How to Encrypt Email Attachments (Outlook, Gmail, & iOS)

We all love email - but if you don’t know how to encrypt attachments, important documents can be far easier to access or intercept than most people realise.

In my years of researching email security, I’ve seen firsthand just how devastating email interception can be to people’s livelihoods.

Many people underestimate how vulnerable their email attachments are.

Especially at work, a mistake or breach can lead to financial loss or compliance issues - risks you can reduce with a few simple precautions.

Let’s look at the steps you need to take to encrypt email attachments in Outlook, Gmail, and iOS.

In most email tools, you encrypt the email itself, which also protects the attachments inside it.

With a little extra care, you can help keep your communications private and feel more confident about how you share sensitive data.

Contents

• What Is Email Encryption?
• Encrypting Attachments in Outlook
• Encrypting Attachments in Gmail
• Encrypting Attachments in iOS
• The Best Attachment Security

What Is Email Encryption?

Email encryption keeps your messages secure by scrambling them so that only the intended recipient can read them.

It uses special techniques to protect your information from prying eyes.

Only someone with the right key can unlock and read the email.

Without extra protections, email can behave a bit like a postcard - it can pass through multiple systems on its journey, and attachments can be exposed if an account, device, or connection is compromised.

Many email providers will try to encrypt messages in transit using Transport Layer Security (TLS), but that doesn’t protect messages end to end.

To protect sensitive or private emails and attachments, you’ll usually need to add extra security to your messages.

Scroll to learn how to encrypt email attachments for your setup.

How to Encrypt Email Attachments in Outlook

Microsoft Outlook supports different types of encryption methods, depending on your version of Outlook and your subscription.

These include:

• S/MIME encryption, which requires a digital certificate (also known as a digital ID)
• Microsoft Purview Message Encryption (formerly Office 365 Message Encryption), available with certain Microsoft 365 subscriptions

For most purposes, either type of encryption will be enough to raise your level of security against common threats.

Encrypting Email Attachments in New Outlook for Windows

New Outlook for Windows supports Microsoft Purview Message Encryption (sometimes labelled “Microsoft 365 Message Encryption”) if you have a qualifying Microsoft 365 subscription and your administrator has enabled it.

To encrypt an email in New Outlook for Windows, follow these steps:

1. Open Outlook and click on ‘New Email’ to compose a new message.
2. In the email composition window, click on the ‘Options’ tab.
3. Select ‘Encrypt’.
4. Choose the encryption that has the restrictions you want, such as ‘Encrypt-Only’ or ‘Do Not Forward’. If you choose ‘No Permission Set’, Outlook uses Transport Layer Security (TLS) to encrypt the connection but not the message’s contents.
   
5. Write your message and attach any documents.
6. Click ‘Send’.

Encrypting Email Attachments in Classic Outlook for Windows (With a Qualifying Microsoft 365 Subscription)

To use Microsoft Purview Message Encryption, you must have a qualifying Microsoft 365 subscription.

Microsoft Purview Message Encryption also needs to be configured by your email administrator before you can use it.

To encrypt an email with Microsoft Purview Message Encryption, follow these steps:

1. Open Outlook and click on ‘New Email’.
2. Click on the ‘Options’ tab.
3. Select ‘Encrypt’.
4. Choose the encryption option that has the restrictions you’d like to use, such as ‘Encrypt-Only’ or ‘Do Not Forward’.
   
5. Write your message and attach any documents.
6. Click ‘Send’.

Encrypting Email Attachments in Classic Outlook for Windows (Using S/MIME)

If you’re not using Classic Outlook with a Microsoft 365 qualifying subscription, you can use S/MIME encryption.

To use S/MIME encryption, both sender and recipient must have a mail application that supports the S/MIME standard.

Before you start this procedure and encrypt emails, you must first get a digital ID (also known as a digital certificate) and add it to your computer.

