This in-depth guide shows you exactly how to encrypt email, while also taking a look at the best encrypted email services.
Despite being one of our oldest methods of online communication, email is still one of the most popular. Untold billions of email messages fly around the world every day, carrying personal and business messages that we depend on, making email a prime target for snoops and spies of all types.
Unfortunately, experience shows that most large email providers do not respect the privacy of your inbox. For example,
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases. (See our guide on the best Gmail alternatives.)
- Advertisers are allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo was also caught scanning emails in real-time for US surveillance agencies.
And the problem runs deeper than the policies of your email provider.
Where your email service is located can have a huge impact on your email privacy. While jurisdictions like Switzerland have laws that protect your online privacy, others (unfortunately including the United States and its Five Eyes friends) have laws in place to erode it.
Leaving aside all the folks who can legally stick their nose into your email communications, there are also the illegal peeping Toms. While email services take steps to protect your messages from outsiders (aside from themselves), these steps are not foolproof.
Data breaches do result in crooks getting their hands on the passwords of email accounts, which can result in identity theft, fraud, and other crimes. Hackers do manage to get access to people’s inboxes. If some creep gets access to your inbox, there is nothing to stop them from reading your email and stealing all that juicy personal information.
As you can see, email security is a big issue today. There are a lot of different ways in which your email privacy can be compromised. In this guide, we’ll talk about various scenarios in more detail, and I’ll show you how to encrypt your email to protect against at least some of these problems.
Why is email encryption important?
Once you see the scope of the problem, we think you’ll agree that you need to encrypt at least some of your emails.
Data breaches – Breaches of the databases at companies large and small expose hundreds of millions, if not billions of records per year. Some unknown number of those records are email messages, stored on mail servers around the world. Bad guys of all stripes target email messages because they can contain valuable information that can be sold or used for fraudulent activities. Financial data, vacation plans, corporate strategies, and personal data are all juicy targets.
Pervasive surveillance – Years ago, Snowden and others revealed the vast scope of surveillance programs (many of at best marginal legality) that are being run around the world. Since then, the problem has only grown, with governments around the world sucking up every bit of email data they can get their hands on. Private companies are in on the act too, who may collect and sell your email content, or use it to target you with heads.
Because most email services store your data on their servers in unencrypted form, you have no real privacy. Hoping that big providers of free email services like Gmail won’t read your messages and use what they find for their own purposes, is foolish in the extreme.
We know that Gmail, for example, reads through every message you send or receive looking for information like airline reservations to add to your calendar. Then there is Smart Reply, an optional feature that reads messages so it can suggest short replies that might be relevant to the content of that message. While features like these can be useful, they can only work if Gmail can read and understand (at least a little bit) your email messages.
How can you protect your email messages?
There are a few approaches you can take to protecting your email messages from being read by the wrong people. The easiest solutions are ones where the email provider makes sure that only the intended recipient can read the messages you send.
Gmail’s Confidential mode
Gmail’s Confidential mode is an example of an approach where the email provider makes sure that only the intended recipient can read messages. Beyond controlling access to the message, Confidential mode restricts what the recipient can do with the message (no forwarding, etc.), and causes the message to be inaccessible after a set amount of time. This sounds good, so let’s keep going with it.
To use Confidential mode, you compose your message normally. When you are ready to send the message, you select Confidential mode. Gmail displays the following dialog box:
This looks promising. For someone to read the message, they will need to enter the passcode. But there are a couple of drawbacks to this approach.
First is that passcode. Note the sentence circled in red, “All passcodes will be generated by Google.” In other words, Google is in control of the code that gives access to the message, not you, and not the recipient.
Second is the fact that selecting Confidential mode doesn’t hide the contents of your message from Google. Confidential mode protects your mail from everyone except Google. It doesn’t create an encrypted email message. It simply prevents someone from seeing the message unless they enter the password.
A solution like this is only useful if you don’t mind your email provider continuing to have access to your email.
If you really want to protect the privacy of your inbox, you can’t rely on solutions like Confidential mode. It is time to talk about email encryption.
About email encryption
Email encryption is a growing market. According to Facts and Factors, the global email encryption market is expected to grow at a compound annual growth rate of 21.4% fro 2021 to 2026. Clearly there is widespread demand for email encryption.
