Gmail allows sending end-to-end encrypted emails (E2EE) to any recipient

Gmail Client-side Encryption (CSE) users on Google Workspace Enterprise Plus accounts with Assured Controls have some good news: Google announced that they can now send end-to-end encrypted (E2EE) emails to anyone.

Previously, Gmail encrypted data in transit using TLS, but CSE is a much more advanced layer of security. With CSE, the encryption process takes place in the browser, before the data is sent to Google servers. This means that the entire email content, including images and attachments, is secure, except for the headers and recipient list, which are not encrypted.

The 'anyone' part of the message means that even if the recipient uses a different email service like Outlook or their own domain, they can still open the message. The new system eliminates the cumbersome process that previously required the manual exchange of S/MIME security certificates between the two parties. Now, the recipient can simply click a link in the notification email, log in via a temporary Google guest account, and securely access the message.

When you receive this type of email, your inbox will only show the message instead of the content. To read the message, click the 'View message' button , verify your email address with the verification code sent to you, then follow the on-screen instructions to open the message.

The process of sending E2EE emails is also very simple:

1. Click 'Compose' to begin.
2. In the compose window, select the 'Message security' button .
3. Enable 'Additional encryption' option before writing content.

Important: If you turn on encryption after you've already written an email, Gmail will delete the draft and open a new blank page.

For administrators, the ability to send CSE emails externally is disabled by default and needs to be enabled at the OU or Group level before users can use it.

Isabella Humphrey

Update 04 October 2025