Improvements for client-side encryption in Gmail

What’s changing 

We’re introducing two new features for client-side encryption in Gmail which will help you quickly identify ineligible recipients and any attachments that may be blocked: 

When you’re composing a Gmail message using client-side encryption, any recipient who is not able to receive encrypted messages will be denoted with a red chip. The email will not be able to be sent until those recipients are removed. 

Email recipients who cannot receive encrypted messages will be highlighted in red.

Gmail blocks attachments that may spread viruses, like messages that include executable files or scripts. If you receive a client-side encrypted message in Gmail, we’ll automatically check if any attachments are blocked file types. If there are blocked file types, you’ll see a warning banner and you won’t be able to download the file. 

You'll see a warning banner if you receive an email with a blocked attachment type

For more information on client-side encryption in Gmail, check out the Workspace blog and our original announcement

Getting started 

  • Admins: Visit the Help Center to learn more about setting up client-side encryption for your organization
  • End users: 
    • If enabled by your Workspace admin, to add client-side encryption to any message, click the lock icon and select additional encryption, and compose your message and add attachments as normal. 
    • If you include a recipient in the “To” or “CC” fields who cannot receive an encrypted message, their email address will appear as a red chip. 
    • Visit the Help Center to learn more about Gmail Client-side encryption and blocked file types in Gmail

Rollout pace 


  • Available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers