There are two fundamentally different things that "email encryption" can mean, and the distinction matters enormously for what it actually protects you from.
The first is encryption in transit — your email is encrypted as it travels over the wire, using TLS. This is now nearly universal. Gmail, Outlook, and almost every mail server support TLS. It protects against passive eavesdropping on network traffic. It does not protect against your email provider reading your mail, because the provider's server decrypts the message on arrival.
The second is end-to-end encryption — the message is encrypted on your device, with a key that your provider never possesses, and decrypted only on your recipient's device. Your provider stores an encrypted blob they cannot read. This is what most people mean when they say they want "encrypted email," and this is where it gets more complicated.
How PGP Works (The Short Version)
PGP (Pretty Good Privacy) is the standard for end-to-end email encryption, defined in RFC 4880 and its successors. It uses public-key cryptography: you have a keypair consisting of a public key and a private key.
- Your public key is what you share with the world. Anyone who wants to send you an encrypted message uses your public key to encrypt it.
- Your private key never leaves your device. Only your private key can decrypt messages encrypted with your public key.
When you send an encrypted email, you encrypt it with the recipient's public key. They decrypt it with their private key. Neither your email provider nor the recipient's email provider ever sees the plaintext — they're transmitting and storing something that looks like random bytes.
PGP's main usability challenge is key exchange: how do you get the recipient's public key, and how do you know it's genuinely theirs and not an impersonator's? This is the "web of trust" problem that has limited PGP adoption for decades. Modern solutions include Web Key Directory (WKD), keybase, and apps that handle key exchange automatically.
Your Three Practical Options
Option 1: Switch to an encrypted email provider
The easiest path to encrypted email is switching to a provider that handles encryption automatically — ProtonMail, Tuta (formerly Tutanota), or Haven. When you email another user on the same service, the encryption is end-to-end with no setup required on your part.
When you email someone outside the service, the situation is more nuanced:
- ProtonMail → Gmail: ProtonMail encrypts the email in transit (TLS) but cannot end-to-end encrypt it, because Gmail doesn't have a PGP key to encrypt to. The email is readable at Gmail. ProtonMail offers a "password-encrypted link" workaround for sensitive emails to non-Proton addresses.
- ProtonMail → another ProtonMail: End-to-end encrypted, automatically. Neither server can read the content.
- ProtonMail → a PGP user: If your recipient has published a PGP key (via WKD or keyservers), ProtonMail will use it automatically for encryption.
This is the right choice for most people. You get zero-configuration encryption for communications within the same service, and a significant privacy improvement even for external email (no advertising analysis of your content).
Sign up for ProtonMail, Tuta, or Haven. Import your existing contacts. Start using the new address. Your emails to other users of the same service are automatically end-to-end encrypted.
For Gmail, give yourself a few weeks to notify important contacts of your new address, set up forwarding if needed, and then transition.
Option 2: Add PGP to your existing email client
If you want to keep your existing email address and client while adding PGP encryption, this is possible — but requires more setup and introduces UX friction.
Thunderbird (desktop) has built-in OpenPGP support as of version 78. You can generate a key, publish it to a keyserver, and exchange encrypted emails with anyone who has done the same. The experience requires both parties to have PGP set up, which is the limiting factor in practice.
GPG Suite (macOS) adds PGP integration to Apple Mail. Similar capability and similar limitations.
FlowCrypt is a browser extension that adds PGP to Gmail's web interface. It's more accessible than native GPG tooling, though it requires trusting a browser extension with your key operations.
Install Thunderbird and set up your existing email account. Go to Account Settings → End-to-End Encryption → Add Key. Generate a new key with a strong passphrase. Publish your public key so contacts can find it. To send encrypted email, both you and the recipient need to have exchanged keys.
Option 3: S/MIME (for enterprise contexts)
S/MIME is the other end-to-end email encryption standard, used primarily in enterprise contexts. It uses certificates issued by a certificate authority (CA), rather than PGP's self-issued keys. Your organization's IT department typically provisions S/MIME certificates for employees.
If you work at an organization that uses S/MIME, your IT team can walk you through setup. It's well-supported in Outlook and Apple Mail. For personal use, it's generally not worth pursuing — PGP has a larger ecosystem, and the CA model introduces dependencies on third-party certificate authorities.
What Encryption Doesn't Protect
End-to-end encryption protects the content of your emails. It does not protect metadata, which includes:
- Subject lines — PGP encrypts the body; subjects are typically transmitted in plaintext and visible to your provider. Some providers (like ProtonMail) encrypt subjects in storage, but they pass through the network unencrypted.
- Sender and recipient addresses — routing requires these to be readable. Your provider knows who you're communicating with.
- Timestamps — when messages were sent and received.
- IP address — your email client's IP is visible to the sending mail server.
For most people, content protection is the meaningful concern. If your threat model includes metadata — who you're talking to, when — then you need additional layers: a VPN or Tor for IP masking, and careful thought about the identity you're using.
A visible subject line can reveal more than you'd expect. "Legal advice regarding your upcoming appeal" or "Re: test results from Dr. Sharma" are subject lines that contain significant information independent of the body. If this matters for your use case, either use a generic subject or choose a provider that encrypts subjects.
Key Management: The Part People Skip
The weakest point in PGP setups is almost always key management, not the cryptography itself. Specifically:
Private key backup. If you lose your private key, you lose access to all historical encrypted email. There is no recovery. You need a secure offline backup — ideally on an encrypted USB drive stored somewhere safe. Losing your private key is permanent.
Passphrase quality. Your private key is protected by a passphrase. A weak passphrase means anyone who gets a copy of your key file can eventually brute-force the passphrase and decrypt your email. Use a long, random passphrase (a password manager can generate one) and don't reuse it.
Key rotation. Best practice is to rotate keys periodically and set expiration dates. An expired key prevents someone from using an old, potentially compromised key to encrypt messages to you. Most people don't do this, which is understandable — it adds friction. It's worth doing if you use PGP for genuinely sensitive communications.
Revocation. If your private key is compromised, you should revoke your public key to prevent others from encrypting messages to you with it. Generate a revocation certificate when you create your key and store it securely alongside your key backup.
The Easier Path in 2026
All of the above complexity is why most people's email remains unencrypted despite 30 years of PGP existing. The tooling has improved, but PGP's usability problems are structural — they're a consequence of the decentralized, user-controlled key model.
For most people, the practical answer in 2026 is: switch to an email provider that handles this for you. ProtonMail, Tuta, and Haven all manage key generation, storage, and exchange in ways that are transparent to the user. You get the benefits of end-to-end encryption without managing key files, keyservers, or revocation certificates.
Haven's implementation uses PGP for interoperability with any PGP client outside Haven, while automating key management so you don't have to touch any of it directly. Your private key is stored encrypted on your device, derived from your master key, and is never transmitted to or stored by Haven's servers.
If you have specific requirements — keeping your existing email address, needing to encrypt email sent from multiple clients, or interoperating with an existing PGP ecosystem — the manual setup path is worth understanding. But for most people making their first move toward encrypted email, the switching-providers path is faster, more reliable, and produces better practical security outcomes.
The goal is to actually use encryption, not to have it set up perfectly on a system you eventually stop using because it's too annoying.