Content Hub

How to Encrypt Email Attachments (Outlook, Gmail, & iOS)

Written by Sabrina McClune | 14 02 24

We all love email—but if you don’t know how to encrypt attachments, your important documents can become an easy target for hackers.

In my years of researching email security, I’ve seen firsthand just how devastating email interception can be to people’s livelihoods.

Many people underestimate how vulnerable their email attachments are.

Especially at work, a data breach can lead to financial loss or legal trouble—risks that are easily avoidable with simple precautions.

In this guide, I’ll walk you through the steps you need to take to encrypt email attachments in Outlook, Gmail, and iOS.

With a little extra care, you can make sure your communications stay private and enjoy the peace of mind of knowing your data is safe.

 

Contents:

 

What is Email Encryption?

Email encryption keeps your messages secure by scrambling them so that only the intended recipient can read them.

It uses special techniques to protect your information from prying eyes.

Only someone with the right key can unlock and read the email.

Without encryption, an email is like a postcard—anyone could read it on its journey (including any sensitive data you attach).

A lot of email providers encrypt some data, but without additional protection (ideally from send to receive, known as “end-to-end encryption”), emails are vulnerable to interception.

To protect sensitive or private emails and attachments, you’ll need to add extra security to your messages.

Scroll to learn how to encrypt email attachments for your setup.

How to Encrypt Email Attachments in Outlook

Microsoft Outlook supports different types of encryption methods, depending on your version of Outlook and your subscription.

These include:

  • S/MIME encryption, which requires a digital certificate (also known as a digital ID).
  • Microsoft Purview Message Encryption (formerly Office 365 Message Encryption), available with certain Microsoft 365 subscriptions.

For most purposes, either type of encryption will be enough to raise your level of security against common threats.

Encrypting Email Attachments in New Outlook for Windows

New Outlook for Windows supports Microsoft 365 Message Encryption if you have an Office 365 Enterprise E3 licence or higher.

To encrypt an email in New Outlook for Windows, follow these steps:

  1. Open Outlook and click on ‘New Email’ to compose a new message.
  2. In the email composition window, click on the ‘Options’ tab.
  3. Select ‘Encrypt’.
  4. Choose the encryption that has the restrictions you want, such as ‘Encrypt-Only’ or ‘Do Not Forward’. If you choose ‘No Permission Set’, Outlook uses Transport Layer Security (TLS) to encrypt the connection but not the message’s contents.
  5. Write your message and attach any documents.
  6. Click ‘Send’.
Note: If you choose ‘Encrypt-Only’, the message is encrypted. Recipients can share the email and any attachments with third parties. If you choose ‘Do Not Forward’, the message is encrypted and additional protections prevent recipients from forwarding it to others.

Encrypting Email Attachments in Classic Outlook for Windows (With an E3 Licence)

To use Microsoft 365 Message Encryption, you must have an Office 365 Enterprise E3 licence or higher.

Microsoft 365 Message Encryption also needs to be configured by your email administrator before you can use it.

To encrypt an email with Microsoft 365 Message Encryption, follow these steps:

  1. Open Outlook and click on ‘New Email’.
  2. Click on the ‘Options’ tab.
  3. Select ‘Encrypt’.
  4. Choose the encryption option that has the restrictions you’d like to use, such as ‘Encrypt-Only’ or ‘Do Not Forward’.
  5. Write your message and attach any documents.
  6. Click ‘Send’.
Note: There is no option to encrypt all outgoing messages by default using Microsoft 365 Message Encryption in Outlook. Encryption is applied on a per-message basis.

Encrypting Email Attachments in Classic Outlook for Windows (Using S/MIME)

If you’re not using Classic Outlook with a Microsoft 365 qualifying subscription, you can use S/MIME encryption.

To use S/MIME encryption, both sender and recipient must have a mail application that supports the S/MIME standard.

Before you start this procedure and encrypt emails, you must first get a digital ID (also known as a digital certificate) and add it to your computer.

Adding an S/MIME Certificate to Outlook

To add a digital certificate to Outlook, follow these steps:

  1. In Outlook, select ‘File’ > ‘Options’ > ‘Trust Center’ > ‘Trust Center Settings’.
  2. In the left pane, select ‘Email Security’.
  3. Under ‘Encrypted email’, choose ‘Settings’.
  4. Under ‘Certificates and Algorithms’, select ‘Choose’ and then select your S/MIME certificate.
  5. Select ‘OK’.

