Are you looking for a more secure way of sending emails within Gmail? Google’s “Confidential mode” is designed to ensure that only the intended recipient can view your message.
What Is Gmail’s Confidential Mode?
When you use Confidential mode while sending a message in Gmail, the intended recipient will need to enter a code to read your email.
After you send your message, the recipient will receive an email telling them that a confidential message is waiting for them. To read it, they’ll need to verify their identity using a code sent either via email (to the same account) or via SMS (to a number of your choosing) before they can read it.
None of the message’s contents will be included in the email received. Instead, the message exists only on Google’s servers. In addition to the verification process, messages sent via Confidential mode also expire. You can choose an expiration date of a week, a month, three months, or five years.
How to Send Confidential Emails in Gmail
To use Confidential mode, sign in to Gmail and click on the Compose button in the top-left corner to begin writing a new email. Add a recipient, a subject line, and your message body, then click on “Confidential mode” at the bottom of the compose window (It looks like a padlock with a clock on it.).
In the window that appears, set your expiry period and choose whether or not to require a passcode via SMS. If you choose “No SMS Passcode,” then the code will be delivered to the same email address you’ve put in the “To” field instead.
Hit “Save” and check your message before hitting Send. If you’ve opted for SMS passcode verification, you’ll need to enter the recipient’s mobile number before your message is sent. Take care not to enter the wrong number!
Remove Access to a Message You’ve Sent
If you like, you can rescind access to a message you’ve already sent. Once you send an email using Confidential mode, the message will appear in your inbox (You can also find it under Sent.).
To “unsend” a Confidential email, first, click on the message, and then click “Remove access.” If the recipient hasn’t yet read the email, then they won’t be able to gain access to it after access has been removed.
The Drawbacks to Gmail’s Approach
If you don’t request SMS passcode verification, Confidential mode is a lot less secure. For example, if the email address you’re sending your message to has already been compromised—for example, if the owner has left it logged in on a public computer—then the verification code is virtually useless.
On the other hand, providing a separate mobile number and requiring SMS verification is similar to how two-factor authentication works. Even if the email address has been compromised, without access to the mobile number specified by the sender, the message cannot be accessed.
Unfortunately, Gmail’s approach is still a far cry from that of truly secure email providers like ProtonMail and Tutanota. Like most email providers, Gmail doesn’t encrypt the contents of your inbox on the server. Google’s employees—or anyone who accesses your Google account—can, from a technical perspective, see the message.