Adding an S/MIME Certificate to Outlook

To add a digital certificate to Outlook, follow these steps:

1. In Outlook, select ‘File’ > ‘Options’ > ‘Trust Center’ > ‘Trust Center Settings’.
   
2. In the left pane, select ‘Email Security’.
3. Under ‘Encrypted email’, choose ‘Settings’.
   
4. Under ‘Certificates and Algorithms’, select ‘Choose’ and then select your S/MIME certificate.
   
5. Select ‘OK’.

Encrypting a Single Message Using S/MIME in Outlook

To encrypt a single message using S/MIME, follow these steps:

1. In an email message, select ‘Options’ > ‘Encrypt’.
2. Choose ‘Encrypt with S/MIME’ (the exact wording may vary depending on your version of Outlook).
3. Finish composing your email, then select ‘Send’.

Encrypting All Outgoing Messages Using S/MIME in Outlook

When you choose to encrypt all outgoing messages by default, you can write and send messages the same way as with any other email.

However, all recipients must have your digital ID to decrypt or read your messages.

To encrypt all outgoing messages with S/MIME, follow these steps:

1. In Outlook, choose ‘File’ > ‘Options’ > ‘Trust Center’ > ‘Trust Center Settings’.
2. On the ‘Email Security’ tab, under ‘Encrypted email’, select the ‘Encrypt contents and attachments for outgoing messages’ check box.
   
3. To change additional settings, such as choosing a specific certificate to use, select ‘Settings’.
4. When you’re done selecting your settings, select ‘OK’ to save your changes.

Encrypting Email Attachments in Outlook.com

If you have a Microsoft 365 Personal or Microsoft 365 Family subscription, Outlook.com includes an Encrypt option.

To encrypt emails and attachments from Outlook in your desktop browser, follow these steps:

1. Go to Outlook.com and click ‘New Message’.
2. Click on ‘Encrypt’ at the top of the email composition window.
3. Choose either ‘Encrypt’ or ‘Do Not Forward’. If you choose ‘No Permission Set’, Outlook uses TLS to encrypt the connection but not the message’s contents.
4. Write your message and attach any documents.
5. Click ‘Send’.

How to Encrypt Email Attachments in Gmail

Gmail offers different types of security, including:

• ‘Confidential Mode’, as part of its free, standard offering
• S/MIME, on certain Google Workspace editions where it has been set up by an administrator

Whether you’re using the standard or paid version of Gmail, there are slightly different methods for setting up and using security for your emails and attachments.

Encrypting Email Attachments with a Free Gmail Account

Gmail will try to encrypt message text and attachments during transmission using TLS.

However, if your recipient’s email service doesn’t support TLS, messages may be sent without that in-transit protection.

If you need extra safeguards for sensitive emails, you can apply Confidential Mode. For organisation-managed options like hosted S/MIME, you’ll need a supported Google Workspace account (see below).

Applying Confidential Mode in Gmail

Gmail’s Confidential Mode lets you set an expiry date for emails and attachments and (optionally) require a passcode.

It also disables the usual options to forward, copy, print, or download in Gmail, but it can’t stop screenshots or someone re-sharing information manually.

Follow these steps to apply Confidential Mode:

1. Click the ‘Compose’ button on the left-hand side of the inbox.
   
2. Select the ‘lock icon’, found in the bottom right of the window.
   
3. Choose your desired expiry date and whether or not to set a passcode. If you choose ‘SMS passcode’, recipients will receive a passcode by text message.
4. Press ‘Save’.
5. Finish and send your email as normal.

Encrypting Email Attachments with a Supported Google Workspace Account

On supported Google Workspace editions, S/MIME encryption is available as an option once it has been enabled by an administrator.

Before you can send an encrypted email using S/MIME in Gmail, you must add a certificate to the company’s account settings.

Adding an S/MIME Certificate to Gmail

To add an S/MIME certificate to Gmail, follow these steps:

1. Sign in to the ‘Google Admin console’.
2. Click ‘Menu’ > ‘Apps’ > ‘Google Workspace’ > ‘Gmail’ > ‘User Settings’.
3. Under ‘Organisations’ on the left-hand side, select the domain you want to configure for encryption.
4. Check the box labelled ‘Enable S/MIME encryption for sending and receiving’ under S/MIME settings.
5. Choose whether to let people upload their own certificates, or upload and manage root certificates yourself.
6. Click ‘Save’.

