Email Encryption Explained (Methods, Standards, and Costs)

📅 April 20, 2026 ✍️ By Chris Almond ⏱️ 7 min read
email encryption guide featured image

🔑 Key Takeaways

  • TLS transport runs server to server. Content encryption via S/MIME, PGP, or portal locks the body.
  • S/MIME wins in enterprise Outlook and Apple Mail but small practices abandon key exchange in months.
  • Hosted encryption from Purview, Confidential Mode, or vendor gateways skips certs but adds friction.
  • HIPAA needs a signed BAA, audit logs, workforce training, and policy above any working algorithm.
  • A ten-seat practice pays about $1,200 a year on a gateway vs $3,600 on Workspace Enterprise Plus.

Email encryption sounds like one feature. It is actually a stack of choices about transport, content, keys, licensing, and recipient experience. Getting the stack wrong leaves gaps that compliance auditors find.

This guide covers email encryption methods, the standards that back them, the platforms that implement each one, and the price ranges buyers see. For HIPAA senders who want to skip the license tier upgrade, a dedicated secure email service often removes the portal step and includes a BAA in the base plan.

Read the sections in order. Each layer builds on the one before it.

Transport and Content Encryption Are Different Layers

Two encryption layers cover email. Buyers often confuse them, which leads to gaps.

Transport encryption uses TLS between mail servers. When Gmail sends to Outlook, both servers negotiate TLS 1.2 or 1.3 and the message travels encrypted. Neither user takes any action.

Content encryption protects the message body and attachments themselves. S/MIME, PGP, and hosted portal encryption all fit here. The message remains encrypted at rest in the recipient mailbox until decrypted with a key or portal credential.

TLS alone leaves messages readable at the recipient provider, in server logs, and in backup snapshots. HIPAA and PCI treat that exposure as non-compliant for regulated content. Content encryption fixes it.

Every serious encryption deployment uses both layers together.

email encryption in article illustration one

S/MIME Is the Enterprise Standard for Content Encryption

S/MIME encrypts message bodies using X.509 certificates issued by a certificate authority. It is the default choice for organizations with dedicated IT.

Outlook, Apple Mail, and Google Workspace Enterprise Plus all support S/MIME natively. No plugin required. The mail client handles encryption and decryption behind the compose window.

Setup requires purchasing a personal certificate from a public CA like DigiCert, Sectigo, or GlobalSign, installing it in the local certificate store, and exchanging signed messages with each recipient to share public keys.

Certificates typically expire after twelve months. Renewal happens through the CA portal. Expired certificates block new encrypted sends until reissued.

Related guide: S/MIME email encryption covers the certificate model in detail.

OpenPGP Serves Technical and Journalism Communities

OpenPGP is the alternative content encryption standard. It uses locally generated key pairs instead of CA-issued certificates.

Users install GPG Suite on macOS, Gpg4win on Windows, or Mailvelope in the browser. The tool generates a key pair with a passphrase. The user shares the public key with recipients through a keyserver or direct email.

Trust builds through key signing rather than a central authority. Security researchers, journalists, and open source maintainers use PGP heavily because it does not depend on any CA infrastructure.

Business adoption of PGP stays limited. Recipients cannot install extensions on locked-down corporate systems. Healthcare and financial senders skip PGP for that reason.

The technical strength of PGP is not the barrier. The recipient-side friction is.

Example

A ten-person orthopedic practice compares annual encryption costs. Microsoft 365 Business Premium at $22 per seat totals $2,640 per year and includes Purview Message Encryption plus a BAA. Google Workspace Enterprise Plus at $30 per seat totals $3,600 and adds hosted S/MIME. A dedicated gateway service at $10 per seat totals $1,200 with the BAA included in the base plan, sitting on top of the existing Business Standard Google plan. The practice picks the gateway to avoid the tier upgrade cost.

Hosted Encryption Services Handle the Recipient Portal

Hosted encryption trades certificate management for a portal step at the recipient end. Microsoft Purview Message Encryption, Google Workspace Confidential Mode, and many third-party vendors follow this pattern.

