How to Send Encrypted Email on Outlook, Gmail, iOS, & Android

Understanding Email Encryption Basics

Email encryption is the process of transforming the content of an email into unreadable text so that only the intended recipient can read it. This is achieved by using cryptographic keys — mathematical strings of data that lock (encrypt) and unlock (decrypt) the message. Without the correct decryption key, the message appears scrambled and unreadable.

There are two main types of email encryption in use today:

1. Transport Layer Encryption (TLS):
   TLS secures email in transit between the sender’s and recipient’s outgoing and incoming mail servers. If both servers support TLS, the email is encrypted as it travels across the internet.
   However, TLS does not encrypt the message itself, meaning that once it arrives at the recipient’s server, it could still be accessed by server administrators, email services, or attackers with access to that server.

2. End-to-End Encryption (E2EE):
   This is the most secure form of email encryption. With end-to-end encryption, the message is encrypted on the sender’s device and can only be decrypted by the intended recipient’s device using a private key. Even email providers like Google or Microsoft cannot read the email contents.
   Common standards for end-to-end encrypted email include S/MIME (Secure/Multipurpose Internet Mail Extensions) and PGP (Pretty Good Privacy). Some email providers like ProtonMail offer built-in E2EE, while traditional services like Outlook and Gmail require additional setup to support it.

For successful encrypted email communication, both the sender and the recipient must have compatible encryption settings and keys in place. This is why trying to send an encrypted message to someone who doesn’t support or hasn’t configured encryption may result in errors — or the email being sent unencrypted by default.

Some platforms, like Gmail and Outlook, offer built-in encryption features that are easier to use but may not provide full end-to-end protection. Others require you to manually configure digital certificates or encryption keys.

Here’s a quick comparison to help clarify the differences:

Before diving into the platform-specific steps on how to send encrypted emails, it’s important to understand that end-to-end encryption provides the strongest protection for email privacy, but also requires more setup.

How to Send Encrypted Email in Outlook (Desktop & Web)

Microsoft Outlook offers built-in options for encrypting emails, but the methods available depend on your version of Outlook (Desktop vs Web) and whether you’re using a Microsoft 365 or Exchange-based email account. Outlook supports two main types of encryption:

• S/MIME Encryption: Requires a certificate installed on both the sender’s and recipient’s devices. Best for end-to-end encryption.

• Microsoft 365 Message Encryption (Information Rights Management): A simpler system that lets you encrypt email without certificates, but requires an eligible Microsoft 365 subscription.

Below are step-by-step guides for sending encrypted emails in both Outlook Desktop and Outlook Web, along with common troubleshooting tips.

How to Send Encrypted Email in Outlook Desktop (Windows or macOS)

Outlook Desktop supports two encryption methods: S/MIME and Microsoft 365 Message Encryption.

Option 1: Encrypt with S/MIME (End-to-End Encryption)

You’ll need to install a valid S/MIME certificate (also called a digital ID) before you can use this method.

Steps to send encrypted email using S/MIME:

1. Install your S/MIME certificate in your operating system (Control Panel on Windows / Keychain Access on macOS).

2. Open Outlook and go to File → Options → Trust Center → Trust Center Settings.

3. Select Email Security, then choose Settings under Encrypted Email.

4. Apply your certificate by choosing it in the Signing Certificate and Encryption Certificate fields.

5. Start composing a new message.

6. Go to the Options tab → click Encrypt → choose Encrypt with S/MIME.

7. Send your email as usual. Messages will display as encrypted to recipients who also have S/MIME configured.

Option 2: Encrypt with Microsoft 365 Message Encryption (IRM)

If you’re using Outlook with a Microsoft 365 subscription (with Azure Information Protection), you can use built-in encryption without certificates.

Steps to enable encryption (IRM):

1. Open a new message in Outlook.

2. Go to the Options tab → click Encrypt.

3. Choose one of the encryption levels:

   • Encrypt Only

   • Do Not Forward

4. Send your email. Recipients using Outlook or compatible clients will see a message stating the email is encrypted. Others may need to log in to view it.

How to Send Encrypted Email in Outlook Web (Outlook.com or Office 365 Web)

Outlook Web makes it easier to encrypt messages using Microsoft 365 Server-based encryption.