Encrypting a Message Using S/MIME in Gmail

Once your domain or organisation has been set up to send encrypted emails, you only need to compose messages, attach documents, and send as usual.

To check whether an email you are composing is being sent encrypted, look for the padlock icon next to the recipient address when writing a new message.

• A ‘grey padlock’ typically means the message will be sent using TLS.
• A ‘green padlock’ typically means it will be sent using S/MIME.
• A ‘red padlock’ typically means the email will be sent without encryption.

Note: Icons, labels, and colours can vary depending on your account and settings.

How to Encrypt Email Attachments in iOS (Mail App)

Apple lets you send and receive encrypted emails in the Mail app for iPhone.

iOS supports S/MIME encryption, which means you will need to download a certificate from a Certificate Authority first.

Adding an S/MIME Certificate to iOS

Set up your certificate in iOS by following these steps:

1. Open ‘Settings’ on your device.
   
2. Click on ‘Mail’, then ‘Accounts’.
   
3. Select the account you want to send encrypted messages from.
   
4. Press ‘Advanced’ and turn on the ‘Encrypt by Default’ option.

Encrypting a Message Using S/MIME in iOS

Once your certificate is set up, you can send encrypted emails by composing your message, attaching documents, and sending as usual.

To toggle encryption for an email you’re composing, look for the padlock icon in the address field.

• A ‘closed padlock’ means encryption is turned on for that email.
• An ‘open padlock’ means encryption is turned off for that email.

Learn more about different types of email encryption.

The Best Email Attachment Security

We’ve covered how to encrypt email attachments in Outlook, Gmail, and iOS.

Sometimes, though, the built-in options aren’t enough.

This is especially true when you need to protect highly sensitive business or customer data.

Features like recipient authentication and email revocation can make a world of difference in protecting your information.

Recipient authentication helps make sure only the intended person can open an email.

That means you’re less likely to worry about messages landing in the wrong hands.

If you’ve ever hit ‘send’ and immediately wished you hadn’t, the ability to revoke that email can help limit the impact of a mistake.

By using a secure email solution, you add an extra layer of protection to help keep sensitive communications private.

"Every email you send is a piece of your story. Make sure it’s one only your intended recipient should be able to read."

Paul Holland, Founder, Beyond Encryption

Learn more about secure email solutions in What is Secure Email?

FAQs

What Is Email Interception?

Email interception is when unauthorised people gain access to your messages while they’re travelling across networks.

They can read or even change what you’ve sent.

How Does Encryption Help?

Encryption scrambles your emails so they’re harder to read if they’re intercepted.

It helps reduce the chance of unauthorised access to the message content.

Is Transport Layer Security (TLS) Enough?

TLS only protects your emails during transmission between servers.

End-to-end encryption helps protect your messages from sender to recipient.

What Is S/MIME?

S/MIME is a system that encrypts emails and adds digital signatures.

Both sender and recipient need valid certificates to decode and verify messages.

What Is the Difference Between S/MIME and Microsoft Purview Message Encryption (MPME)?

S/MIME relies on personal certificates managed by each user, while MPME is handled through Microsoft 365.

Both offer encryption but differ in how they’re set up and managed.

Does Gmail’s ‘Confidential Mode’ Provide Full Encryption?

Confidential Mode can disable the usual options to forward and print in Gmail.

However, it isn’t true end-to-end encryption, so information can still be re-shared in other ways.

What Happens If a Recipient Uses an Email Service Without TLS?

Emails may be sent without TLS protection if the recipient’s email service doesn’t support it.

This can increase the risk of messages or attachments being exposed while in transit.

References

Encrypt Messages by Using S/MIME in Outlook on the Web, Microsoft, 2024

Set Up Message Encryption, Microsoft, 2023

How to Encrypt an Email in Outlook, Beyond Encryption, 2024

Turn On Hosted S/MIME for Message Encryption, Google, 2024

S/MIME for Messages in Apple Platforms, Apple, 2024

Reviewed by

Sabrina McClune, 25.11.24

Sam Kendall, 17.02.26