Encrypting a Single Message Using S/MIME in Outlook

To encrypt a single message using S/MIME, follow these steps:

  1. In an email message, select ‘Options’ > ‘Encrypt’.
  2. Choose ‘Encrypt with S/MIME’ (the exact wording may vary depending on your version of Outlook).
  3. Finish composing your email, then select ‘Send’.

Encrypting All Outgoing Messages Using S/MIME in Outlook

When you choose to encrypt all outgoing messages by default, you can write and send messages the same way as with any other email.

However, all recipients must have your digital ID to decrypt or read your messages.

To encrypt all outgoing messages with S/MIME, follow these steps:

  1. In Outlook, choose ‘File’ > ‘Options’ > ‘Trust Center’ > ‘Trust Center Settings’.
  2. On the ‘Email Security’ tab, under ‘Encrypted email’, select the ‘Encrypt contents and attachments for outgoing messages’ check box.
  3. To change additional settings, such as choosing a specific certificate to use, select ‘Settings’.
  4. When you’re done selecting your settings, select ‘OK’ to save your changes.
Important: Microsoft Purview Message Encryption (MPME) should not be applied to a message that is already signed or encrypted using S/MIME. To apply MPME, you must first remove the S/MIME signature and encryption. The same applies to MPME-protected messages; do not sign or encrypt them using S/MIME.

Encrypting Email Attachments in Outlook.com

If you have a Microsoft 365 Family or Microsoft 365 Personal subscription, Outlook.com includes Microsoft Purview Message Encryption.

To encrypt emails and attachments from Outlook in your desktop browser, follow these steps:

  1. Go to Outlook.com and click ‘New Message’.
  2. Click on ‘Encrypt’ at the top of the email composition window.
  3. Choose either ‘Encrypt’ or ‘Do Not Forward’. If you choose ‘No Permission Set’, Outlook uses TLS to encrypt the connection but not the message’s contents.
  4. Write your message and attach any documents.
  5. Click ‘Send’.
Note: Attachments behave differently after they’re downloaded, depending on the encryption option used. Selecting ‘Encrypt’ enables recipients with Outlook.com and Microsoft 365 accounts to download attachments without encryption on supported apps. Recipients using other email clients can access attachments with a temporary passcode via the Microsoft 365 Message Encryption portal.

How to Encrypt Email Attachments in Gmail

Gmail offers different types of security, including:

  • ‘Confidential Mode’, as part of its free, standard offering.
  • S/MIME, as part of its paid enterprise accounts.

Whether you’re using the standard or paid version of Gmail, there are slightly different methods for setting up and using security for your emails and attachments.

Encrypting Email Attachments with a Free Gmail Account

By default, all message text and attachments that you send using Gmail are encrypted during transmission.

However, if your recipient isn’t using a mail server that supports TLS, any messages you send won’t be encrypted.

To add extra security to your sensitive emails, you can apply ‘Confidential Mode’ or use S/MIME encryption.

Applying Confidential Mode in Gmail

Gmail’s Confidential Mode lets you set a passcode and expiry date for emails and attachments, and stops recipients from forwarding, copying, printing, or downloading the contents.

Follow these steps to apply Confidential Mode:

  1. Click the ‘Compose’ button on the left-hand side of the inbox.
  2. Select the ‘lock icon’, found in the bottom right of the window.
  3. Choose your desired expiry date and whether or not to set a passcode. If you choose ‘SMS passcode’, recipients will receive a passcode by text message.
  4. Press ‘Save’.
  5. Finish and send your email as normal.
Note: Gmail’s Confidential Mode is not true end-to-end encryption. It offers limited protection against non-technical users sharing information. Confidential Mode adds a layer of security, but it isn’t a substitute for more robust options like S/MIME.

Encrypting Email Attachments with an Enterprise Google Workspace Account

If you have a paid Google Workspace Enterprise account, S/MIME encryption is available as an option.

Before you can send an encrypted email using S/MIME in Gmail, you must add a certificate to the company’s account settings.

