Email Encryption FAQs

Encryption in transit helps protect your emails from being snooped on while they travel between you and your intended recipients. Unfortunately, billions of unencrypted emails are sent and received every day “in the clear,” presenting a prime target for eavesdropping and mass interception as they cross dozens of optical fibers and routers.

Security is an ongoing challenge where no solution is perfect and progress is incremental. Encryption in transit makes it more difficult to snoop on email and universal encryption of email in transit would be a huge step forward for security and privacy online. But encryption doesn’t make snooping impossible. Moreover, email is not only vulnerable in transit—it can also be snooped on after it’s delivered. For example, unauthorized parties could still gain access to your email by installing malware on the computer you use to read it.

When an email is encrypted in transit, that means it’s protected against being read by someone with access to the networks through which the email is traveling, on its way from the sender to the destination. You can think of it as a temporary envelope of security that is wrapped around your email to keep it private while it is being transmitted to its intended recipient. Transport Layer Security (TLS) is the standard means of performing encryption in transit for email.

What TLS doesn’t do is encrypt data at rest—that is to say, it does not encrypt email while it is stored on a server. There are ways to do this, such as using PGP (see below).

No single Internet security solution is perfect, but unencrypted email is a major vulnerability. Encrypting email when it travels between email providers is a big improvement that can be implemented fairly easily without any inconvenience to users.  Some more information about the state of TLS for email, and its flaws, can be found in this detailed blog post from Facebook.

Yes.  This includes Gmail and Google Workspace.  That's why this report is focused on email deliveries where Google is only one of two providers involved.

Since 2010, HTTPS has been the default when you’re signed into Gmail. This means that while your email travels between Google’s data centers and the computer you use to read your email, it’s encrypted and secure. This report is about something different: whether or not your email is protected by TLS when it travels outside Google’s data centers to the external mail server of the person you’re emailing.

We’ve turned on HTTPS for Gmail on our own, but when email is sent between different mail providers, both providers need to support TLS in order for the email to be encrypted in transit.

PGP encrypts the content of your email in such a way that, if you do everything perfectly, nobody but you and the intended recipient will ever be able to see it. When a Gmail user receives a PGP-encrypted email, for example, Gmail is unable to index the content of the email for later searching, because Gmail cannot see the content. This tradeoff of convenience for additional security is especially appropriate for people who are at risk, and adds an additional layer of security not provided by encryption in transit.

But encryption in transit adds a significant privacy benefit to PGP. PGP encrypts only the content of your email, but not its headers (e.g. who is sending and receiving the email). An eavesdropper who “overhears” the delivery of a PGP-encrypted email will be able to see what address the message was delivered to, but not the content of the message. But when a PGP-encrypted message is also encrypted by TLS while in transit, the sender and receiver of the message will not be visible to an eavesdropper.

For decades, the default has been for email to travel across the Internet unencrypted—as if it was written on a postcard. Gmail is capable of encrypting the email it sends and receives, but only when the other email provider supports TLS encryption.

In other words, encrypting 100% of all email on the Internet requires the cooperation of all online mail providers.

We count message recipients, not SMTP connections.  We don’t count emails our systems flag as spam.  We don’t count inbound messages from hosts whose forward or reverse DNS is missing or inconsistent.  This is to ensure that inbound messages can be meaningfully attributed, since a message sender can assert any “From” address that he wants.

“From: gmail.com via google.com” means all messages with an envelope sender ending in @gmail.com or a subdomain, from a host in the domain google.com or a subdomain. When the "via" domain is the same, it is elided.

An ellipsis, as in “google.{...}”, means that several domains, such as google.com and google.co.uk, have been counted together. We try to do this only when we believe that like-named hosts process mail in the same way, which is not always.