If we start talking about the details of various ciphers and encryption algorithms used in email encryption, we’ll be here for a very long time… and your email may never get encrypted. So we’re going to try to keep this discussion at a high level.
To protect your email against any and all of the attackers we discussed at the top of this article, we need to use something called end-to-end encryption. This is often abbreviated as E2E encryption (or even E2EE).
Why use E2E encryption with email
E2E encryption means that you encrypt something (email in our case) on your computer or mobile device, and the recipient decrypts it on their computer or mobile device. Why is this important?
Think about how an email message gets from you to the recipient. You create the message in some email program. When you hit Send, the message passes out of your computer onto a connection controlled by your Internet Service Provider (ISP). The message then goes to your email provider, who passes it along another connection controlled by some other service, and so on. Eventually, the message arrives in the recipient’s inbox at their email provider. Then it goes through another set of connections controlled by other entities until it ends up on the recipient’s computer to be read.
That’s an awful lot of steps. At any one of those steps it is theoretically possible for someone to try to read your email. E2EE solves this problem. Done right, no one read encrypted messages except the sender and the recipient.
If you encrypt your email before it leaves your device, and the recipient decrypts it once it arrives on their device, no one in the middle will be able to read it.
Since E2E encryption is the way to go, we’ll show you one way you can do it. But first we have to discuss…
The drawbacks of E2E encryption
While E2E encryption is the only way to protect your email from the various threats out there, it does have some real drawbacks, such as:
- It is more complicated than just sending email the old way. You’ll see what we mean in the next section.
- The people who receive encrypted emails need to know what to do with them. This too will become clear shortly.
- The powers that be don’t much like any kind of encryption. For example, the European Parliament is currently considering a bill forcing all email (and other types of messages) to be scanned for possible child abuse.
- Encryption makes it harder for governments and law enforcement to spy on you, corporations to earn money from your personal data, and social media companies to censor you.
How to encrypt email
There are two ways to E2E encrypt email. On the assumption that you are not prepared to change email services right now, we are going to talk about how you can end-to-end email encryption to the bodies of your messages before letting providers like Gmail and company see them.
Recommended: The alternative approach is to switch to a secure email provider that respects your privacy and builds E2E encryption right into their product. For more on this approach, check out our review of the best private and secure email providers.
How email encryption works
The essence of the process is that regular readable text (also called plaintext) gets converted into encrypted text (also known as ciphertext). The “key” to the encryption process is that the algorithms use an encryption key to turn plaintext into ciphertext. Likewise, the decryption algorithm that turns ciphertext back into plaintext depends on a decryption key.
Encrypting an email message turns the body of the message into ciphertext. Some encryption approaches also encrypt additional parts of the message, possibly including the subject line and/or any attachments.
However, certain parts of the email need to remain unencrypted. For example, the email address of the recipient cannot be encrypted if you want the message to actually arrive at its destination!
Other metadata is also readable, one of the key drawbacks of email in general (but we’ll discuss more secure alternatives below).
Symmetric vs asymmetric encryption
There is one more aspect of how encryption works that you need to know about before we can move forward. Remember that we said turning your message into ciphertext requires an encryption key, and turning it back into plaintext requires a decryption key.
The relationship between the encryption key and the decryption key can be either symmetric or asymmetric. In symmetric-key encryption, the encryption key and the decryption key are identical or related by a simple transformation. In effect, the encryption/decryption key pair is a secret shared between the sender and the recipient.
To send a message using symmetric key encryption, the sender encrypts the message using their copy of the secret key and the recipient decrypts it using their copy of the secret key.
In asymmetric-key encryption (more commonly known as public-key encryption) the relationship between the encryption and decryption keys is much more complex. Each person has both a public key and a private key.
The public keys can be shared publicly and are used to convert plaintext to ciphertext. The private keys are kept secret and used to convert ciphertext back into plaintext.
With asymmetric-key encryption, there is no need for a shared secret. Both parties publish their own public keys and keep secret their own private keys.
To send a message using asymmetric key encryption, the sender encrypts the message using the recipient’s public key and the recipient decrypts it using the recipient’s private key.
Pros & cons of encryption methods
As you might expect, each approach has pros and cons.
