Send encrypted emails easily and securely

For an extra layer of security for emails with sensitive content, add GMX encryption.

Email encryption

Email encryption explained

GMX follows the highest standards of security and data protection as a European email provider. For example, GMX only stores emails in secure European data centres and encrypts all transmission paths automatically. Sometimes, however, you’ll want even more security when sending emails containing sensitive content like contracts or doctor’s notes. For this reason, GMX provides its users with the option of using encrypted communication, a reliable, free, and easy-to-use layer of security that is also available for mobile devices.

Encrypting an email makes the information it contains unreadable to anyone except those authorised. This may be desirable especially for emails including sensitive content, or simply for general personal privacy reasons. Email encryption is the best way to communicate securely via email. You won’t have to worry about the content and attachments of your email or the addresses of the sender or recipient falling into the hands of third parties.

How does email encryption work?

GMX email encryption relies on the OpenPGP end-to-end encryption procedure. This is the highest standard of encryption security, and since its introduction, OpenPGP has not been cracked.

How does PGP email work? OpenPGP uses two complementary keys: a public key for encryption and a private key for decryption. The public key is shared with the party you’re communicating with and encrypts the email. Then, the encrypted message is “assigned” to the owner of the private key, meaning it can only be decrypted using this private key. This makes it extremely important to keep the private key safe and secret.

With free email encryption from GMX, sending and receiving encrypted emails is simple, and makes taking part in encrypted communication just as easy as sending a regular email.

Email encryption in 3 simple steps

It’s easy to do!

PGP Setup Step 1

1. Free download

Download the free Mailvelope browser extension.

Set-up Step 2

2. Set up a password

Create a key password, which will be used to protect your data.

Setup Step 3

3. Set up backup

If you lose your key password, this lets you recover it. It also helps you set up encryption on your other devices.

Encrypted email

Writing encrypted emails is as easy as writing normal ones!

PGP MailCheck

GMX MailCheck and encrypted communication

With GMX MailCheck, you can easily send an encrypted message with just one click once you’ve set up encrypted communication. You don’t need to log in every time you want to send one.

More info

Encryption details

Simple to use & secure

Proven standard

Encrypted communication is based on OpenPGP.

More about the Standard

Simple to use

GMX has made the procedure behind encrypting messages as simple as possible so that everyone can use it.

More about the usage

Safe and secure

GMX has maintained a high level of security, even with its simplified procedure.

More about safety

The gold standard of encryption

Further information

Gold standard for encryption

OpenPGP (short for “Pretty Good Privacy”) is the open-source gold standard for fast and secure end-to-end email encryption, which is why GMX relies on it. OpenPGP has never been cracked, making it extremely secure. When emails are encrypted using OpenPGP, the sender, recipient, subject, metadata, and the contents are made completely inaccessible to unauthorised parties.

How OpenPGP works

PGP email encryption is done by using two complementary keys: one public key for encryption and a private key for decryption. The public key “locks” the message of the person you’re communicating with so that only the person with the private key can decrypt and read it. That’s why it’s so important for the private key to be kept secret. The use of these interdependent keys guarantees the highest level of security.

Global use

PGP email is an encryption procedure that is recognised all over the world, making it an ideal method for carrying out encrypted communication across countries and systems. Other methods of encrypting emails only make it possible with one-way communication inside the encryption program and fail to make their process transparent. In contrast, OpenPGP has made sure to make its procedure and functionality completely transparent.

Simple to use

Further information

Unhackable

GMX users can enjoy unhackable email communication without needing to have expert knowledge, thanks to GMX’s email encryption procedure. GMX made the OpenPGP procedure as simple as possible, optimising it for user-friendliness. This was made conceivable because of its cooperation with Mailvelope, an open-source project based in Heidelberg, Germany, that offers a browser-based OpenPGP solution of its own.

Key generation made easy

With GMX, keys are generated in an easy 3-step setup process, which considerably simplifies the otherwise lengthy and complicated process of key-generation. The public and private complementary keys required for encryption are created in the background, meaning the user isn’t inconvenienced by the technical process behind this. Storing the keys locally in the browser extension makes outside access impossible. For another layer of security, a key password is created during the setup process. Those who already have a PGP key can import it by going to the options in the browser extension.

Setting up an optional backup

In the third step of the setup process, users can set up a backup in case the key or key password ever gets lost and needs to be recovered. Encrypted messages cannot be decrypted without a backup if the key or key password was lost. Mailvelope keeps the required data secure in a security container with a 26-digit code. The recovery code is sent out via a document, which the user must print out and store securely. Though this backup procedure is optional, GMX highly recommends setting it up.

Use with mobile devices

Users can enjoy email encryption on their mobile devices as well. This is yet another feature that sets GMX apart from other existing OpenPGP procedures. Users can activate email encryption in the GMX Mail App using a QR scan or the recovery code they received from the recovery document while setting up the backup option. Once encrypted communication has been set up successfully on the PC, the Map app will provide the option to use this capability on mobile devices.

Better key management

For encrypted communication to work, both the sender and the recipient must have each others’ public key. This would normally require the communication partners to exchange and manually verify the keys. However, GMX offers two alternatives to this manual procedure.

