Encrypted email helps you keep sensitive messages out of the wrong hands. The good news is that sending an encrypted email safely does not need to be hard. You follow a few clear steps, choose the right method, and avoid a few common traps.
If you want a wider background first, you can read MailHippo’s guide to encrypted email. Then come back here for the “how to send it” part.
What an encrypted email send process looks like
When you send a normal email, your message often travels in readable form through several servers. Some links use basic protection, yet many systems on the path can still see the text.
When you send an encrypted email, the flow looks different. You still write a message and add files. Your email tool or secure portal then encrypts the content before it leaves your control. The body and protected attachments travel as scrambled data.
The recipient then opens the message in their inbox or through a secure web page. Their system uses a key, certificate, or passcode to decrypt the scrambled data. Only approved readers can see the clear version.
What you need before you begin
An email service or app with encryption support
Start by confirming that your primary email service supports encryption. That might be Outlook with Microsoft 365, Gmail with Google Workspace, a hosted business email, or a secure email portal.
Many business platforms already include content encryption features. They often appear as a padlock icon, a “protect” button, or a label such as “confidential”. A secure portal may encrypt everything by default when you send from inside it.
If your current tool has no clear option for protected sending, you may need a secure email add-on or a separate secure message service.
The right recipient address
Encrypted or not, an email still needs the right address. One wrong letter can send a private report to a stranger. Auto-complete can also pick the wrong contact with a similar name.
Check the To, Cc, and Bcc lines carefully, especially for first-time messages. When handling health, legal, or financial details, consider confirming new addresses with a short, plain test note before sending real data.
A clean address list is one of the simplest safety wins you can get.
A plan for attachments and access
Decide how you will protect attachments and how recipients will gain access. Many tools encrypt attachments together with the message body. Some keep files in a secure portal and send access links instead.
Think about your typical recipients. Staff at your company may open messages in their inboxes. Patients and clients may prefer a secure web page with a simple passcode.
For very sensitive files, you may want both message encryption and file-level protection. MailHippo’s article on how to send encrypted files by email explains that side in more depth.
Main ways to send an encrypted email
Built-in protected sending
Many business email services include built-in protected sending. In Outlook or Gmail, you often see a padlock icon or a menu item that lets you mark a message as encrypted or protected.
From your side, you stay in the normal compose window. You click the secure option and send. The platform encrypts the body and supported attachments behind the scenes.
From the reader’s side, the email may open directly in their inbox, or it may show a button that opens a secure web view. The platform chooses the right path based on the recipient and their setup.
Secure message portals
Secure portals move the full message into a protected website. The email in the inbox is only a notice. It has a short line and a button labeled “Read secure message”.
You write the email either in the portal or through an add-in. When you send, the portal stores the message and sends the notice. The private text never sits as plain content in a normal email.
Recipients click the link, sign in or enter a passcode, and read the message in the browser. This style works well when your recipients use many different email providers.
PGP-based sending
PGP uses public and private keys for each person. You use the recipient’s public key to encrypt the email. They use their private key to read it.
Raw PGP requires extra software or browser add-ons. It suits power users and small technical teams. Non-technical staff often find it complex to use on their own.
Some secure email services hide PGP behind a simple interface. Staff sees a secure send button. The system handles keys in the background.
S‑MIME-based sending.
S‑MIME uses digital certificates to link keys to people or roles. Outlook and Apple Mail both support S‑MIME. Many firms and health networks already use it.
Your IT team or provider installs certificates on staff devices. Once active, staff can tick a box or click a small icon to encrypt a message for any contact whose certificate they hold.
S‑MIME fits best inside managed business email, where devices and accounts follow company rules.
Password-protected files sent by email
You can protect content by locking the file rather than the message. You send a password-protected PDF, Office file, or ZIP file by email. The body can stay simple.
The recipient opens the email, saves the file, and enters the password to open it. This gives some protection even when the email service itself has weak encryption tools.
You still need to share the password in a separate channel, such as by phone or text. Never put the password in the same email as the file.
Step-by-step guide
Draft the message
Open a new message in your chosen email tool or secure portal. Add the recipient address and a short, neutral subject. Avoid putting names, diagnoses, or account numbers in the subject line.
