To help prevent others from reading your emails, Gmail automatically encrypts the email in transit using transport-layer security (TLS). In most cases, you can check the security of your emails.
If you have a work or school account, additional encryption types may be supported. Learn about email encryption in Gmail.
Check if your message is encrypted
Important: If you have a work or school account, you can check an email’s security when you compose a new message. This feature isn’t available to personal Gmail accounts.
- On your computer, open Gmail.
- At the top left, click Compose.
- In the "To," "Cc," or "Bcc" field, enter your recipient's email address.
- To the right of your recipient, hover over Message security :
- Message security: standard encryption: The message is encrypted with TLS.
- Message security: enhanced encryption: The message is encrypted with S/MIME.
- Message security: no encryption: The message isn’t encrypted, or Gmail doesn’t recognize the encryption type.
-
Optional: To change encryption settings, click Message security View details.
Tip: If there are multiple recipients with various encryption levels, Message security shows the lowest encryption status.
Check if a message that you receive is encrypted
- In Gmail, open a message.
- At the top, next to the recipient, click Show details .
- In the window, next to “security,” check the encryption type:
- Standard encryption (TLS)
- Enhanced encryption (S/MIME)
- [Sender name] did not encrypt this message
What to do if an email isn’t encrypted
- If you get a warning that your email isn’t encrypted, or there’s a red lock icon , the recipient may be using an email service that doesn’t support TLS or another encryption type supported by Gmail. Consider removing unencrypted addresses or deleting confidential information from the email before you send.
- If you receive an unencrypted email that contains sensitive content, let the sender know and ask them to contact their email service provider.
- If you use S/MIME, emails are encrypted in S/MIME whenever possible. To either sign or receive S/MIME-encrypted emails, you need to have a valid S/MIME certificate from a trusted source.
Why some emails might not be encrypted
For standard encryption to work, the email providers of both the sender and the recipient always have to use TLS.
The email doesn’t support encryptionSome email providers send messages to Gmail addresses using TLS but can't receive encrypted messages.
If you reply to these messages from Gmail, the red lock icon may show up.
Even if a message is protected by encryption, you may get a warning when:
- Encryption hasn't worked for a certain email provider in the past.
- Gmail isn't directly sending the message. For example, if you've set up a custom domain name like
[email protected]
, the red lock icon might show up.