Requirements: GDPR Compliance

UK organisations must understand their legal obligations regarding email encryption under the Data Protection Act 2018 and UK GDPR.

When UK Law Requires You to Encrypt Your Emails

The Data Protection Act 2018 requires organisations to implement “appropriate technical and organisational measures” to secure personal data. The ICO considers encryption an appropriate measure for protecting personal data in transit. You must encrypt your emails when transmitting:

  1. Personal Identifiable Information: National Insurance numbers, passport details, driving licence numbers, dates of birth, combined with full names.
  2. Financial Information: Bank account numbers, credit card details, salary information, tax returns.
  3. Health Records: Medical history, NHS numbers, prescription details, mental health records.
  4. Legal Documents: Client correspondence for solicitors, court documents, and contracts containing personal data.
  5. Employment Information: References, disciplinary records, employment contracts,and redundancy documents.

When handling sensitive information, you must encrypt your emails to meet regulatory expectations.

ICO Guidance on How to Encrypt Your Emails Securely

The ICO provides specific guidance at ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/security/.

Key requirements for organisations that need to encrypt their emails include:

  1. Assessment: Evaluate risks to individuals’ rights when transmitting personal data via email.
  2. Appropriate Measures: The ICO expects you should encrypt your emails for any communication containing personal data beyond basic contact information.
  3. Staff Training: Employees must understand when to encrypt their emails and how to use encryption tools correctly.

In 2024, the ICO fined a UK medical practice £25,000 for repeatedly sending patient information via unencrypted email. Organisations must encrypt their emails when handling health information to prevent such breaches.

Penalties for Non-Compliance

The UK GDPR allows the ICO to impose fines of up to £17.5 million or 4% of the organisation’s annual global turnover.

Recent UK penalties include:

  1. Healthcare Sector: London NHS Trust £325,000 fine for emailing patient medical records without encryption.
  2. Legal Services: Regional law firm £50,000 penalty for sending unencrypted emails containing clients’ financial information.
  3. Financial Services: Investment advisory firm £180,000 fine for systematically failing to encrypt emails containing clients’ financial portfolios.

Organisations can significantly mitigate penalties by demonstrating implementation of appropriate encryption systems and regular staff training on when to encrypt their emails.

Secure Email Services: Automatic Encryption

For users who regularly need encryption, switching to a dedicated secure email provider proves more practical. These services automatically encrypt your emails without complex configuration.

ProtonMail: Automatically Encrypt Your Emails by Default

ProtonMail operates servers in Switzerland and provides automatic end-to-end encryption. When you encrypt your emails with ProtonMail, the encryption happens automatically in the background.

  1. Key Features:
    • Free tier: 1GB storage, 150 messages per day.
    • Plus tier: £3.99/month (annual billing), 15GB storage, unlimited messages.
    • Zero-knowledge encryption (ProtonMail cannot read your messages).
    • Automatic encryption between ProtonMail users.
  2. UK Business Use: ProtonMail Professional costs £6.99/user/month (annual billing), making it suitable for small businesses that need to encrypt their emails without complex certificate management.
  3. Best for: Privacy-focused individuals, journalists, researchers, and small businesses that need to encrypt their emails without an IT infrastructure.

Tutanota: Open-Source Methods to Encrypt Your Emails

Tutanota offers end-to-end encryption with servers located in Germany. The open-source platform ensures that you can trust the system when encrypting your emails.

  1. Key Features:
    • Free tier: 1GB storage.
    • Premium tier: £2.99/month (annual billing), 10GB storage.
    • Automatic encryption between Tutanota users.
  2. Best for: Budget-conscious users and organisations seeking open-source encryption for transparency.

Virtru: Enterprise Solutions to Encrypt Your Emails

Virtru adds encryption capabilities to existing Gmail or Outlook accounts, allowing organisations to maintain their infrastructure while adding the ability to encrypt their emails for compliance.

  1. Key Features:
    • Integrates with Google Workspace and Microsoft 365.
    • Pro subscription: £5/user/month, encryption, access controls, audit logs.
    • Granular access controls (forward restrictions, expiration dates).
  2. Best For: Enterprises with complex compliance requirements, organisations transitioning to encrypt their emails without changing providers.

Common Problems When You Encrypt Your Emails

Encrypt Your Emails, Common Problems

Understanding these problems prevents frustration when you encrypt your emails.

Problem: “My Outlook Encrypt Button Is Greyed Out”

  1. Cause: Free Outlook.com accounts don’t support the Encrypt button. This requires Microsoft 365 Business subscriptions.
  2. Solution: Upgrade to Microsoft 365 Business Basic (£4.80/user/month excluding VAT) or install an S/MIME certificate.

Problem: “My Recipient Can’t Open My Encrypted Email”

  1. Cause: S/MIME and PGP encryption require both parties to have compatible certificates or keys. When you encrypt your emails with these methods, recipients need proper setup.
  2. Solution (S/MIME): Ask recipients to send you a digitally signed (not encrypted) email first. This allows your email client to obtain their public certificate automatically.
  3. Solution (PGP): Exchange public keys before you encrypt your emails and send encrypted messages. Import their key into your system first.

Problem: “I Lost My Private Key”

  1. Reality: If you lose your private key or forget the passphrase, all encrypted messages become permanently inaccessible.
  2. Prevention:
    • Store your private key backup in a secure location.
    • Document your passphrase securely.
    • Test key backups periodically.

Problem: “Can I Encrypt Only the Attachment?”

  1. Answer: Standard encryption methods (S/MIME, PGP) encrypt the entire message. You cannot selectively encrypt only attachments when you encrypt your emails with these methods.
  2. Workaround: Manually encrypt files before attaching:
    • Windows: Right-click file → Properties → Advanced → “Encrypt contents to secure data”.
    • macOS: Right-click file → Compress → Right-click ZIP → “Encrypt [filename].zip”.

Problem: “Subject Lines Appear Unencrypted”

Clarification: This is expected behaviour. Most encryption standards intentionally leave subject lines unencrypted. Even when you encrypt your emails, subject lines remain visible to email servers. Never include sensitive information in subject lines.

Email encryption protects your sensitive communications from unauthorised access. The right encryption method depends on your specific needs, technical capabilities, and the systems of your recipients.

For personal users, Gmail’s Confidential Mode provides quick protection in under two minutes. Business professionals requiring compliance-grade encryption should implement S/MIME through Microsoft 365 or Google Workspace. Privacy-focused individuals benefit from ProtonMail or Tutanota, which automatically encrypts your emails by default.

Remember that encryption only protects message contents, not subject lines. UK organisations handling personal data should encrypt their emails as standard practice to meet the requirements of the Data Protection Act 2018.

Begin with the simplest method that suits your needs. As your security requirements grow, consider transitioning to S/MIME or PGP when encrypting your emails. The most secure encryption system is the one you actually use. Implementing basic methods to encrypt your emails today protects your communications better than planning elaborate systems that you never deploy.