Symmetric-key encryption is easier to implement, and generally faster to encrypt/decrypt messages, but requires the sender and receiver to somehow agree on an encryption key and share it (securely). This could require a phone call, face-to-face meeting, or some other creative methods.
Asymmetric-key encryption is more complicated, in that it needs some system for discovering the public key of a person you want to communicate with. Certificate Authorities issue digital certificates that certify that a particular public key is owned by a particular person. Certificate Authorities need to be trusted services for this approach to work, but they make it possible to send encrypted messages to someone you have never communicated with before.
Introduction to Mailvelope
There is an encryption solution you can use to add E2E encryption to several webmail services in addition to industry giants like Gmail and Yahoo mail. That solution is Mailvelope, a browser extension for Chrome, Edge, or Firefox. The extension works by adding optional PGP encryption to services that don’t already have it.
The details of using Mailvelope differ for each service, so we won’t give you a “how to” here. Instead, we urge you to visit the Mailvelope website, as well as the support pages of the email service you are considering, to find out if and how Mailvelope works with that service.
What are the best encrypted email services?
As noted above, we think the best solution is to switch to an email provider that offers support for end-to-end encryption. Many email services offer support for various encryption options:
- One of the most popular encryption methods for email is PGP, which stands for Pretty Good Privacy. Support for PGP is built into most secure email providers.
- Some email services rely on a unique encryption method, outside of PGP. One popular example of this is with the email provider Tutanota.
- Email services also allow you to send a link to an encrypted message that can be accessed with a shared password.
If you are open to switching to a secure email service that supports built-in encryption, we’d encourage you to explore our guide on secure and private email services.
Here are the best encrypted email services:
- Tutanota – Based in Germany; free plans; very secure and open source email with full encryption of email inbox, contacts, calendar, and subject lines. (Tutanota does not use PGP due to concerns over PGP limitations and weaknesses.)
- ProtonMail – Based in Switzerland; free plans; secure and open source email that is based on PGP encryption
- Mailbox.org – Secure and private email based in Germany; fully-featured, support for PGP encryption
- Posteo – Privacy-focused email service based in Germany; anonymous payment options; no support for custom domains; strong PGP encryption standards
- Mailfence – Secure email based in Belgium, free plans up to 500 MB, fully-featured with built-in support for PGP encryption
- Runbox – A private email service in Norway, support for PGP encryption
- CounterMail – Based in Sweden, this email offers strong encryption options (based on PGP).
- Kolab Now – A higher-priced email service in Switzerland, Kolab Now has some good encryption options while also being fully-featured.
- StartMail – Based in The Netherlands, StartMail offers built-in PGP encryption support.
We have personally tested (and use) many different encrypted email services. We not only do this just to write reviews; we take data privacy seriously. Below I’m testing out the feature with ProtonMail to send an encrypted message to a person who does not use ProtonMail.
If you are serious about encrypting your email, it would be wise to first start out by switching to a secure email provider. Finding the best encrypted email service is very subjective and all comes down to your own unique needs. Check out our email reviews for an in-depth look at many providers.
What about encrypted email services based in the US?
Did you notice above that none of our recommended encrypted email services are based in the United States?
There’s a reason for this. And that is concerns about privacy and data security. There are many examples of US tech companies being forced to hand over private data to US authorities. This is particularly important with email services. Here are just two examples that we know about:
- Lavabit – Lavabit was a privacy-focused email based in the US that was forced to shut down when the owner refused to give up the encryption keys to government agents.
- Riseup – Another US email service catering to privacy-minded users, Riseup was hit with data requests and was forced to comply.
Here’s a quote describing the Riseup situation, which could affect any US-based email service:
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
Recommendation: Choose an encrypted email service located in a good privacy jurisdiction. If you don’t, your data could be at risk.
Encrypted email alternatives
One of the fundamental problems with email is metadata.
Email is structured in such a way that metadata is very difficult to conceal from third parties. Email headers can reveal a lot of private data. What’s worse, PGP, the most widely-used encryption protocol, does not encrypt subject lines. This exposes further data to third parties and potential adversaries.
Another problem is that most people simply do not want to use an encrypted email service and/or encrypt messages. This isn’t an easy problem to get around — unless you use an alternative to email.
