Email encryption can be a useful tool to protect your privacy. It prevents unauthorized parties from intercepting your emails while they are in the middle of being sent and received.
Gmail offers different options for Encrypted Email that you can use to keep your messages and attachments secure.
TLS
When you send an email using Gmail, your message is encrypted with Transport Layer Security (TLS). TLS protects your messages during transit as long as the recipient uses a compatible email service provider.
However, TLS doesn’t guarantee absolute privacy once it reaches the destination. This is because Google sees all the emails you send and can scan them for spam or other malicious content.
Another way to improve the privacy of your emails is by using a G Suite account and encrypting your messages with S/MIME encryption. This is an extra step you need to complete before sending your emails and it adds a significant amount of friction to the process.
In addition, there are a number of third-party apps and plugins available that can also encrypt your messages.
S/MIME
S/MIME encryption encrypts email data before it transmits across the internet. This prevents prying eyes from reading the message or inserting a fake response that redirects traffic to a phishing website, for example.
S/MIME also provides digital signatures for messages, making them non-refutable and preventing the smallest change from being detected. This makes emails harder to manipulate and ensures Message Integrity, which can help prevent phishing attacks, man-in-the-middle (MitM) attacks and stolen login credentials.
In order to encrypt emails, Gmail requires both the sender and recipient to have S/MIME support enabled. To enable S/MIME encryption, first sign in to your Google Admin account and go to Apps > Google Workspace > Gmail > User settings.
Confidential Mode
Confidential Mode is Google’s latest email security feature, which allows senders to set an “expiration date” on sensitive emails. Once that date arrives or passes, the recipient cannot view the message and its attachments.
It also has the ability to require a passcode that can be sent by SMS text message or via Gmail for non-Gmail users. That’s a good way to prevent recipients from sharing your confidential email with others without your consent, although it does come with some drawbacks.
Unfortunately, the feature isn’t encrypted end-to-end, so Google can still read and store your confidential messages for as long as it wants. That’s not good for your privacy and may even pose a risk to your security.
Other Options
Encryption is a good way to keep your email private. However, it can be tricky to find a secure solution that works with your mail provider and mobile device.
Gmail has a standard method for encrypting emails when they’re sent, called Transport Layer Security or TLS. But this only protects the message in transit if your recipient uses a mail service that supports TLS.
S/MIME encryption is another option, but it requires both the sender and recipient to have it enabled. This means they must exchange information called “keys” that identifies them uniquely.
In Gmail, S/MIME encryption is configured by going to the Settings tab on your Gmail account. From there, you can change the level of encryption or learn more about your recipient’s S/MIME settings.
Conclusion
Confidential Mode is a new feature Google added in 2018. It lets you set an expiration date for your messages, and it also creates a passcode that requires the recipient to send an SMS text in order to access the message.