An encrypted email can feel confusing the first time you see it. The message may look different from normal mail, or ask you to click a special link or enter a code. If you are busy running a practice or a team, you want to know how to open it safely and get to the information.
The good news is that most encrypted emails follow a small set of patterns. Once you recognize those patterns, the process feels much easier. The same ideas apply to computers, phones, and tablets.
If you want a broader overview of what sits behind these messages, you can read MailHippo’s guide to encrypted email. This article stays focused on the “how do I open it” part.
What does opening an encrypted email usually involve
Opening an encrypted email nearly always involves two big steps. First, you reach the right place, such as your inbox or a secure web page. Then you prove who you are so that the system can show you the protected content.
Sometimes the proof is very simple. You may already be signed in to your work email, so your mail app unlocks the message with no extra action from you. The only sign is a small lock icon or banner at the top.
In other cases, you may see a “Read secure message” button. That button opens a secure page in your browser, which then asks for a password or one-time code. Once you pass that check, the message appears in full.
On any device, the key ideas are the same. You do not need to install heavy tools in most cases. You follow a short access path, then read the email like any other note.
What to check before you open the message
The sender’s name and address
Before you click anything, look at who sent the email. Check both the display name and the actual address. A really secure message from your clinic, bank, or law firm should come from a domain you recognize.
Watch for small spelling changes, such as extra letters or swapped characters. Attackers often use lookalike domains to trick people. If the address feels wrong, contact the sender through a known phone number or website instead of clicking links.
If you are not sure, a quick call to the office can save a lot of trouble.
The email subject line
Next, read the subject line. Many encrypted emails use clear wording such as “Secure message” or “You have a protected message”. That can be a good sign, yet it is not proof on its own.
Think about whether the subject fits any recent activity. For example, a subject about lab results makes sense after a recent visit, but not out of the blue. If a subject pushes you to act in a hurry, take an extra moment to think.
Keep in mind that subjects often stay in plain text, even for a real encrypted email. They help you spot the message in your inbox, but they do not guarantee safety.
Any security notice in the message
Many secure email services add a short notice at the top of the message. It might say that the email was sent through a secure portal, or that you should click a button to read it.
Look for clear, simple wording rather than vague sales talk. Real services rarely ask for your email password inside that notice. They usually send you to a secure page instead, where you sign in or enter a code.
If the notice asks you to share your password, bank PIN, or full card number, close the email and contact the sender by another route.
Common ways encrypted emails are delivered
Directly inside the inbox
Some encrypted emails arrive as normal-looking messages in your inbox. When you open them, you see the content right away. A small lock icon or banner may show that the message is protected.
In this case, your email app is doing the hard work. It already holds the right key or certificate and quietly decrypts the message for you. This style is common for work emails within a company or a health network.
Through a secure web page
Many clinics, firms, and secure email services use a portal. In that model, the email in your inbox is only a notice. It holds a link or button that opens a secure web page.
You click the link, your browser opens the portal, and you sign in. Once you pass that step, the portal shows you the full message and any files. Replies often stay inside the portal, too.
This pattern works well when you use your own email provider and the sender wants more control over privacy.
Through a one-time passcode
Some systems add a one-time code to the secure web page. The email says a code will arrive via text or in a second email. You enter that code in the portal to open the message.
The code works only once or for a short time. That way, if someone later steals the email, they cannot use the old code. This method provides added security when messages contain sensitive health, financial, or legal information.
Through a file attachment
In a few cases, the email itself may be plain, yet it carries an encrypted file. That file might be a password-protected PDF, an Office document, or a ZIP file.
You open the email, save the file, then open it in the correct viewer. The viewer asks for a password, which you receive by phone, text, or in a different email.
Here, the file holds the protection rather than the message body.
How to open an encrypted email in a browser
Open the message notice
On any device, start by opening the email in your inbox. If it uses a portal, you will see a short notice and a button or link such as “Read secure message” or “View secure email”.
Read the notice text once. A real one explains that the full message sits on a secure page. It does not ask for your email password in the body of the notice.
Select the access method.
Click the secure button or link. Your browser opens a new tab or window for the portal. You may see a choice of access methods, such as using an existing account or a one-time passcode.
Pick the one that matches the instructions in the email. If you already have an account with that portal, using that login usually makes sense.
Verify your identity
The portal now needs to check who you are. It may ask you to sign in with a password you set earlier. It may send you a one-time code by text, call, or to a second email address.