Adding an S/MIME Certificate to Gmail

To add an S/MIME certificate to Gmail, follow these steps:

  1. Sign in to the ‘Google Admin console’.
  2. Click ‘Menu’ > ‘Apps’ > ‘Google Workspace’ > ‘Gmail’ > ‘User Settings’.
  3. Under ‘Organisations’ on the left-hand side, select the domain you want to configure for encryption.
  4. Check the box labelled ‘Enable S/MIME encryption for sending and receiving’ under S/MIME settings.
  5. Choose whether to let people upload their own certificates, or upload and manage root certificates yourself.
  6. Click ‘Save’.
Note: These steps can only be completed by an account administrator.

Encrypting a Message Using S/MIME in Gmail

Once your domain or organisation has been set up to send encrypted emails, you only need to compose messages, attach documents, and send as usual.

To check whether an email you are composing is being sent encrypted, look for the padlock icon next to the recipient address when writing a new message.

  • A ‘grey padlock’ means the message will be sent using TLS.
  • A ‘green padlock’ means it will be sent using S/MIME.
  • A ‘red padlock’ means the email will be sent without encryption.

How to Encrypt Email Attachments in iOS (Mail App)

Apple lets you send and receive encrypted emails in the Mail app for iPhone.

iOS supports S/MIME encryption, which means you will need to download a certificate from a Certificate Authority first.

Adding an S/MIME Certificate to iOS

Set up your certificate in iOS by following these steps:

  1. Open ‘Settings’ on your device.
  2. Click on ‘Mail’, then ‘Accounts’.
  3. Select the account you want to send encrypted messages from.
  4. Press ‘Advanced’ and turn on the ‘Encrypt by Default’ option.

Encrypting a Message Using S/MIME in iOS

Once your certificate is set up, you can send encrypted emails by composing your message, attaching documents, and sending as usual.

To toggle encryption for an email you’re composing, look for the padlock icon in the address field.

  • A ‘closed padlock’ means the email will be encrypted.
  • An ‘open padlock’ means it will be sent unencrypted.

Learn more about different types of email encryption.

The Best Email Attachment Security

We’ve covered how to encrypt email attachments in Outlook, Gmail, and iOS.

Sometimes, though, the built-in options aren’t enough.

This is especially true when you need to protect highly sensitive business or customer data.

Features like recipient authentication and email revocation can make a world of difference in keeping your information secure.

Recipient authentication makes sure only the intended person can open an email.

That means you won’t need to worry about messages landing in the wrong hands.

If you’ve ever hit ‘send’ and immediately wished you hadn’t, the ability to revoke that email can save you from a costly mistake.

By using a secure email solution, you add an extra layer of protection to make sure sensitive communications stay truly private.

“Every email you send is a piece of your story. Make sure it’s one only your recipient can read.”

Paul Holland, Founder, Beyond Encryption

Learn more about secure email solutions in What is Secure Email?

 

FAQs

What Is Email Interception?

Email interception is when unauthorised people gain access to your messages while they’re travelling across networks.

They can read or even change what you’ve sent.

How Does Encryption Help?

Encryption scrambles your emails so only the intended recipient can open them.

It stops prying eyes from reading intercepted messages.

Is Transport Layer Security (TLS) Enough?

TLS only protects your emails during transmission between servers.

End-to-end encryption keeps your messages secure at every step, from sender to recipient.

What Is S/MIME?

S/MIME is a system that encrypts emails and adds digital signatures.

Both sender and recipient need valid certificates to decode and verify messages.

What Is the Difference Between S/MIME and Microsoft Purview Message Encryption (MPME)?

S/MIME relies on personal certificates managed by each user, while MPME is handled through Microsoft 365.

Both offer encryption but differ in how they’re set up and managed.

Does Gmail’s ‘Confidential Mode’ Provide Full Encryption?

Confidential Mode can stop forwarding and printing.

However, it isn’t true end-to-end encryption, so it can still be bypassed.

What Happens If a Recipient Uses an Email Service Without TLS?

Emails may be left unencrypted if their server doesn’t support TLS.

This puts your attachments and messages at risk while in transit.

 

References

Find Digital ID or Digital Signature Services, Microsoft, 2024

Set Up Message Encryption, Microsoft, 2023

How to Encrypt an Email in Outlook , Beyond Encryption, 2024

Turn On Hosted S/Mime for Message Encryption, Google, 2024

Reviewed by

Sabrina McClune, 25.11.24

Sam Kendall, 31.12.24
View full post