Steps to send encrypted email in Outlook Web:

1. Log into Outlook.com or your Office 365 email in the browser.

2. Click New Message.

3. At the top of the compose window, select the Encrypt icon (a padlock with a dropdown arrow).

4. Choose from:

   • Encrypt

   • Encrypt and Prevent Forwarding

5. Compose and send your email. Recipients using Gmail or other providers will receive a link to securely view the message.

Troubleshooting Outlook Encryption

If you’re unable to send encrypted messages or it appears the option is missing, here are some common solutions:

1. I don’t see the Encrypt button:
   Ensure you’re using a Microsoft 365 or Exchange Online email account. POP and IMAP accounts don’t support IRM encryption in Outlook Desktop.

2. S/MIME option is unavailable:
   You may not have a digital certificate installed. Obtain one from a trusted provider (e.g., DigiCert, Actalis, Comodo) and import it into your system.

3. Recipient can’t open encrypted email:
   They may not have encryption capability enabled. For S/MIME, they must share their public key or certificate with you. For IRM, they may need to sign in with a Microsoft account.

4. Error: “You don’t have permission to encrypt this message”
   Check if encryption services (Azure Information Protection) are assigned to your Microsoft account by your admin, or contact your IT department.

How to Send Encrypted Email in Gmail (Web, iOS & Android)

Gmail offers two primary ways to encrypt email: Transport Layer Security (TLS), which encrypts messages during transmission (but not end to end), and S/MIME encryption, which offers full end-to-end encryption but is only available for Google Workspace Enterprise accounts. In addition, Gmail offers a user-friendly feature called Confidential Mode, which allows message expiration and restricted access — yet it’s not true encryption.

Below, we’ll walk through step-by-step guidance on sending encrypted email in Gmail on the web, and through the Gmail app on both Android and iOS.

How to Send Encrypted Email in Gmail Web (browser)

The standard Gmail web interface supports both TLS and S/MIME encryption. If you’re using a personal Gmail account, your emails will typically use TLS automatically (as long as your recipient’s email server supports it). For full end-to-end encryption, you must use S/MIME and a supported Google Workspace plan.

Option 1: Encrypted Email using Gmail TLS (Automatic)

Gmail automatically applies encryption (TLS) when sending emails between services that support it. You don’t need to take any action for this to work.

To check encryption levels while composing an email:

1. Compose a new email in Gmail.

2. Add a recipient email address.

3. Look for the padlock icon next to the recipient.

4. Green padlock indicates enhanced encryption (S/MIME) – if supported by both you and the recipient.

5. Gray padlock indicates TLS is in use (default, but less secure than S/MIME).

6. Red padlock (rare) means encryption is not possible with that recipient’s email provider.

Option 2: Send Encrypted Email using S/MIME (Workspace Only)

If your organization uses Google Workspace (Enterprise or Education), you may have access to S/MIME encryption.

Steps to enable and send encrypted email using S/MIME:

1. Both you and your recipient must have S/MIME enabled and share public keys.

2. Log into your Workspace Gmail account.

3. Go to Settings → See all settings → Security (admin must enable S/MIME first).

4. While composing a new message, click the padlock icon.

5. Choose the level of encryption you’d like (e.g., S/MIME Enhanced).

6. Send your email — it will be encrypted end-to-end for compliant recipients.

How to Send Encrypted Email in Gmail App (Android)

The Gmail app does not offer native end-to-end encryption like S/MIME for personal Gmail users (unless you’re part of a Workspace plan with preconfigured keys). However, Confidential Mode can still be used, or you can connect Gmail with a third-party encryption app like ProtonMail or FlowCrypt for PGP support.

Steps to send via Gmail Confidential Mode (Not true encryption):

1. Open the Gmail app on your Android phone.

2. Tap the Compose button.

3. Enter your email recipient(s).

4. Tap the three-dot menu (top right) → select Confidential mode.

5. Set an expiration time and optionally require an SMS passcode.

6. Tap Save → then send your email as normal.

This protects your email from being forwarded, copied, or printed, but it’s not end-to-end encrypted.

