Email encryption keeps your messages secure by scrambling them so that only the intended recipient can read them.
It uses special techniques to protect your information from prying eyes.
Only someone with the right key can unlock and read the email.
Without encryption, an email is like a postcard - anyone could read it on its journey (including any sensitive data you attach).
A lot of email providers encrypt some data, but without additional protection (ideally from send to receive, known as “end-to-end encryption”), emails are vulnerable to interception.
To protect sensitive or private emails and attachments, you’ll need to add extra security to your messages.
Scroll to learn how to encrypt email attachments for your setup.
How to Encrypt Email Attachments in Outlook
Microsoft Outlook supports different types of encryption methods, depending on your version of Outlook and your subscription.
These include:
S/MIME encryption, which requires a digital certificate (also known as a digital ID)
Microsoft Purview Message Encryption (formerly Office 365 Message Encryption), available with certain Microsoft 365 subscriptions
For most purposes, either type of encryption will be enough to raise your level of security against common threats.
Encrypting Email Attachments in New Outlook for Windows
New Outlook for Windows supports Microsoft 365 Message Encryption if you have an Office 365 Enterprise E3 licence or higher.
To encrypt an email in New Outlook for Windows, follow these steps:
Open Outlook and click on ‘New Email’ to compose a new message.
In the email composition window, click on the ‘Options’ tab.
Select ‘Encrypt’.
Choose the encryption that has the restrictions you want, such as ‘Encrypt-Only’ or ‘Do Not Forward’. If you choose ‘No Permission Set’, Outlook uses Transport Layer Security (TLS) to encrypt the connection but not the message’s contents.
Write your message and attach any documents.
Click ‘Send’.
Note: If you choose ‘Encrypt-Only’, the message is encrypted. Recipients can share the email and any attachments with third parties. If you choose ‘Do Not Forward’, the message is encrypted and additional protections prevent recipients from forwarding it to others.
Encrypting Email Attachments in Classic Outlook for Windows (With an E3 Licence)
To use Microsoft 365 Message Encryption, you must have an Office 365 Enterprise E3 licence or higher.
Microsoft 365 Message Encryption also needs to be configured by your email administrator before you can use it.
To encrypt an email with Microsoft 365 Message Encryption, follow these steps:
Open Outlook and click on ‘New Email’.
Click on the ‘Options’ tab.
Select ‘Encrypt’.
Choose the encryption option that has the restrictions you’d like to use, such as ‘Encrypt-Only’ or ‘Do Not Forward’.
Write your message and attach any documents.
Click ‘Send’.
Note: There is no option to encrypt all outgoing messages by default using Microsoft 365 Message Encryption in Outlook. Encryption is applied on a per-message basis.
Encrypting Email Attachments in Classic Outlook for Windows (Using S/MIME)
If you’re not using Classic Outlook with a Microsoft 365 qualifying subscription, you can use S/MIME encryption.
To use S/MIME encryption, both sender and recipient must have a mail application that supports the S/MIME standard.
Before you start this procedure and encrypt emails, you must first get a digital ID (also known as a digital certificate) and add it to your computer.
Adding an S/MIME Certificate to Outlook
To add a digital certificate to Outlook, follow these steps:
In Outlook, select ‘File’ > ‘Options’ > ‘Trust Center’ > ‘Trust Center Settings’.
In the left pane, select ‘Email Security’.
Under ‘Encrypted email’, choose ‘Settings’.
Under ‘Certificates and Algorithms’, select ‘Choose’ and then select your S/MIME certificate.
Select ‘OK’.
Encrypting a Single Message Using S/MIME in Outlook
To encrypt a single message using S/MIME, follow these steps:
In an email message, select ‘Options’ > ‘Encrypt’.
Choose ‘Encrypt with S/MIME’ (the exact wording may vary depending on your version of Outlook).
Finish composing your email, then select ‘Send’.
Encrypting All Outgoing Messages Using S/MIME in Outlook
When you choose to encrypt all outgoing messages by default, you can write and send messages the same way as with any other email.
However, all recipients must have your digital ID to decrypt or read your messages.
To encrypt all outgoing messages with S/MIME, follow these steps:
In Outlook, choose ‘File’ > ‘Options’ > ‘Trust Center’ > ‘Trust Center Settings’.
On the ‘Email Security’ tab, under ‘Encrypted email’, select the ‘Encrypt contents and attachments for outgoing messages’ check box.
To change additional settings, such as choosing a specific certificate to use, select ‘Settings’.
When you’re done selecting your settings, select ‘OK’ to save your changes.
Important: Microsoft Purview Message Encryption (MPME) should not be applied to a message that is already signed or encrypted using S/MIME. To apply MPME, you must first remove the S/MIME signature and encryption. The same applies to MPME-protected messages; do not sign or encrypt them using S/MIME.
