How to Encrypt Email Attachments (Outlook, Gmail, & iOS)

We all love email—but if you don't know how to encrypt attachments, your important documents can become an easy target for hackers.

I’ve seen firsthand, in my years of researching email security, just how devastating email interception can be to people's livelihoods.

Many people underestimate how vulnerable their email attachments are.

Especially at work, a data breach can lead to financial loss or legal trouble—risks that are easily avoidable with simple precautions.

In this guide, I’ll walk you through the steps you need to take to encrypt email attachments in Outlook, Gmail, and iOS.

With a little extra care, you can make sure your communications stay private and enjoy the peace of mind of knowing your data is safe.

Contents:

• What is Email Encryption?
• Encrypting Attachments in Outlook
• Encrypting Attachments in Gmail
• Encrypting Attachments in iOS
• The Best Attachment Security

What is Email Encryption?

Email encryption keeps your messages secure by scrambling them so only the intended recipient can read them.

It uses special techniques to protect your information from prying eyes. Only someone with the right key can unlock and read the email.

Without encryption, an email is like a postcard—anyone could read it on its journey (and any sensitive data you attach).

A lot of email providers encrypt some data, but without additional protection (ideally from send to receive, known as "end-to-end encryption"), emails are vulnerable to interception.

To protect sensitive or private emails and attachments, you'll need to add extra security to your messages.

If you want to learn more, we've published another article about the different types of email encryption.

Scroll down to learn how to encrypt email attachments for your setup.

How to Encrypt Email Attachments in Outlook

Microsoft Outlook supports different types of encryption methods depending on your version of Outlook and your subscription.

These include:

• S/MIME encryption, which requires a digital certificate (also known as a digital ID).
• Microsoft Purview Message Encryption (formerly Office 365 Message Encryption), available with certain Microsoft 365 subscriptions.

For most purposes, either type of encryption will be appropriate to raise your level of security against common threats.

Encrypting Email Attachments in New Outlook for Windows

New Outlook for Windows supports Microsoft 365 Message Encryption as long as you have an Office 365 Enterprise E3 licence or higher.

To encrypt an email in New Outlook for Windows, follow these steps:

1. Open Outlook and click on 'New Email' to compose a new message.
2. In the email composition window, click on the 'Options' tab.
3. Select 'Encrypt'.
4. Choose the encryption that has the restrictions you want, such as 'Encrypt-Only' or 'Do Not Forward'. If you choose 'No Permission Set', Outlook uses Transport Layer Security (TLS) to encrypt the connection but not the contents of the message.
5. Write your message and attach any documents.
6. Click 'Send'.

Encrypting Email Attachments in Classic Outlook for Windows (With an E3 Licence)

To use Microsoft 365 Message Encryption, you must have an Office 365 Enterprise E3 licence or higher.

Microsoft 365 Message Encryption also needs to be configured by your email administrator before you can use it.

To encrypt an email with Microsoft 365 Message Encryption, follow these steps:

1. Open Outlook and click on 'New Email'.
2. Click on the 'Options' tab.
3. Select 'Encrypt'.
4. Choose the encryption option that has the restrictions you'd like to enforce, such as 'Encrypt-Only' or 'Do Not Forward'.
5. Write your message and attach any documents.
6. Click 'Send'.

Encrypting Email Attachments in Classic Outlook for Windows (Using S/MIME)

If you're not using Classic Outlook with a Microsoft 365 qualifying subscription, you can use S/MIME encryption.

To use S/MIME encryption, both sender and recipient must have a mail application that supports the S/MIME standard.

Before you start this procedure and encrypt emails, you must first get a digital ID, also known as a digital certificate, and add it to your computer.

Adding an S/MIME Certificate to Outlook

To add a digital certificate to Outlook, follow these steps:

1. In Outlook, select 'File' > 'Options' > 'Trust Center' > 'Trust Center Settings'.
2. In the left pane, select 'Email Security'.
3. Under 'Encrypted email', choose 'Settings'.
4. Under 'Certificates and Algorithms', select 'Choose' and then select your S/MIME certificate.
5. Select 'OK'.

Encrypting a Single Message Using S/MIME in Outlook

To encrypt a single message using S/MIME, follow these steps:

1. In an email message, select 'Options' > 'Encrypt'.
2. Choose 'Encrypt with S/MIME' (the exact wording may vary depending on your version of Outlook).
3. Finish composing your email and then select 'Send'.

Encrypting All Outgoing Messages Using S/MIME in Outlook

When you choose to encrypt all outgoing messages by default, you can write and send messages the same as with any other email.

However, all potential recipients must have your digital ID to decrypt or read your messages.

To encrypt all outgoing messages with S/MIME, follow these steps:

1. In Outlook, choose 'File' > 'Options' > 'Trust Center' > 'Trust Center Settings'.
2. On the 'Email Security' tab, under 'Encrypted email', select the 'Encrypt contents and attachments for outgoing messages' check box.
3. To change additional settings, such as choosing a specific certificate to use, select 'Settings'.
4. Once you're done selecting your settings, select 'OK' to save your changes.

Encrypting Email Attachments in Outlook.com

If you have a Microsoft 365 Family or Microsoft 365 Personal subscription, Outlook.com includes Microsoft Purview Message Encryption.