How to Send Encrypted Email in Gmail App (iOS)

The process on iOS is practically identical to Android. If you’re using Google Workspace with S/MIME configured, Outlook mobile may be a better app for full encryption — as Gmail mobile doesn’t support reading or sending S/MIME messages via the app itself.

Steps for Gmail Confidential Mode in iOS:

1. Open Gmail on your iPhone or iPad.

2. Tap the Compose icon.

3. Tap the three-dot menu → Confidential mode.

4. Set expiration and passcode options.

5. Tap Done and send your email.

If you need actual end-to-end encryption on iOS, consider using a third-party tool like:

• ProtonMail (built-in encryption)

• Tutanota (encrypted email service)

• FlowCrypt (for PGP encryption with Gmail)

Troubleshooting Encryption in Gmail

1. “The recipient does not support encryption” message:
   This means S/MIME is not supported. Gmail will fall back to TLS or unencrypted transmission depending on the recipient’s servers.

2. Can’t find encryption option in Gmail:
   End-to-end encryption via S/MIME only works with Google Workspace and supported clients. Personal Gmail accounts do not support S/MIME in the web or mobile apps.

3. Confidential mode confusion:
   Confidential mode protects email access but does not encrypt the email itself. Google still retains access to email content and metadata.

4. Third-party certificate error:
   If you’re using a third-party encryption app (PGP), ensure you have the recipient’s public key and that your private key is securely set up.

How to Send Encrypted Email on iOS & Android (Default Mail Apps and Third-Party Options)

Sending encrypted email directly from your mobile device — whether you’re using iOS (iPhone/iPad) or Android — is both possible and increasingly important for security while on the go. Most mobile email apps support S/MIME encryption (for end-to-end email security) or TLS encryption (to protect email in transit), and many offer additional options like PGP support or privacy mailboxes.

Below, we’ll walk through how to send encrypted messages using built-in mail apps on both platforms, as well as popular third-party options for full end-to-end encrypted communication.

How to Send Encrypted Email in iOS Mail (iPhone & iPad)

Apple’s built-in Mail app includes native support for S/MIME encryption, and can both send and receive fully encrypted email — assuming you have the proper certificate installed and the recipient also supports S/MIME.

Step 1: Install Your S/MIME Certificate (Digital ID)

1. Email the certificate (.p12 / .pfx format) to yourself, or import via AirDrop or iCloud Files.

2. Tap the attachment on your device and follow iOS prompts to install it.

3. Go to Settings → General → VPN & Device Management to confirm the certificate was added.

4. Enter the password associated with the digital ID when requested.

Step 2: Enable S/MIME in iOS Mail

1. Go to Settings → Mail → Accounts.

2. Select your email account (e.g., Exchange, Gmail with certificate).

3. Tap Account → Advanced → S/MIME.

4. Enable both Sign and Encrypt options.

5. Under “Encrypt by Default,” select Yes to automatically encrypt outgoing messages.

Step 3: Send an Encrypted Email

1. Open the Mail app and start composing a new message.

2. Add a recipient. If the recipient has shared their cert with you, a blue lock icon will appear.

3. Tap the lock icon if needed to toggle between Signed and Encrypted modes.

4. Send your email — it will be delivered fully encrypted end-to-end.

If the lock icon is red or missing, encryption isn’t available for that recipient because their public key is missing or incompatible.

How to Send Encrypted Email on Android (Default Apps & Custom Apps)

Unlike iOS, Android does not have a universal email app with built-in S/MIME support. However, the Gmail app and several third-party email clients offer support for S/MIME or PGP encryption with additional setup.

Option 1: Use Outlook Mobile (Supports S/MIME)

Microsoft Outlook for Android supports sending encrypted mail using S/MIME — with proper configuration.

Steps to use S/MIME in Outlook Mobile:

1. Install Outlook for Android from the Play Store.

2. Import your S/MIME certificate on the device (via file manager or email).

3. Open Outlook app → go to Settings → Account → Security.

4. Enable S/MIME options (Sign or Encrypt).

5. Compose a message — a lock icon will notify you if encryption is enabled.

Option 2: Use Third-party Apps for PGP Encryption

Apps like FlowCrypt, OpenKeychain, and ProtonMail offer full end-to-end encryption using PGP.

• FlowCrypt adds encryption to Gmail with browser extension or Android/iOS apps.

