It’s disturbing that almost 300 billion emails are sent daily, mostly by users who never question the risk of doing so. If you use emails for confidential matters, you ought to start wondering how to encrypt your email or send a secure email in Gmail. 

You can never afford to assume that the Internet is a rosy place. With hackers prowling on easy targets, email systems can be exploited, as evidenced in security flaws that keep popping to the surface. 

Before you hit “send” on your next email, read this article and learn ways to safeguard your message from the prying eyes of both 3rd parties and the email providers themselves.

We’ll be covering the following:

Why Encrypt Your Email?

For non-technical users, the word “encryption” is technological jargon that triggers images, digits, and padlocks. When sending an email, encryption is the process of scrambling the message into unintelligible data with the recipient’s public key. To reconstruct the data, the recipient would need a private key. 

Most email providers would have some sort of encryption built into their servers. If you’re unsure if your email provider has encryption in place, you’ll want to check it out. Sending unencrypted emails is an open invitation to hackers to intercept and read the unprotected content.

Gmail and TLS Encryption

If you’re using Gmail, you’ll be protected by the TLS or Transport Layer Security encryption. It is transport-level protection, which means that your email is protected as long as it is hopping between servers to the recipient, so you send secure email. 

Theoretically, the default TLS encryption uses a 128-bit key, which effectively prevents hackers from spying on the emails in transit. But here’s the catch. The TLS encryption only works when both the sender and recipient are using Gmail. If you’re sending an email to a non-Gmail user, you’ll not be protected with the TLS encryption. 

Even if you’re protected by TLS, you’ll need to be aware of its limitation as transport-level encryption. The TLS protects the email when it is being transmitted between servers. Once it has reached the recipient’s mailbox, it’s subjected to risks of being spied on by 3rd parties. 

The TLS encryption may keep your email safe from external parties, but it does nothing to stop Google from scanning your email for advertising purposes. Email providers are able to scan and sort your email if you’re using TLS encryption. 

But the real horror is how Google allows hundreds of app developers access to millions of inboxes and possibly sharing them with third-party firms. That just shows how imperfect the TLS encryption is in securing your email privacy. 

End-to-End Encryption

It’s hard to predict if another fiasco with Gmail will recur, but judging by history, it’s better to be safe than sorry. To prevent Gmail or other providers from snooping your inbox, you’ll need end-to-end encryption. PGP is a commonly-used protocol for end-to-end encryption.

The end-to-end encryption protects your email not only when it’s in transit, but up to when it’s being stored in the recipient’s mailbox. Only the recipient with the valid private key can access the content of the email. No third parties, including the email provider, are able to scan emails protected by end-to-end encryption.

There are a few secure email providers that offer secure email with end-to-end encryption. ProtonMail is a familiar name for users who crave privacy and anonymity when sending emails. You’re also able to send encrypted emails to users who are not using ProtonMail accounts. This makes emailing more secure compared to transport-level encryption.

Is Gmail Confidential Mode Secure?

In its attempt to provide a more secure emailing experience, Google introduced the Confidential Mode in 2018. Emails delivered with the Confidential Mode turned on cannot be printed, shared, copied, or forwarded.

how to encrypt email send secure Gmail

You’re also able to set the expiration duration of the email, where it will automatically be deleted from the recipient’s mailbox thereafter. With the provision of protecting the email by a passcode, it seems that Gmail is ramping up its security. 

However, a deeper probe into the Confidential mode reveals that the features only offer protection on the surface level. The Confidential Mode doesn’t prevent Google from scanning or reading your emails. Even with the self-deleting feature, the original draft remains in the sender’s folder. 

It’s fair to say that Gmail’s Confidential Mode doesn’t offer confidentiality in the strictest sense. If you need total privacy, including from the email provider itself, you’ll need an end-to-end encryption emailing service.  

How to Encrypt Email in Gmail

Gmail is an inherently transport-layer-encrypted email service and it only protects your emails to a certain extent. If you need total protection and privacy, you’ll need to encrypt emails in Gmail with end-to-end encryption.

There are a few plugins that allow users to send fully encrypted emails on Gmail. One such popular plugin is FlowCrypt. 