The sender clicks Encrypt in the mail client. The service routes the message body to its own storage and sends the recipient a notification email with a link. The recipient signs in with an existing account or enters a one-time passcode to read the message.

Vendor gateways from Fortinet, Cisco, Trustifi, Datamotion, and others all follow the same portal pattern with different admin interfaces and reporting.

The recipient friction depends on the vendor. Some services allow one-click reading through a signed URL. Others require full account creation. Test each with a real recipient before committing.

Related guide: email encryption service compares vendor options in depth.

email encryption in article illustration two

Encryption Techniques and Algorithms in Use Today

The math behind email encryption uses proven algorithms defined in published standards.

  • AES-256 handles symmetric encryption of the message body itself. It appears in every current standard.
  • RSA-2048 or elliptic curve algorithms handle the key exchange that carries the symmetric key to the recipient.
  • SHA-256 or SHA-384 handles integrity hashing so recipients can detect tampering.
  • TLS 1.2 with strong cipher suites, or TLS 1.3 without weak fallback, handles transport between servers.
  • Message authentication codes bind sender identity to the message so recipients can verify origin.

Buyers rarely choose algorithms directly. Every modern platform defaults to combinations aligned with NIST guidance. See the NIST cryptographic guidance publications for the current recommended parameters.

Platform-by-Platform Encryption Options

Each mail platform ships different encryption features at different price tiers.

Microsoft 365 Business Premium and higher include Purview Message Encryption behind the Encrypt button. Business Basic and Business Standard do not.

Google Workspace Enterprise Plus and Education Plus include hosted S/MIME. Business Standard and Business Plus include Confidential Mode but not hosted S/MIME.

Apple Mail supports S/MIME natively on macOS and iOS provided the user installs a certificate through Keychain or MDM configuration profile.

Yahoo, AOL, and older ISP webmail platforms do not offer S/MIME or hosted encryption. Users on those platforms rely on TLS transport plus optional PGP through browser extensions.

Match the plan tier to the required feature before rolling out an encryption program.

💡Pro Tip: Layer content encryption on top of TLS, never in place of it

TLS transport is the required baseline that most modern providers negotiate automatically between mail servers. Buyers who focus only on TLS leave content readable at the recipient mail provider, in server logs, and in backup snapshots. HIPAA and PCI treat that exposure as non-compliant for regulated content. Deploy S/MIME or a hosted portal service on top of TLS so the body stays encrypted end to end. NIST cryptographic guidance treats layered encryption as the required baseline for regulated data.

HIPAA Compliance Requires More Than Encryption

Encryption satisfies one HIPAA Security Rule addressable specification. Full compliance requires several additional safeguards.

The covered entity signs a business associate agreement with the email provider. Microsoft and Google both offer BAAs on eligible plans. The HHS Security Rule guidance lists every safeguard.

Administrative safeguards include workforce training on PHI handling, sanction policies for violations, and periodic risk assessments. Physical safeguards include facility access controls on the workstations that send email.

Technical safeguards beyond encryption include unique user identification, automatic logoff on idle sessions, and audit controls that record message access.

Practices that clip on encryption software without addressing the surrounding safeguards are not compliant. Encryption is one piece of a larger program.

Cost Comparison Across Encryption Approaches

Price often decides the buying question more than features. A ten-person practice compares real annual numbers.

Approach Per user per month Annual cost (10 users)
Microsoft 365 Business Premium (Purview) 22 USD 2,640 USD
Google Workspace Enterprise Plus (hosted S/MIME) 30 USD 3,600 USD
Public CA S/MIME certificates (annual) 2 to 5 USD (amortized) 240 to 600 USD plus mail plan
Dedicated encrypted email service with BAA 5 to 15 USD 600 to 1,800 USD

Numbers exclude staff training, audit review time, and the recipient-side support calls that portal-based encryption generates. Practices measuring hidden costs often find dedicated services cheaper end to end.

How to Choose the Right Encryption Approach

The decision comes down to three questions about the sending organization.