Best alternative: encrypted messaging service
We’d recommend using a good encrypted messaging service if you are really concerned about privacy and data security. Most encrypted messaging services do a very good job encrypting data, collect little (or no) metadata, and offer stronger encryption than most email services.
Some of our favorite options are Signal, Session, WickrMe, and others. Check out the best secure messaging services for more options.
Conclusion on encrypting email in 2022
In this world where the assaults on our privacy grow by the day, it behooves us to take whatever steps we can to defend ourselves. One place you can fight back is in your email inbox. Unless you want a vast number of entities (from Google AIs to foreign spies) reading your email messages and doing who knows what with the information they find there, you need to encrypt your email.
Remember: If you aren’t up for rolling your own end-to-end encryption system, you can move your most important email connections to one of the private email services.
ProtonMail, for example, has a free version that handles E2EE for you and uses a system much like Gmail’s Confidential mode to send private messages to people who don’t use ProtonMail. And if your encrypted messaging needs aren’t too intense, you can get by just fine with the free version of ProtonMail or another one of our recommended encrypted email providers.
This guide on encrypted email was last updated on May 10, 2022.
Sven / Heinrich—what about SecureMyEmail and Preveil? Are they genuinely secure? Any reason not to use one of them instead of switching to Tutanota, ProtonMail, etc.? Thanks!
Hi there
This is great information for a newbie. I’m looking for secure email for a business that sends out documents to clients regularly along with e-invoicing (I’m sure that’s another “whole kettle of fish” with regards to privacy!)
The problem is, a lot of clients won’t have secure email – and so the business owner – while hoping to minimise the ability to be scammed or hacked, is also worried it might create resistance from clients.
Are there any secure email systems where you can send to clients and the messages won’t self-destruct, but protect the original sender from having their information stolen etc?
Any ideas on how to achieve the main goal of minimising the ability to hack the business owners and employees information and cause drama or dramatic problems?
Considering a VPN and also secure messenger also. The ability to share calendars would be useful. If you have any ideas – that would be great….or you can just tell me we’re dreaming!
This is ONE of the myriad of issues that I’m working on to help the owner in my capacity as admin on a shoestring 🙂
One more remark (or set of remarks, anyway) before I call it a night and go fix supper.
Besides the obvious benefits of privacy, using PGP/GPG can help keep from sending an e-mail to the wrong recipient. After all, you need a public key for the recipient in order to send the e-mail and if you try sending it to the wrong recipient, you aren’t likely to have their key.
For example, if you are sending an e-mail to someonesomewhere23432@gmail.com and you accidentally send it to someonesomewere23433@gmail.com, your e-mail client should complain that you don’t have a key for the destination and should refuse to send the e-mail. Of course if someonesomewhere23432@gmail.com doesn’t use PGP/GPG, your browser will happily send it to someonesomewhere23433@gmail.com.
One thing that I think is at least as important as the encryption and possibly far more important is the digital signatures you can use if you have a PGP/GPG key.
A few years ago, an employee of a public school somewhere between Amarillo and Lubbock, Texas received an e-mail from either the superintendent or a schoolboard member asking for personnel details such as social security number, birth date, …, for all school employees. The employee dutifully replied with all the details asked.
Sure enough, scammers filed tax returns for all the school employees, each of them with a sizable refund. The amount of time and effort it took for the employees to deal with the consequences of that one action was enormous. A CPA down the street from me told me that they can get it straightened out, but it might take a year or more to do so.
If the school had a policy of requiring the e-mails regarding school business to be digitally signed and to check the signature when replying to e-mails and that policy was strongly enforced, then the problem would never have happened. No e-mail signature should raise immediate and very strong concerns and, at the very least, a telephone call to the purported originator of the e-mail verifying the request and the address. But people don’t sign their e-mails and accept e-mails as being legitimate without question.
I’ve pushed for my company to require signing of e-mails but nobody but me does so. I’m thinking of pushing us to go with someone like ProtonMail or Mailfence to host our e-mails for this very reason.
Sure, encrypting e-mails is nice, but as far as I’m concerned, signing e-mails is far more important. Even if that school district had required encryption, it wouldn’t have helped if the scammer had encrypted the e-mail. Encrypted or not, they needed it to be digitally signed to be confident that the request was legitimate. If we can get people to digitally sign their e-mails, we will be ahead.