FlowCrypt is a browser extension designed to encrypt Gmail with end-to-end encryption. By installing FlowCrypt, the email you send out is free from the eyes of Google and other parties. You can download FlowCrypt for free and start sending fully encrypted emails. Flowcrypt also offers a premium plan that removes the limitation of the free version.

Here’s how to use FlowCrypt with Gmail on Google Chrome.

1. Go to FlowCrypt website and click Get Chrome Extension.

2. Click Add To Chrome to install FlowCrypt.

3. Set up FlowCrypt to work with Gmail. At the setup page, click Continue to Gmail. Choose the desired Gmail to work with FlowCrypt.

4. You’ll then need to create a new private key or import an existing one. If you’re new to encryption, chose New Encryption Key. 

5. Enter the passphrase. Use a combination of lengthy alphanumeric and symbols to set a strong passphrase. Click Create and Save to continue.

6. Jot down your passphrase in an offline location. It’s needed to secure your FlowCrypt account. Tick the checkbox and click OK to continue. 

7. You’re now ready to send an encrypted email on Gmail.

8. Launch Gmail and look for the Secure Compose button. Click on it to start composing a fully-encrypted email.

9. A secure message composer will appear. Any email sent within this composer will be encrypted from end-to-end. 

Best VPN to Use With Your Secure Email

Using an end-to-end encryption plugin on Gmail is good enough to keep prying eyes out of your email. However, you’ll need to be aware that you’re still susceptible to cyberattacks when you’re browsing or using other apps on your device.

To ensure total internet protection, a VPN will be handy. It anonymizes your IP address and encrypts all information sent from the device. A VPN complements a secure email system and here are some of the top VPNs around.

1. NordVPN

NordVPN shines in every aspect that could be expected from a decent VPN. It operates with 5244 servers in 59 countries and is known to deliver consistently fast connections. In terms of security, NordVPN relies on the super-secure AES-256 encryption, which is literally unbreakable.

You could go totally anonymous with NordVPN as it has a strict no-logs policy. Besides that, being headquartered in Panama means NordVPN has no obligations to comply with data retention laws. It also offers competitive prices when you subscribe to plans ranging 12 months or more.

2. CyberGhost 

Launched over a decade ago, CyberGhost delivers more than basic internet security. On top of its military-grade encryption, CyberGhost relies on its own data centres to provide VPN access to more than 5500+ servers. 

CyberGhost is also strongly supportive of streaming and torrenting. With its dedicated server list for such purposes, you can easily tune in to your favorite streaming service or download torrents. Besides supporting major operating platforms, CyberGhost is one of the few VPNs that are downloadable for specific routers.

3. SurfShark

The offer of having unlimited devices is a distinctive feature of SurfShark. Bring in the incredibly low price and you’ll have an irresistible VPN. Surfshark shows great security, strict privacy and impressive speed across its network of 1,000+ servers in 61+ countries.

Surfshark does more than provide a secure email environment. It’s a great VPN if you’re an avid Netflix user. Its ability to bypass Netflix’s blockage and decent connection speed makes streaming a pleasant experience. 

4. ExpressVPN

True to its name, ExpressVPN is arguably one of the fastest VPNs in the industry. It has a considerably large network of 3,000+ servers in 160 countries. ExpressVPN uses the AES-256 encryption to safeguard information channeled through its servers.

ExpressVPN practices a strict no-log policy which means no information linking you to the browsing activities is stored. All of its servers use RAM instead of hard disk, which practically ensures all session data is wiped off when the system restarts.


It’s a mistake to assume that sending emails on Gmail or other email providers is a risk-free affair. From recent ongoings, it seems the concern of having your emails scanned and read without your knowledge is as grave as having them intercepted by hackers.

Understanding the different types of encryption helps to identify the right email provider that provides true privacy. If you’ve been using Gmail, it helps to install an end-to-end encryption plug-in to ensure no one but your recipient has access to the message. 

Of course, creating a secure email environment extends to preventing attacks beyond the email platform. Using a VPN helps you to overcome potential snooping on your device. 

Start encrypting your email now and install a VPN for additional protection. 

Mark Coulman
About Mark Coulman

Cybersecurity expert with a keen interest in technology and digital privacy. Mark has more than 14 years of experience in creating and managing various reliable WEB applications for IT companies in the EU and the US. Loves 3-4 letter words like PHP, XML, HTML, CSS, DB2, ASP, CRM, ERP, SAP, etc.