The best ways to encrypt email and secure your conversations

1.5K views
6 min read

One of the first methods of online communication, email is still a go-to for many. Because email is free, almost everyone has an email address they can be reached at.

Still, email is insecure by design. It’s built to transmit information in text, and via attachments to those messages, but often isn’t secured by default. In the past few years, encrypted email has become more popular, and many email providers and services are taking steps in the right direction. But not all of them.

Here we’ll show you how to encrypt email, how to send secure email, and how some of the most popular email providers do (or don’t) secure your communications.

How email encryption works

When you create an email, you’re typing into an app like Gmail, Mail for Mac and iOS, or one of many other email services. In many apps, those words are sent along to the recipient as though you were handing them a letter you typed up on paper.

Now, imagine if that sensitive note were intercepted. Someone could gain insight on very sensitive information, which could lead them to do some research about you to discover even more you didn’t want them to know.

This is why encrypted email is so important. It may not be able to stop people from intercepting emails, but it can prevent them from being able to read your messages. If you wanted to send secure notes, you might create your own encryption method only you and the recipient understood.


Encrypted email works the same way. Both sender and receiver utilize something called a public key cryptograph, which scrambles the email’s contents into a coded string only the sender and receiver can decode. There’s also a private key on your computer that actually decodes the message, ensuring that only the right people can read each message.

Are Gmail attachments encrypted?

If you’re wondering how to send encrypted email Gmail, the answer is a bit complex.

Google uses TLS, or Transport Layer Security, on all Gmail messages. This encrypts emails coming in or leaving your inbox, but doesn’t work for everyone. TLS is only successful if the email providers for the sender and receiver use TLS by default. Long story short, you have to use TLS and know the recipient uses TLS for the encryption to be effective.

This applies to everything sent via Gmail. Because attachments are simply part of an email, they also fall under the TLS rules. So, unless everyone is using TLS, it just doesn’t work.

What about Gmail Confidential Mode

The term ‘confidential mode’ is misleading from an encryption standpoint. What Gmail’s confidential mode does is allow you more granular control of email you send.

With Gmail confidential mode, you can do the following:

  • Set email to expire. You can opt to set an expiration date for an email. This provides an artificial deadline for the email you send.

  • Remove access. If you no longer want someone to have access to an email, you can choose to remove their access to an email sent in Confidential Mode.

  • Require a passcode. You can choose to have Google generate a passcode for the recipient, which will then require them to use that passcode to open the email you send them.

    Gmail’s confidential mode settings

This has several issues. First, generating a passcode requires you to give Google the recipient’s phone number. Second, Confidential Mode is not encryption. Unless both parties use TLS for email, Google will still be able to read an email sent in Confidential Mode so long as it’s in your sent folder, even after an expiration date passes. 

We will stop short of calling Gmail’s Confidential Mode unsafe. It has features that provide a level of assurance the right people read your emails in an appropriate time, but this is not encryption by any standard. 

How to easily encrypt emails and track your email attachments

Good encryption requires a great email service or app. Luckily, there’s a strong contender in Canary Mail.

The app is available for your Mac, and has an option that encrypts emails by default. It’s actually Canary Mail’s default setting: you have to toggle encryption off manually to send unsecured emails!

Here’s how it works:

  1. Open Canary Mail
  2. Click the pen-and-paper icon on the top bar to send a new email
  3. Enter the recipient’s email, subject, and body of the email
  4. Click the bright blue ‘send’ icon on the top right corner when you’re done with your email

Because Canary Mail encrypts emails automatically, that’s all you need to do to send an encrypted email!

canary mail encryption

If you like, you can also manage encryption keys manually with Canary Mail. If you’ve generated keys with a service like GPGTools or Symantec, you can simply import the list via the built-in key manager for Canary Mail. Those private keys are stored on-device, too, so there’s no risk of them being available to anyone who has hacked your cloud accounts.

Otherwise, you can generate keys for users per email by clicking the ‘lock’ icon and adding a key to the list for the recipient. 

Quite honestly, most users won’t want to bother with creating and managing encryption keys. This is why Canary Mail is so nice! You don’t have to worry, you can just email people.

What sensitive data should be email encrypted?

Because email is so widely used, we tend to forget it’s actually a vulnerability for most of us. We send and receive data we probably shouldn’t, at least electronically. 

Here’s some common sensitive data transferred via email:

  • Bank information. Often, we include details of our bank account data in emails. Without encryption, someone could get into your account and take all of your money!
  • Address. One of the most widely transmitted pieces of data is an address. Though many of us don’t quite hide where we live, many don’t associate their email with their ‘personal’ life. 
  • Signatures. How often have you sent an attachment with your signature? That’s something a hacker could use to forge all kinds of documents in your name!
  • Personal plans. How often do you receive details of a plane trip, hotel stay, or other travel info in email? This is confidential data about where you go and what you do.
  • Info about others. You may have meant well, but sharing personal info about others will backfire if your unencrypted email is intercepted.

Pretty scary! There are ways to secure your info beyond email encryption, though. We really like CleanMyMac X’s Shredder feature. It completely destroys files from your computer, leaving no trace of it anywhere. It’s safe to use because you have to decide which files to shred, but it’s thorough. If you’ve ever worried your data was lingering in a file somewhere, CleanMyMac X can get rid of all traces once and for all.

cleanmymac shredder

Passwords are also a point of vulnerability. We like Secrets for managing your passwords and private data, like bank account details! 

secrets amazon

Secrets is a good idea for a few reasons related to email encryption. First, it helps you create and store unique passwords for your accounts. No more reusing passwords, which is really handy in the event you send your credentials via email. If someone were to get hold of your password for one account, they couldn’t gain access to other accounts because you didn’t reuse a password.

It’s also a really handy way to generate new, secure passwords in the vent you are compromised. You can quickly generate a new password; when changing your password, many platforms have rigid rules for how your password should be created, and Secrets can meet those needs with ease.


It may not be something you consider every day, but encrypted email is actually pretty important. So much data flows through our email inbox daily it really should be secured, and encrypted email protects both the message itself and any attachments.

When you’re ready to take data privacy a bit more seriously, the right set of tools is important. But let’s be honest that most of us won’t want to learn cryptography just to send a secure email!

That’s why we suggest Canary Mail, CleanMyMac X, and Secrets. These three apps do a great job of securing your email, clearing sensitive data from your device, and managing secure passwords. 

Best of all, they’re free with a seven-day trial of Setapp, the leading suite of productivity apps available for the Mac. Along with these three apps, a Setapp subscription provides you with unlimited access to dozens of other amazing app for your Mac across a wide range of categories like lifestyle, creativity, developer tools, education, finance, and more!

When your week-long trial of Setapp is finished, the entire suite is only $9.99 per month for unlimited access. If you prepay for a full year, the price drops 10 percent to $8.99 per month. Families will love Setapp’s $19.99 per month plan, which grants unlimited access to the full suite of apps on up to four Macs. Give Setapp a try today!

Get 190+ Mac apps for any job

Sign up to Setapp and try them for free.