Write the body of the message. Explain what you are sending and what action you need. Put any private details in the body, not in the subject.
Treat the body as the primary place where encryption works.
Add attachments
Attach the files that support your message. That might be lab reports, X‑rays, invoices, contracts, or forms. Attach all required files before you switch on encryption.
For very sensitive documents, you may want file-level locks as well. That can mean a password-protected PDF or a protected Office file. The MailHippo guide on sending secure documents via email explains those options.
Check that each file opens correctly on your own device before you send it.
Turn on encryption
Find the encryption or protection option in your email tool. In many apps, this appears as a padlock icon in the compose window. In a portal, it may be the default for all messages.
Click the option that marks the message as encrypted. If you see several levels, pick the one that clearly states content encryption. For example, “Encrypt” or “Encrypt and prevent forwarding”.
Make sure you turn on encryption before you click send. Some tools show a lock next to the subject once the setting is active.
Pick access settings
Some systems let you tune how people access the encrypted email. You might choose whether recipients can forward or print. You might set an expiry date for the web view. You might limit access to certain domains.
Pick the simplest settings that still meet your needs. For example, you might allow replies but block forwarding for health or legal topics.
If you are unsure which options to pick, start with the defaults, then adjust them after testing with a colleague.
Review the subject line.
Take a fresh look at the subject. Many encrypted email tools do not hide this line. Inboxes and logs often show it in plain text.
Strip out any private detail. A subject such as “Your recent visit” or “Your statement” is safer than one that lists full names and medical or money details.
This small change keeps encryption focused on the parts it can truly protect.
Send the email
Do a final scan. Check the addresses, subject, body, and attachments. Confirm that the encryption or protection setting is still on. Then click send.
For a new setup, send yourself or a colleague a test message first. See how long it takes to arrive and what the view looks like on both desktop and mobile.
How the recipient reads the message
Reading inside the inbox
In some setups, recipients read encrypted email right inside their inbox. The email opens like a normal message, with a small bar or lock icon that shows it is protected.
Their mail app uses stored keys or certificates to decrypt the content in the background. They may enter a passphrase once per session, then read secure messages with no extra clicks.
This style is common for staff inside the same company or health network.
Opening through a secure web page
For many outside recipients, the email in their inbox is only a notice. It has a short line and a button labeled “Read secure message”.
They click the button, and a secure web page opens. The page may ask them to create a password on first use, or it may send a one-time passcode by text or to another inbox.
Once they pass that check, the portal shows the full message and any attached files. They can often reply securely inside the portal, too.
Using a passcode, key, or certificate
Some setups use passcodes, keys, or certificates directly. The person may receive a one-time code by text that they enter into the web page. They may have a private key or smart card on their device.
These pieces act as proof that they are the right person. The system then uses them to unlock the encrypted content.
Explain this step in clear words when you first send secure mail to someone. A short line such as “You will receive a code by text to open this message” can reduce confusion.
How to send encrypted attachments the right way
When your email tool encrypts the whole message, attachments often gain the same protection. They travel and rest as scrambled data along with the body.
You can add a second layer by encrypting the files before you attach them. That can be a password-protected PDF, an Office file, or a ZIP file. The file stays protected even if someone moves it out of the email.
Share the password for such files through a different path. A text or short call works well. Do not reuse the same password across many documents.
If attachments are a big part of your work, the guide on sending encrypted files by email is a good next read.
How to send sensitive documents by email
Sensitive documents include full medical charts, legal drafts, payroll lists, and detailed statements. Before you send such items, ask whether email is the best channel.
If email still fits, use both message encryption and strong attachment protection. Keep the subject neutral—limit who receives the message. Set extra controls in your portal if the service supports expiry dates or view-only access.
For step-by-step help, see how to send secure documents via email. That article turns these ideas into a clear checklist.
Common problems and quick fixes
The recipient cannot open the message.
If the recipient cannot open the email, ask what they see. Do they get a broken link, a missing plugin warning, or a blank page?
For link issues, ask them to try a different browser or device. For plugin issues, move the thread to your secure portal view instead of decrypting it directly in the inbox.