Encrypting Email Attachments in Outlook.com
If you have a Microsoft 365 Family or Microsoft 365 Personal subscription, Outlook.com includes Microsoft Purview Message Encryption.
To encrypt emails and attachments from Outlook in your desktop browser, follow these steps:
Click on ‘Encrypt’ at the top of the email composition window.
Choose either ‘Encrypt’ or ‘Do Not Forward’. If you choose ‘No Permission Set’, Outlook uses TLS to encrypt the connection but not the message’s contents.
Write your message and attach any documents.
Click ‘Send’.
Note: Attachments behave differently after they’re downloaded, depending on the encryption option used. Selecting ‘Encrypt’ enables recipients with Outlook.com and Microsoft 365 accounts to download attachments without encryption on supported apps. Recipients using other email clients can access attachments with a temporary passcode via the Microsoft 365 Message Encryption portal.
How to Encrypt Email Attachments in Gmail
Gmail offers different types of security, including:
‘Confidential Mode’, as part of its free, standard offering
S/MIME, as part of its paid enterprise accounts
Whether you’re using the standard or paid version of Gmail, there are slightly different methods for setting up and using security for your emails and attachments.
Encrypting Email Attachments with a Free Gmail Account
By default, all message text and attachments that you send using Gmail are encrypted during transmission.
However, if your recipient isn’t using a mail server that supports TLS, any messages you send won’t be encrypted.
To add extra security to your sensitive emails, you can apply ‘Confidential Mode’ or use S/MIME encryption.
Applying Confidential Mode in Gmail
Gmail’s Confidential Mode lets you set a passcode and expiry date for emails and attachments, and stops recipients from forwarding, copying, printing, or downloading the contents.
Follow these steps to apply Confidential Mode:
Click the ‘Compose’ button on the left-hand side of the inbox.
Select the ‘lock icon’, found in the bottom right of the window.
Choose your desired expiry date and whether or not to set a passcode. If you choose ‘SMS passcode’, recipients will receive a passcode by text message.
Press ‘Save’.
Finish and send your email as normal.
Note: Gmail’s Confidential Mode is not true end-to-end encryption. It offers limited protection against non-technical users sharing information. Confidential Mode adds a layer of security, but it isn’t a substitute for more robust options like S/MIME.
Encrypting Email Attachments with an Enterprise Google Workspace Account
If you have a paid Google Workspace Enterprise account, S/MIME encryption is available as an option.
Before you can send an encrypted email using S/MIME in Gmail, you must add a certificate to the company’s account settings.
Adding an S/MIME Certificate to Gmail
To add an S/MIME certificate to Gmail, follow these steps:
Under ‘Organisations’ on the left-hand side, select the domain you want to configure for encryption.
Check the box labelled ‘Enable S/MIME encryption for sending and receiving’ under S/MIME settings.
Choose whether to let people upload their own certificates, or upload and manage root certificates yourself.
Click ‘Save’.
Note: These steps can only be completed by an account administrator.
Encrypting a Message Using S/MIME in Gmail
Once your domain or organisation has been set up to send encrypted emails, you only need to compose messages, attach documents, and send as usual.
To check whether an email you are composing is being sent encrypted, look for the padlock icon next to the recipient address when writing a new message.
A ‘grey padlock’ means the message will be sent using TLS.
A ‘green padlock’ means it will be sent using S/MIME.
A ‘red padlock’ means the email will be sent without encryption.
How to Encrypt Email Attachments in iOS (Mail App)
Apple lets you send and receive encrypted emails in the Mail app for iPhone.
iOS supports S/MIME encryption, which means you will need to download a certificate from a Certificate Authority first.
Adding an S/MIME Certificate to iOS
Set up your certificate in iOS by following these steps:
Open ‘Settings’ on your device.
Click on ‘Mail’, then ‘Accounts’.
Select the account you want to send encrypted messages from.
Press ‘Advanced’ and turn on the ‘Encrypt by Default’ option.
Encrypting a Message Using S/MIME in iOS
Once your certificate is set up, you can send encrypted emails by composing your message, attaching documents, and sending as usual.
To toggle encryption for an email you’re composing, look for the padlock icon in the address field.
A ‘closed padlock’ means the email will be encrypted.
An ‘open padlock’ means it will be sent unencrypted.
Sabrina McClune is a Women in Tech Excellence 2022 finalist who writes extensively on cybersecurity, digital transformation, data protection, and digital identity. With a postgraduate degree in Digital Marketing (Distinction) and a First-Class Honours degree in English, she combines a strong academic foundation with professional expertise. At Beyond Encryption, Sabrina develops research-led content that supports financial and technology sectors navigating the complexities of the digital age.