Enter the code or password on the page. Make sure the page address matches the organization you expect, and that your browser shows a lock near the address bar.
If a code never arrives, look at the “common problems” section later in this guide.
View the protected message.
Once you pass the identity check, the portal shows the full message. You can read it, scroll, and reply from inside that page. Attached files often appear as links or buttons you can click.
On many portals, you can return to the same message later by signing in again. The original notice email usually does not contain the content, so keep your portal login safe.
For more details on what these screens look like, MailHippo’s guide on how an encrypted email looks to senders and recipients has simple examples.
How to open an encrypted email with a one-time passcode
Request the code
If the portal uses codes, it may ask you where to send one. You might see options such as a text message, a phone call, or an alternative email. Pick the option that matches your records with that sender.
Click the button to send the code. Stay on the page while you wait, so you can enter the code as soon as it arrives.
Enter the code
When the code arrives, type it into the field on the web page. Codes often have a short life, so do this step soon. Check for any extra spaces when copying and pasting.
If the portal says the code is wrong, request a new one. Use only the latest code, as older versions may stop working.
Read the message
After the portal accepts the code, it will show you the protected email. You can read it in full, reply, or move between pages if the portal holds more than one message for you.
Take your time. There is no need to rush. Many portals keep the message visible until you log out or close the tab.
Download any files
If the email includes files, they may appear as links or buttons in the portal. Click each one to download or view it. Your browser may ask where to save them.
Keep in mind that once the file is on your device, it may no longer be subject to the same portal rules. Treat it as private and store it somewhere safe.
For more on file protection itself, MailHippo has a guide titled “password-protected file sharing explained.”
How to open an encrypted email with keys or certificates
What does this access method mean
Some work email systems use keys or certificates behind the scenes. These systems include PGP and S‑MIME. In those cases, your mail app uses a private key to unlock the message content.
You do not see the key itself. You open the email, and the app either shows it or asks for a passphrase once. After that, you can read all protected messages for that session.
What the recipient may need installed
To use keys or certificates, your device needs the right setup. That might be a certificate installed by your IT team, a PGP plugin in your mail app, or a special secure email app.
If you open an encrypted email and see a block of random characters, that often means your app does not have the needed key. Staff in your organization can usually install or fix that for you.
What to do if access fails
If your mail app shows errors about certificates, missing keys, or PGP, contact your IT help desk or email provider. Tell them which device and app you are using, and paste any error text if you can.
Do not try random downloads that claim to fix encryption. Stick to the tools your organization or provider recommends by name.
How to open encrypted attachments
PDF files
If you receive a password-protected PDF, save it to your device first. Then open it in a proper PDF viewer, not just the quick preview in your email app.
The viewer will ask for a password. Type it in exactly as the sender gave it to you. If the password was sent by phone or text, watch for uppercase and lowercase letters.
Zip files
For password-protected ZIP files, save the ZIP and open it in a ZIP tool on your device. When the tool asks for a password, enter it and extract the files.
If the tool does not prompt for a password but still fails, make sure you are using a current ZIP program. Older versions may not support newer encryption standards.
Password-protected documents
Word, Excel, and similar files can have their own passwords. Save the file, then open it in the matching program. The program will prompt for a password before it shows any content.
If a password fails three times in a row, stop and ask the sender to confirm it. Many programs lock you out after too many wrong tries.
How to open an encrypted email on mobile
iPhone and iPad
On Apple devices, you can open many encrypted emails in the built-in Mail app or in the official Gmail or Outlook apps. Tap the message in your inbox and look for a link or a lock icon.
For portal-based messages, tapping the secure link will open Safari or another browser. Follow the same steps you would on a computer. Type codes carefully, as phone keyboards can slip.
If your work uses certificates or special keys, your IT team may install a profile on your device. Once that is in place, encrypted mail should open like any other message.
Android phones
On Android, the process is similar. Use the Gmail or Outlook app, or the app your provider recommends. Tap the email, then tap any secure link to open the portal in your browser.
If a message will not open in the app, try the same account in a browser. Some advanced encryption types work better in webmail on mobile.
Keep your phone’s system and apps up to date, as old versions can break secure views.
Mobile browser access
Many portals are designed to work well in mobile browsers. If the notice email tells you to use a link, you can usually tap it and complete all steps on your phone.