If nothing works, send key details by phone and use a secure link for the document while you fix the email path.
Attachment access fails
Sometimes the message opens, but the file does not. The portal may block downloads. The file password may be wrong. The device may lack a viewer.
Confirm that the recipient uses a current PDF or Office viewer. Resend the file if you locked it with the wrong password. In portals, check that the file did not expire by design.
For repeated trouble, switch to a simple PDF with clear file-level protection and test again.
The message arrives without protection.
Now and then, a message that you thought was encrypted may arrive as plain text. That can happen if you forgot to click the lock or if a rule did not trigger as planned.
Open the sent message in your own folder. Check for the lock icon or banner. If it is missing, resend the message with encryption turned on and explain the mistake to the recipient.
If the icon appears, yet the recipient still sees plain text, ask your provider or IT team to review the logs and rules.
The sender used the wrong method.
A sender in your team might use plain email for a topic that needs more care. They might send a password in the same email as the file.
Treat this as a training moment, not a blame session. Show the safer method in a live screen share. Update any quick guides or templates that staff use.
Short, clear rules help. For example, “Use the secure portal for any file that holds patient or payroll data”.
Mistakes that weaken encrypted email
Sending passwords in the same message
If you lock a file and then write the password in the same email, you remove most of the value. Anyone who sees the email gets both the key and the lock.
Always send file passwords through a separate path. Use a text, a short call, or an in-person handover.
Putting private details in the subject line
Subjects often stay in plain text. Many systems show them on phone lock screens and in logs. A subject with full names and medical or money details can leak more than you plan.
Keep subjects short and bland. Let the encrypted body carry the real story.
Assuming all recipients use the same setup
Not every recipient has Outlook, the same version of Gmail, or the same portal. A method that works inside your company may fail for a client on an old webmail account.
When you pick a secure email tool, test it with a few real outside contacts. Adjust your method until non-technical users can open and reply with little help.
Forgetting mobile access
Many patients and staff read emails on phones first. A secure method that works only on full desktops will frustrate them and delay replies.
Test every secure send path on both phone and computer. Check how many taps and screens each method needs on a small device.
When to send an encrypted email
Send an encrypted email when a leak would cause real harm or stress. That includes health details, ID numbers, pay data, legal issues, and private client notes.
A simple rule helps. If you would not post the text on a notice board in your lobby, send it through an encrypted channel instead.
As you get used to this habit, choosing encryption will start to feel natural for the right kinds of messages.
When a secure link may be the better option
Some information should not live in any inbox, even in encrypted form. Master passwords, long-term keys, and deep system access details sit in this group.
In these cases, a secure link or a secret-sharing tool often works better—the secret lives in a special service. The email contains only a one-time link that can expire after use.
You gain tighter control over how long the data lives and how many copies exist.
Common questions
How do I send an encrypted email?
You write your message, attach files, turn on the encrypt or protect option in your tool, check the addresses and subject line, and then send. Your email platform or secure portal handles the actual encryption.
For a more detailed walkthrough, read “How to Encrypt an Email” step by step. That guide breaks the process into clear stages.
Can I send an encrypted email for free?
Many services already encrypt email in transit between servers at no extra cost. Some plans include content encryption features, too. Free tools exist for PGP and for basic file protection.
Free paths often need more setup and manual work. Paid secure email services usually add support and smoother flows. Start by checking what your current plan already offers.
Can an encrypted email be forwarded?
People can press forward on almost any message. When the email is encrypted, a forward may send only a link or a shell. New readers still need the right access to see the content.
If someone copies text from a decrypted view into a new plain email, that new email will not stay encrypted. Training can reduce that kind of slip.
Can I send encrypted files by email?
Yes. You can send files inside an encrypted email or lock the files themselves before attaching them. Both paths have value.
For full guidance, see how to send encrypted files and secure documents via email. Together, they cover safe file handling from start to finish.
Read next
If you want a deeper view of the full encryption flow, read how to encrypt an email step by step. It links your actions to what happens behind the scenes.
For file-heavy work such as reports and scans, learn how to send encrypted files by email. That guide focuses on documents.
To pull everything together for real-world documents, visit how to send secure documents via email. It shows how message protection and document handling work together.