• OpenKeychain works with apps like K-9 Mail to enable PGP signing and encryption.

• ProtonMail provides encrypted email out-of-the-box with both iOS and Android apps.

These apps are ideal for users who need seamless E2EE without certificates.

Quick Comparison: Email Encryption on iOS vs Android

Common Issues When Sending Encrypted Email on Mobile

1. I don’t see the encryption toggle in iOS Mail
   – You must install an S/MIME certificate first, and the recipient’s key must be available.

2. Recipient cannot read my encrypted email
   – The recipient needs a configured S/MIME certificate (or PGP key, depending on method).

3. Gmail Mobile says message isn’t encrypted
   – Gmail Confidential mode is not encryption. Native encryption for Gmail apps requires Workspace + cert support.

4. Key/certificate import fails on Android
   – Ensure the file is properly formatted (.p12 for S/MIME, .asc for PGP). Use a file manager or OpenKeychain.

Best Practices and Security Tips for Encrypted Email

Sending encrypted emails is an essential step toward protecting your privacy, securing business communications, and meeting legal or compliance requirements. But even with encryption enabled, there are essential best practices and security habits that users — and especially administrators — need to follow to ensure consistent and reliable email protection.

Encryption can only protect your messages if it’s properly implemented, maintained, and supported by both the sender and receiver. Below are the most important recommendations to follow when using email encryption across Outlook, Gmail, iOS, Android, and third-party apps.

1. Use End-to-End Encryption Whenever Possible

While TLS encryption protects email during transit between servers, only end-to-end encryption (E2EE) protects email content from being viewed or tampered with by the email provider, server administrators, or malicious actors. Use standards such as:

• S/MIME (Secure/Multipurpose Internet Mail Extensions) — supported in Outlook, iOS Mail, and by Google Workspace

• PGP / OpenPGP — supported in third-party apps like FlowCrypt, ProtonMail, and K-9 Mail

If you’re handling sensitive data (legal, financial, medical, etc.), E2EE should be the default.

2. Verify Recipient Encryption Compatibility

Encryption only works when the recipient supports and has enabled compatible methods (e.g., S/MIME, PGP, or workspace-managed encryption). If the recipient has no decryption key or certificate:

• The message may fail to send

• It may send unencrypted by default

• Or the recipient may get a “cannot open encrypted message” error

Always confirm encryption support when emailing external contacts, or use fallback channels (e.g., secure portals or encrypted attachment sharing).

3. Keep Certificates and Encryption Keys Secure

If you use S/MIME or PGP, your encryption keys should be stored securely and backed up.

Key and certificate tips:

• Never share your private key

• Use strong passwords to protect private key files

• Store backups offline or in a secure encrypted vault

• Revoke and replace certificates immediately if compromised

4. Look for Visible Encryption Indicators

Many email clients show encryption status with icons or visuals:

• Padlock icons (blue lock for encrypted email in iOS, green/gray/red lock in Gmail Desktop)

• “Encrypt” or “Signed” labels in Outlook

• Headers or banners showing “Encrypted Message” in webmail

These indicators help you verify that the message is being sent securely.

5. Use Trusted Certificate Authorities or Public Key Services

For S/MIME, obtain valid certificates from trusted Certificate Authorities like DigiCert, Sectigo, or Actalis. For PGP, services like ProtonMail or FlowCrypt manage keys, or you can generate your own.

Never use untrusted or self-signed certificates unless you’re in a closed environment.

6. Keep Your Devices and Apps Updated

Both encryption standards and vulnerabilities evolve over time. Regularly update:

• Your email apps (Outlook, Gmail, iOS Mail, etc.)

• Your device OS (Windows, macOS, iOS, Android)

• Installed certificate authorities and root trust stores

• Third-party encryption tools (e.g., OpenKeychain, ProtonMail)

Updates often patch critical cryptographic vulnerabilities.

7. Don’t Confuse “Confidential Mode” with Encryption

Gmail’s Confidential Mode (available in web and mobile apps) lets you set expiration and restrict message forwarding — but it does not fully encrypt the email content. Google can still access the message. Use it only when end-to-end encryption is unavailable.

