Learn how Gmail encrypts your emails

When you send a message, Gmail uses encryption to help keep your message private and secure until it reaches the right person.

Transport Layer Security (TLS): Standard protection for your emails

A static image that shows how TLS works in Gmail. In the image, two people send emails to each other. Each email has a TLS icon on it, which indicates that the emails can't be tampered with while they are in transit to the intended recipients.

Available for: All Gmail accounts

All Gmail messages use TLS automatically. Think of TLS as a secure mail carrier for your messages.

  • When you send a message in Gmail, it’s like you give a letter to a reliable mail carrier.
  • If the recipient also uses this secure mail carrier, your message is protected.

Almost all major email services use TLS. When you send or receive a message in Gmail, your message is protected and marked with a gray lock icon , also known as standard encryption.

Secure/Multipurpose Internet Mail Extensions (S/MIME): Extra protection for sensitive emails

A static image that shows how S/MIME works in Gmail. In the image, two people send emails to each other. Each person has a key in their hands, which indicates that they can encrypt and decrypt the mesages.

Available for: Work or school Gmail accounts

For a higher level of security, Gmail supports S/MIME. Imagine S/MIME as a locked briefcase and only you and your recipient have the keys so that:

  • When you send a message, you put it inside the briefcase and lock it with a unique key.
  • The secure mail carrier (S/MIME) transports the briefcase and can’t open it.
  • Only the recipient can open the briefcase with their matching key.
  • Even if someone intercepts the briefcase, they can’t open it without your key.

There are 2 key-management options for S/MIME:

  • Hosted S/MIME: Google securely manages a copy of your key. These messages are marked with a green lock icon , also known as enhanced encryption. Learn about hosted S/MIME.
  • Client-side encryption (CSE): Your organization holds the only copy of the key. Not even Google can open your briefcase. These messages are marked with a blue shield icon , also known as additional encryption. Learn about Gmail CSE.

Learn how to verify email security

There are two ways to verify email security:

  • On your computer or Android device, when you compose a message, select Message security .
  • When you receive a message, open the recipient details.
  • If you get a message with a red open lock icon , it means the message is unencrypted. You should:
    • Not send sensitive information.
    • Let the sender know their message is unencrypted.

Learn how to check your email security.

Related resources