Does Encrypted Email Protect Attachments? (How It Works)

Whether it’s important business emails or a personal message to a loved one, we all want our email conversations to remain private. A combination of TLS and email encryption allows us to do this. But do we ever wait and ask ourselves how safe our conversations really are? And if we send files over email, does email encryption protect everything, including the email attachments?

Not all encrypted email solutions automatically protect attachments. It depends on the encryption service you use, the type of attachment you’re sending, and how you’re sending it. It’s dangerous to assume that your attachments are encrypted, and you should confirm with your encryption provider.

For us to understand the encryption of email attachments, we have to understand email encryption as a whole clearly. There are two levels of encryption, namely TLS and end-to-end encryption. They work in significantly different ways and handle attachments differently as well. Let’s look at how each encrypts attachments and what you can do to protect your email attachments better.

does encrypted email protect attachments

How TLS Encryption Protects Email Attachments

TLS (Transport Layer Security) is a protocol that’s fast becoming the standard in email encryption and protection. Most email servers support TLS, and many have begun to use it as their standard configuration. This is a good thing since most users don’t give a second thought to the privacy of their emails and expect the email provider to take care of it. 

TLS does not encrypt the email or the attachment itself. When you send an email using TLS, an encrypted connection is established between your email client or device and the email server. Once this secure connection is established, the email, including any attachments, is sent to the server, where it is then to be forwarded to the recipient’s email server.

Best VPN Overall
Best VPN Features

Ideally, TLS encryption should be used from the moment you click “Send” until the email arrives in the recipient’s inbox. Unfortunately, that is out of your control. If the user isn’t using TLS, or if both email servers aren’t configured to communicate with one another using TLS, the attachment will lose its protection along the way and be accessible to anyone who can intercept it.

Furthermore, many email servers don’t store file attachments in an encrypted format. Gmail, for example, may keep encrypted email messages, but it’s been found that email attachments are stored in an unencrypted, plain text format. Anyone who manages to gain access to such an email server will have free access to your email attachments, even if the emails themselves are encrypted.

To make matters even worse, those file attachments that happen to be encrypted on the servers are usually encrypted using keys kept by the email provider, for example, Gmail. Though that does help to keep your email and attachments safe from hackers and snoopers, it does not protect it from the email provider who can snoop through your emails and attachments if they want to.

This is a reasonable cause for concern. Few email providers will snoop through your emails and attachments with malicious intent (but we’re not excluding the possibility). Yet they may do so for monetary gain to show you “relevant” ads or perhaps to sell your data to other companies for marketing and advertising purposes. 

In summary, TLS is helpful and does have its place in providing email security, but it does not provide complete encryption or protection for your emails or email attachments. 

End-To-End Encrypting Your Emails And Attachments

encrypting emails and attachments

An end-to-end email encryption (E2EE) service provides far better security for email attachments. Unlike TLS, E2EE services don’t only encrypt the email while it’s in transit; instead, the email remains encrypted every step of the way. Once you click “Send,” the mail is encrypted and stays that way until the recipient unlocks and reads it. This includes the entire email with any attachments.

With this method, you don’t even have to be concerned about the possibility of hackers gaining access to the email server. Even if they do, your emails and attachments will be entirely undecipherable for them, making your attachments as secure as they can be. Combining E2EE with TLS even adds an additional layer of protection, making your email attachments even more secure.

The problem with E2EE is that it generally requires a specialized service, and the recipient either has to use the same service, or you need to provide them with a password that they can use to access the attachments. This is an inconvenience, and many people choose to be complacent and trust others to keep their emails and attachments secure.

How To Protect Your Attachments In Encrypted Emails

As with everything in life, more security measures always lead to more inconvenience but higher security. Locking your car doors, activating an alarm, activating an immobilizer, and installing vehicle tracking systems are all things that many of us do routinely without even thinking about it. Still, it used to be a significant inconvenience. We need to adopt certain habits to be secure online too.

The 2 Ways To Protect Your Attachments With Both Levels Of Email Encryption

protect attachments

The question isn’t, “should I use TLS or end-to-end encryption?” The ideal is to use both. Ensure that TLS is set as default for all your email accounts that you have set up in your email client. Then you can also look at an excellent E2EE solution, and there are many options. Some focus on encrypting specific email services, like Gmail, while others, like ProtonMail, provide their own email platforms.

Please do some research and find the end-to-end email encryption platform that works for your purposes, find out how to use it properly, and then get into the habit. It’s a temporary inconvenience. Once you’re used to it, you probably won’t even remember why it was inconvenient in the first place.

1. Manually Encrypt Or Protect Your Attachments

You can encrypt, or password protect your attachments before you send them. Programs like Word and Excel have built-in protection systems that use a strong level of encryption. Other file types can be encrypted by simply compressing them through a program like WinRAR and adding a password (though some email servers block files with a .zip file extension to avoid potential malware).

There are also manual encryption programs, like AxCrypt, that you can install and use to encrypt your files before attaching them to your email. Some of these need the same software to decrypt on the other end, but not all of them, so find one that works for you and make sure that your file attachments are safely encrypted to add that extra level of security to sensitive content.

Rather than sending a file attachment, you can upload it to an encrypted cloud service like DropBox or OneDrive, then share a link in the email. When generating the link, you can always specify that only one specific person should be allowed to access it. This way, the link itself will be encrypted with the email as text, and even if someone accesses the link, they won’t be able to open it.


Not all email encryption systems automatically protect attachments, and if they do, they don’t necessarily guarantee that protection throughout the email’s journey to the recipient. But through a bit of effort and by forming some new habits, we can easily ensure that our important, private, or personal data arrives where it should without being accessed by anyone who shouldn’t.

Best VPN Overall
Best VPN Features