If a page looks broken or too small, try turning the phone sideways. If that still feels hard to use, you can switch to a laptop for that message, then speak with the sender about easier mobile access next time.
How to tell if the message is real
Signs the message may be legitimate
Real encrypted emails often match recent activity. For example, you visited a clinic last week and are now receiving a secure message about the results. The sender address matches the clinic domain, and the portal page uses that same name and logo.
The language in the email is clear and calm. It explains that the full message sits on a secure page and that you will sign in or use a code. It does not push you to act in panic.
Signs it may be a scam
Scam emails often try to scare you. They may warn that your account will close within hours or that you owe money immediately. They may pretend to be from big brands yet use odd addresses.
Be wary of messages that ask for your email password, bank PIN, or full card number. Real services do not request those by email.
If the web page after the link looks cheap, has spelling errors, or does not match the brand you expect, close it.
What not to click
Do not click links or open attachments in an email you do not trust. Do not download “viewers” from unknown sites to open a file.
If in doubt, contact the sender through a known phone number or website and ask if they sent a secure email. It is fine to be careful.
Common problems and fixes
The message will not load
If the secure page does not load, check your internet connection first. Try opening another website. If that works, refresh the secure page or try a different browser.
Some office networks block certain sites. If you are on work Wi‑Fi, try mobile data, or the other way around.
The passcode never arrives.
If a code does not appear, wait a minute, then check your spam and junk folders. For text codes, check that you gave the sender the right phone number earlier.
If nothing appears, use the “resend code” option if you see one, or ask the sender to resend the secure email.
The attachment will not open.
If an attachment will not open, make sure you saved it first. Then try opening it in the right program, such as a PDF viewer or Word.
If the file asks for a password and you do not have one, contact the sender. Do not guess too many times if the program might lock you out.
The page says ” Access denied
If the portal says you do not have access, you may be signed in with the wrong email, or the link may have expired. Check that the address you use matches the one on the notice email.
If you still see access denied, reply to the sender and explain what the page shows. They may need to resend or update the permission.
The email opens as blank text.
If you open an encrypted email and see only random letters and symbols, your mail app probably lacks the right key or plugin.
In a work setting, share a screenshot with your IT team. For personal accounts, ask the sender whether they can switch to a portal link instead of direct in inbox encryption.
When to contact the sender
Contact the sender when you cannot open a message after simple checks, or when you doubt that an email is genuine. Use a phone number from a business card, website, or past paperwork, not from the suspicious email.
Explain what you see on screen and which device you use. A short chat often clears things up, and the sender may offer an easier option for next time.
Better ways to receive sensitive files
If you often struggle with encrypted email, ask the sender to use a simple secure portal or a clear file-sharing method. One clean login can feel easier than many different email formats.
For some documents, a protected download link or a password-protected file may suit you better than a complex plugin. The guide called password-protected file sharing explains those options.
The right mix depends on how often you receive private files and which devices you use most.
Common questions
How do I open an encrypted email?
Open the notice email, click the secure link or button if present, sign in or enter a one-time code, then read the message in the portal or inbox. If the email opens directly in your app with a lock icon, just read it as normal.
For more detail from the reader’s perspective, MailHippo’s guide on reading encrypted email provides a clear walkthrough.
Can I open an encrypted email on my phone?
Yes. Most encrypted emails can be opened on phones and tablets. You either read them in a mail app with a lock icon, or you tap a link and use your mobile browser to open a secure page.
If a method does not work on your phone, ask the sender for a mobile-friendly portal option.
Why can I not open the encrypted message?
Common reasons include wrong email address, old links, missing keys, or blocked pages. Sometimes the sender used a method your app does not support.
Check your internet connection, try another browser, and look for error messages. If that fails, contact the sender for help or a resend.
Do I need special software?
In many cases, no. A current browser and a normal mail app are enough. Portals handle the encryption work for you.
For some work setups that use PGP or S/MIME, your IT team may need to install certificates or plugins. They usually handle this once, then your normal tools can open messages on their own.
Read next
If you would like a slower walk-through of reading secure mail, with extra tips and examples, take a look at how to read an encrypted email.
To see more examples of how protected messages look on screen, both for senders and readers, you can read how an encrypted email looks to senders and recipients.
For a closer look at file protection that often travels with secure email, see password-protected file sharing explained. It shows simple ways to keep shared documents safer.