To encrypt emails and attachments from Outlook within your desktop browser, follow these steps:

1. Go to Outlook.com and click 'New Message'.
2. Click on 'Encrypt' at the top of the email composition window.
3. Choose either 'Encrypt' or 'Do Not Forward'. If you choose 'No Permission Set', Outlook uses Transport Layer Security (TLS) to encrypt the connection but not the contents of the message.
4. Write your message and attach any documents.
5. Click 'Send'.

How to Encrypt Email Attachments in Gmail

Gmail offers different types of security to users, including:

• 'Confidential Mode', as part of its free, standard offering.
• S/MIME, as part of its paid enterprise accounts.

Depending on whether you are using the standard or paid version of Gmail, there are slightly different methods for setting up and using the security for your emails and attachments.

Encrypting Email Attachments with a Free Gmail Account

By default, all message text and attachments that you send using Gmail are encrypted during transmission.

However, if your recipient isn't using a mail server that supports TLS, any messages you send won’t be encrypted.

To apply additional security to your sensitive emails, you can apply 'Confidential Mode' or use S/MIME encryption.

Applying Confidential Mode in Gmail

Gmail's Confidential Mode allows users to set a passcode and expiration date for emails and any attachments, as well as preventing recipients from forwarding, copying, printing, and downloading the contents.

Follow these steps to apply Confidential Mode:

1. Click the 'Compose' button on the left-hand side of the inbox.
2. Select the 'lock icon', found in the bottom right of the window.
3. Choose your desired expiry date and whether or not to set a passcode. If you choose 'SMS passcode', recipients will receive a passcode by text message.
4. Press 'Save'.
5. Finish and send your email as normal.

Encrypting Email Attachments with an Enterprise Google Workspace Account

For those who have access to a paid Google Workspace Enterprise account, S/MIME encryption is available as an option.

Before you can send an encrypted email using S/MIME in Gmail, you have to configure it to the company account by adding a certificate.

Adding an S/MIME Certificate to Gmail

To add a S/MIME certificate to Gmail, follow these steps:

1. Sign in to the 'Google Admin console'.
2. Click 'Menu' > 'Apps' > 'Google Workspace' > 'Gmail' > 'User Settings'.
3. Under 'Organisations' on the left-hand side, select the domain that you want to configure for encryption.
4. Check the box labelled 'Enable S/MIME encryption for sending and receiving' under S/MIME settings.
5. Choose whether to let people upload their own certificates, or upload and manage root certificates yourself.
6. Click 'Save'.

Encrypting a Message Using S/MIME in Gmail

Once your domain or organisation has been configured to send encrypted emails, users just need to compose messages, attach documents, and send as usual.

To double-check whether an email you are composing is being sent encrypted, you can look at the padlock icon next to the recipient address when composing a new message.

• A 'grey padlock' indicates that the message will be sent using TLS.
• A 'green padlock' shows that it will be sent using S/MIME.
• A 'red padlock' means that the email will be sent without encryption.

How to Encrypt Email Attachments in iOS (Mail App)

Apple gives users the capability to send and receive encrypted emails in the Mail app for iPhone.

iOS supports S/MIME encryption, meaning that you will first need to download a certificate from a Certificate Authority.

Adding an S/MIME Certificate to iOS

Configure your certificate in iOS by following these steps:

1. Open 'Settings' on your device.
2. Click on 'Mail', and then 'Accounts'.
3. Select the account that you want to send encrypted messages from.
4. Press 'Advanced' and turn on the 'Encrypt by Default' option.

Encrypting a Message Using S/MIME in iOS

Once your certificate is configured, you can send encrypted emails by composing messages, attaching documents, and sending as usual.

To toggle whether an email you are composing is being sent encrypted, you can find a padlock icon in the address field when composing a new message.

• A 'closed padlock' indicates that the email will be encrypted.
• An 'open padlock' shows that it will be sent unencrypted.

The Best Email Attachment Security

We’ve covered how to encrypt email attachments in Outlook, Gmail, and iOS—but sometimes, the built-in options just aren't enough, especially when it comes to safeguarding highly sensitive business or customer data.

Features like recipient authentication and email revocation can make a world of difference in keeping your information secure.

Recipient authentication ensures that only the person you intend can open an email—no more worrying about messages landing in the wrong hands.

And if you've ever hit 'send' and immediately wished you hadn't, the ability to revoke that email can save you from a potential mishap.

By using a secure email solution, you can add that extra layer of protection to make sure your communications stay truly private.

"Every email you send is a piece of your story. Make sure it's one only your recipient can read."

— Paul Holland, Founder, Beyond Encryption

Learn more about secure email solutions in What is Secure Email?

FAQ

What is Email Interception?

Email interception is the unauthorised access of email messages as they are transmitted across networks.

It allows threat actors to eavesdrop on private conversations and potentially modify the contents of emails.

Interception can occur at various points along the email's journey from sender to recipient, including:

• Within the sender's or recipient's email servers
• During the email's transit over the internet, or at any intermediate servers that handle the email.

The main reason that unencrypted documents are at risk of email interception is that they are transmitted in plain text, allowing anyone who gains access to the message to read the contents.

The consequences of email interception can be severe, ranging from identity theft and financial fraud to the exposure of sensitive corporate information.

References:

Find digital ID or digital signature services, Microsoft, 2024

Set up Message Encryption, Microsoft, 2023

Turn on hosted S/MIME for message encryption, Google, 2024

Reviewed by:

Sabrina McClune, 25.11.24

Sam Kendall, 15.11.24