8. Use Alternative Secure Channels When Needed

For highly confidential messages where the recipient cannot receive encrypted email, consider:

• Secure messaging platforms (Signal, WhatsApp)

• Secure file transfer (e.g., OneDrive links with expiration & password)

• Encrypted email gateways or portals

9. Know Your Compliance Requirements

Industries like healthcare (HIPAA), finance (GLBA), and government often require encrypted email for specific communications. Not all encryption methods are considered compliant. Use FIPS-validated modules and enterprise-grade tools for regulated data.

10. Understand What Email Encryption Does Not Protect

Even with encryption enabled:

• Subject lines are often still visible unless using PGP

• Metadata (sender, recipient, timestamp) may still be logged

• Backups on servers may not encrypt fully unless full-disk encryption is used

Email encryption protects content — but not the entire message envelope.

Conclusion

Email encryption is no longer an optional feature — it’s a fundamental part of secure communication in the modern world. Whether you’re sending sensitive business documents, healthcare information, or personal email that simply isn’t meant to be public, encryption ensures that your message stays between you and your intended recipient.

Platforms like Outlook, Gmail, iOS Mail, and Android apps each offer ways to encrypt email, but the method and level of protection varies depending on the type of encryption used. For full protection, end-to-end encryption using standards like S/MIME or PGP is strongly recommended. Not only does this secure messages in transit, but it also ensures that even email providers cannot read your private content.

Before sending your next sensitive email, remember to:

• Always check whether your platform supports encryption natively

• Confirm the recipient can decrypt your message

• Use secure certificates and manage your keys responsibly

• Avoid mistaking features like Gmail Confidential Mode for true encryption

• Keep apps, devices, and security certificates up to date

With the step-by-step instructions and best practices outlined in this guide, you’re now equipped to send encrypted email confidently — whether you’re on desktop or mobile, personal or professional, Windows, macOS, iPhone, Android, or beyond.

Frequently Asked Questions

Q1: What is the difference between TLS email encryption and end-to-end encrypted email?
A: TLS (Transport Layer Security) encrypts the connection between email servers or between your email client and server, protecting messages during transit. However, once the message reaches the recipient’s server, it may still be stored unencrypted. End-to-end encryption (E2EE) ensures that the message is encrypted on the sender’s device and remains encrypted until it is decrypted only on the recipient’s device. Neither the email provider nor intermediate servers can read the message contents.

Q2: Can I send encrypted email to someone using a different service (e.g., I use Outlook, they use Gmail)?
A: Yes, but compatibility depends on the encryption method both parties support. For example, if you use S/MIME in Outlook and your recipient uses Gmail, the recipient must also have S/MIME enabled and the appropriate certificate to decrypt it. If the recipient does not support that method, the email may fall back to TLS (if available) or send unencrypted. Always check what method the recipient supports.

Q3: What happens if the recipient doesn’t support encryption?
A: If the recipient’s email system doesn’t support the encryption method you selected (e.g., S/MIME or PGP), your message may either fail to send, arrive unencrypted, or you may receive an error. In those cases, you should either use a compatible method both parties support, use a secure portal, or send the message unencrypted but with minimal sensitive content.

Q4: Does encrypted email hide the subject line, sender and recipient addresses?
A: Not always. Many encryption methods protect only the message body and attachments, but metadata—such as the sender address, recipient address, and subject line—may still be visible to servers and email providers. For example, standard S/MIME does not encrypt the subject line unless explicitly supported. It’s important to understand what your encryption method covers.

Q5: Are free email services like Gmail and Outlook secure enough for encrypted email?
A: Free services often support TLS encryption by default, which protects email in transit, but may not offer full end-to-end encryption (E2EE) unless you configure it (and the recipient does too). For highly sensitive communications, you should use E2EE methods (S/MIME, PGP) or a service that natively supports it, and verify both sender and recipient support the same standard.

Q6: How do I set up encryption on mobile devices (iOS & Android)?
A: On iOS, you can enable S/MIME in the built-in Mail app by installing a certificate (digital ID) and toggling encryption settings in Settings → Mail → Accounts → Advanced. On Android, you may use dedicated apps (Outlook, third-party PGP apps) with certificate/key setup. Mobile encryption often requires preparation such as installing keys and confirming recipient compatibility.