First, does the organization already run Microsoft 365 Business Premium or Google Workspace Enterprise Plus? If yes, native S/MIME or Purview cover the encryption need with no additional software.

Second, does the recipient list change frequently, as with a healthcare practice adding new patients weekly? If yes, hosted encryption or a dedicated service avoids the S/MIME public-key exchange step.

Third, is the recipient experience business-critical? If patients or referring physicians will abandon messages that require a portal sign-in, a dedicated service like Mailhippo delivers encrypted email that opens in one click without a portal.

Practices running healthcare marketing sites pair encrypted email with a compliant patient-facing web presence. See healthcare website security features for the site-side controls.

Related guides: email encryption software, secure email encryption service, and encryption for email techniques.

Frequently Asked Questions

What does email encryption actually do? +

Email encryption transforms the message body and attachments into unreadable ciphertext during transit and, depending on the method, at rest inside the recipient mailbox. Only the intended recipient with the matching key or credentials can convert the ciphertext back to readable content. Encryption protects against interception on public networks, unauthorized access at intermediate mail servers, and exposure inside a compromised recipient inbox. It does not protect against phishing, malware on endpoint devices, or attacks against the sender or recipient authentication.

What are the main email encryption standards? +

The two dominant end-to-end standards are S/MIME and OpenPGP. S/MIME uses X.509 certificates issued by trusted certificate authorities and works natively in Outlook, Apple Mail, and Google Workspace Enterprise Plus. OpenPGP uses key pairs generated locally without a central authority and works through client extensions like GPG Suite, Gpg4win, and Mailvelope. TLS 1.2 or 1.3 handles transport encryption between mail servers under RFC 8446. Most business encryption stacks combine TLS with S/MIME or a hosted portal service.

Is email encryption required by HIPAA? +

HIPAA does not name encryption as a strict requirement. The Security Rule designates encryption as an addressable specification, which means the covered entity must implement it or document a reasonable alternative that achieves equivalent protection. OCR guidance and breach settlements consistently treat unencrypted PHI transmission as a compliance failure. In practice, healthcare organizations encrypt PHI email or restrict PHI to encrypted channels like patient portals. Unencrypted email carrying PHI is one of the most common findings in OCR breach investigations.

What is the difference between email encryption software and a service? +

Encryption software installs on the mail client or gateway and handles the cryptographic operations locally. Examples include Gpg4win, GPG Suite, and enterprise gateway appliances from Fortinet or Cisco. An encryption service runs in the cloud and integrates with existing Gmail or Outlook accounts through connectors, SMTP relay, or add-ons. Services handle key management, portal delivery, and BAA administration on behalf of the customer. Small and mid-sized organizations favor services for the reduced operational load.

Can email encryption be bypassed? +

Yes, under specific conditions. If an attacker compromises the sender or recipient device, they can capture plaintext before encryption or after decryption. Phishing attacks that steal mail credentials bypass encryption by giving the attacker legitimate access to the inbox. Weak recipient portal passcodes can be guessed or intercepted through SIM-swap attacks. Encryption defends against interception in transit and provider-side access, but a full security posture also requires multi-factor authentication, endpoint protection, phishing training, and incident response procedures.

How do I know if my email was actually encrypted? +

In Outlook, an encrypted sent message shows a padlock icon in the message header inside the Sent Items folder, and the message properties confirm Rights Management protection. In Gmail with S/MIME, the compose window displays a green padlock next to the recipient before sending. In Confidential Mode, the sent message header shows the expiration date and access restrictions. Recipient-side confirmation appears as either a padlock icon in the received message or a portal link that requires sign-in.

Does email encryption slow down message delivery? +

End-to-end encryption adds negligible time to message delivery. S/MIME processing takes milliseconds on modern devices. TLS handshakes add a few hundred milliseconds during the server-to-server connection setup. Portal-based encryption slows recipient access, since the recipient must click a link and sign in before reading. That step adds seconds to minutes depending on network speed and authentication method. Sender workflow speed is essentially unaffected on any modern platform.

Send your first secure email today Start free — no credit card required. HIPAA-compliant encryption in minutes. Start Free →