1) Distribute your public key.
2) Sign your e-mails.
3) When you receive a public key from others, verify it as best you can.
4) Check the e-mails you receive for a signature.
5) If the e-mails aren’t signed and verified with a trusted public key, treat it as being very suspicious.
6) And if you want, encrypt them, too.
Several people have mentioned using a command line to create and use PGP/GPG keys.
This is far from being a tutorial, but may help you get started. The following are being done as I go on an OpenBSD machine (let’s just call it guardian.example.com) from a user billyjerk. (I’m setting up an account just for this and will delete the account when done.)
=============================
First, to create an account using GPG:
guardian$ gpg –full-gen-key
…
Please select what kind of key you want:
(1) RSA and RSA (default)
…
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (3072) 4096
Requested keysize is 4096 bits
Please specify how long the key should be valid.
…
Key is valid for? (0) 33y
Key expires at Mon Jun 28 23:45:56 2055 CDT
Is this correct? (y/N) y
…
Real name: Billy Jack
Email address: billyjerk@guardian.example.com
…
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o
[At this point, it will generate the key and ask for the password. ]
gpg: revocation certificate stored as ‘/home/billyjerk/.gnupg/openpgp-revocs.d/4E815BC30AAC04CB59E7BA1E87BF3C4349BADAFD.rev’
public and secret key created and signed.
…
pub rsa4096 2022-07-07 [SC] [expires: 2055-06-29]
4E815BC30AAC04CB59E7BA1E87BF3C4349BADAFD
uid Billy Jack
sub rsa4096 2022-07-07 [E] [expires: 2055-06-29]
And, voila, we have a key.
=============================
To get the public key:
guardian$ gpg –export –armor billyjerk@guardian.example.com
—–BEGIN PGP PUBLIC KEY BLOCK—–
mQINBGLGZWgBEAC7GQxczI5lBN+lurU3b6ioC+0sDWRpIMwzO12w7xEXuQ+I48yq
mNnXxI7xE438eFXtgpeWeO9SzPzzb8B/XuC6qduLOYOd+dcC+zSMLWXAOmctRt+o
…
y1IxnXZLY0jdH7YsajVDVZYjaw==
=KqvS
—–END PGP PUBLIC KEY BLOCK—–
=============================
To encrypt a text file, foo.bar:
guardian$ cat foo.bar | gpg –encrypt –armor -r billyjerk@guardian.example.com > foo.bar.gpg
=============================
To decrypt the file
guardian$ gpg –decrypt –output foo foo.bar.gpg
Note that it will ask for the password before decrypting the file.
=============================
To import a public key from the file publickey-abner
guardian$ gpg –import publickey-abner
gpg: key 69334B3B4BFE0DCC: public key “Abner ” imported
gpg: Total number processed: 1
gpg: imported: 1
=============================
Then mark it as trusted:
guardian$ gpg –edit-key abner@guardian.example.com
…
gpg> trust
pub rsa1024/69334B3B4BFE0DCC
created: 2022-07-07 expires: 2022-07-14 usage: SC
trust: unknown validity: unknown
sub rsa1024/E48ECFA3961ACCAE
created: 2022-07-07 expires: 2022-07-14 usage: E
[ unknown] (1). Abner
Please decide how far you trust this user to correctly verify other users’ keys
(by looking at passports, checking fingerprints from different sources, etc.)
1 = I don’t know or won’t say
2 = I do NOT trust
3 = I trust marginally
4 = I trust fully
5 = I trust ultimately
m = back to the main menu
Your decision? 5
…
pub rsa1024/69334B3B4BFE0DCC
created: 2022-07-07 expires: 2022-07-14 usage: SC
trust: ultimate validity: unknown
sub rsa1024/E48ECFA3961ACCAE
created: 2022-07-07 expires: 2022-07-14 usage: E
[ unknown] (1). Abner
…
gpg> quit
=============================
And you can list the key with
guardian$ gpg –list-keys abner@guardian.example.com
…
pub rsa1024 2022-07-07 [SC] [expires: 2022-07-14]
8FA85B8E656D4349E904018E69334B3B4BFE0DCC
uid [ultimate] Abner
sub rsa1024 2022-07-07 [E] [expires: 2022-07-14]
If you don’t specify the key to list, it will list all the gpg keys.
=============================
I think it’s pretty much the same on Linux and with gpgv2.
By the way, if you use Thunderbird as an e-mail client, it can handle generating the key for you. It makes it real simple, but I think it creates its own password for the secret key. I don’t know what it takes to be able to use the secret key it generates from another client or from a command line.
If you use evolution, you just generate them from the command line as above. Before you can encrypt an e-mail being sent, you need to mark it as trusted with the –edit-key option.
If you use sylpheed, I think it lets you encrypt an e-mail when sending it, but the last time I tried it, it didn’t seem to handle receiving an encrypted e-mail very well.
And there’s pine/alpine. I’ve never tried encrypting and decrypting e-mail with alpine.
By the way, from the command line, you can encrypt a log file and mail it in one command. From OpenBSD and with the username of the destination changed to protect privacy (I think that protonmail requires at least four characters and it isn’t billyjack because that name is taken by someone else so don’t send e-mail to it unless you know him and billyjack is just a nickname I had in the 70s):
billyjack@guardian: cat ~/tmp/tHexDump-220702-113711.log | gpg –encrypt –armor -r bj@proton.me | mail -s “tHexDump-220702-113711.log” bj@proton.me
I hope this helps you get started. There are lots of options and the man page is not always crystal clear.
This may or may not be useful to you.
I’m setting up a completely separate e-mail address to use for corresponding with banks and credit card companies and for notices from them. The idea is that when I receive a message that appears from them, if it is using that e-mail address, I have more confidence that the message is legitimate. If I get the message to my more public e-mail addresses, I will instantly view them with suspicion.
I haven’t decided yet whether to do this on my ProtonMail account or choose some other account. If it is on my ProtonMail account, any e-mail to the banking address will be filtered, tagged, and starred upon receipt. Any e-mail purporting to be from the bank but to my regular address would not be tagged with the bank tag (AmEx, BOA, Citi, …) even if they give every appearance of being genuine and thus easy to pick out. At the very least, this would draw an out-of-band telephone call using the telephone number of the bank (I pretty much personally know everyone at the local bank) or the number on the back of the credit card.
Unless they start digitally signing their messages, that is probably about as far as we can go.
I currently have a separate account on my workstation for on-line banking (so that I can quickly tell which account I’m logged onto, the wallpaper is of the lobby of Gringott’s Bank while the wallpaper on my usual account is generally related to cowboys and the Old West) and am getting ready to move it over to another computer to use pretty much just for that.
Ok, havent fully read much about emails and all other than using ‘safe’ ,privacy friendly ones. But if using an email encryption like spike mail app or fairemail or even pgp, will that help when using gmail? Well lets say from google.
Tunnel
Or
Font>Color>White
Those are behind a secure network that is monitored 24/7. Keystrokes, mouse clicks, nearby devices, etc. You can expect zero privacy, should state that as well. ,
The complaint made here about GMail is strange. That third parties can read emails is a necessary component of anything that supports third-party apps. Google’s handling of it is actually very good – it grants only specific data to a specific organisation. There are certainly other things to bemoan from Gmail, but this isn’t one of them. Meanwhile, your article on Gmail specifically’s only evidence that there are privacy problems is a pro-Apple tirade. I agree with The Hated One here, Apple isn’t the saviour of privacy it markets itself as.
The services mentioned here generally get around this issue by not supporting third-party apps like Thunderbird. They also generally don’t support third-party email servers negating the advantages email has as a federated means of communication.
| The complaint made here about GMail is strange. That third parties can read emails is a necessary component of anything that supports third-party apps.
If you use an e-mail client, you can send and receive encrypted e-mails and Gmail can’t read them. All they see is the armored encryption, not the text itself.
Building from source has proven (in all the many cases I have tried) a fool’s errand. GPG themselves say that GPG Tools is the binary build of GPG they recommend for Mac. I’d personally suggest downloading Thunderbird and using its built-in OpenPGP support ( https://www.howtogeek.com/706402/how-to-use-openpgp-encryption-for-emails-in-thunderbird/ ).
But yes, I’m with you on the fact that the solutions suggested here do not provide proper end to end encryption.