If email encryption has not yet been set up by the email recipient, the sender must email them a personal invitation to do so, which will also provide them with both the public key of the sender and instructions for starting to set up encryption. After the recipient has successfully set up encrypted communication, their public key is sent to the sender, but in the background.

If the recipient has already set up encryption, the GMX Key Directory will already have their public key. The sender must simply enter the recipient’s address and their public key is made available to them. Stored keys all have the GMX signature, ensuring that the key is authentic. If you do not wish for your public key to be stored, go to your mailbox settings to remove it from the GMX Key Directory at any time.

Security you can trust

Further information

Reliable security

GMX makes its encryption procedure transparent by disclosing how the process works as well as the source code behind it. Plus, it’s audited by independent external security experts. You can therefore rest assured that the security of GMX encryption can be counted on, even with its more user-friendly procedure.

Browser-based encryption

GMX has deliberately chosen browser-based encryption since that’s the only sure way of providing true end-to-end encryption. That’s because encryption using the browser-based method takes place on the user’s computer and not on the provider’s end. By partnering with Mailvelope, GMX’s encryption procedure ensures that the encryption technology is kept separate from users’ data.

Other security features

Mailvelope’s browser extension provides even more security options. While taking part in encrypted communication, the graphical security background, which can be customised by the user, is displayed during all stages. This means that users can easily check to make sure their window has not been altered. Mailvelope’s security protocol, yet another security feature, can also be viewed in settings. The security protocol logs all actions the user has taken with regard to the browser extension. When the user accesses the extension via the secured window, the browser extension displays an ‘OK’.

Email Encryption FAQ

5 FAQ about GMX encrypted emails

How much does it cost to use GMX encrypted communication and the Mailvelope browser extension?

You can use GMX’s encrypted email service completely free of charge! 

I need some help with setting up encrypted communication. Is there a manual I can use?

Yes, you can find step-by-step instructions here. 

How secure is encrypted email?

GMX’s encryption procedure relies on OpenPGP, a procedure which has never been cracked, making it an extremely secure process. 

How can I create a new email that’s encrypted?

Just how you would write a normal email, you write an encrypted email using your mailbox. Locate the button with a lock next to the ‘Compose Email’ button. Click on it to compose a new encrypted email. For detailed instructions, you can also visit our help page about sending encrypted email

I lost my key or forgot my password. What can I do?

During setup of encrypted communication, GMX gives you the option of setting up a backup recovery document, which has a recovery code printed on it. You will use this recovery code to recover your key and password. That’s why it’s so important to keep the recovery document in a secure place, inaccessible to unauthorised parties. 

More security questions

Further information

Does GMX also encrypt email attachments?

Yes, the attachments you include in your encrypted email, like photos, documents and other files, are also encrypted using OpenPGP.

How does the Mailvelope browser extension deal with my data?

Your keys are created and managed by Mailvelope but stored locally in your device’s browser extension. This means that they cannot be accessed from outside your device.

Can the service providers or government access my emails?

No. All important data is stored by the user thanks to the browser-based method. No government agency, nor GMX or Mailvelope can access the content of your encrypted emails. This makes even court decisions demanding data delivery ineffective.

Can my emails always be read by others after they have been decrypted?

No. Content that has been decrypted is only temporarily and locally visible on a device. The email must be decrypted every time it is opened.

How does SSL (Secure Sockets Layer) encryption differ from email encryption in Europe?

With email encryption in Europe, the email is protected even if it leaves the secure European email network. That is, encrypted communication complements transport encryption. This ensures complete data protection, even when emails are sent abroad to regions with weaker regulations and without encrypted connection paths. This is because only the authorised recipient will be able to decrypt the message.

Why does GMX use a browser-based storage method?

With browser-based encryption, GMX can ensure that the encryption takes place locally on the user’s computer and not in GMX’s infrastructure, unlike with the server-side method. Because of the partnership with Mailvelope, all data relevant to your security like keys or the respective passwords are outside of GMX’s access. The separation of encryption technology and user data is thereby ensured.

Why did GMX opt for using OpenPGP for its encrypted communication procedure?

OpenPGP is the gold standard for encryption and is used worldwide, making it compatible with a variety of different systems while providing top-notch security. OpenPGP is transparent with regard to its source code and functionality. It is also monitored by external security service providers.

Did the encryption procedure undergo a review?

Yes. External and independent security service providers reviewed the encrypted email process.

Can I verify if a key actually belongs to the sender it claims to?

Yes. You can use the PGP check number, or “fingerprint”, to do this. Once you confirm a new contact to whom you would like to send encrypted emails, an ’i’ will appear next to their email address. Click on the ‘i’ to show their fingerprint. Have them confirm their fingerprint in person or over the phone in order to verify that the key actually belongs to your contact.

Is it possible to verify that GMX has signed the key?

Yes. To guarantee their authenticity, GMX uses its public key to sign all the keys stored in the Key Directory. To verify that GMX has signed a certain key, import the GMX key through the options in the Mailvelope browser extension. The corresponding fingerprint is: C394 C011 0A17 0954 47F1 5F0D 1DA4 1713 9553.

What does the digital signature indicate?

By default, all encrypted emails include the digital signature of the sender. This signature states that the email comes from the sender and that the content of the email has not been manipulated or altered during transmission. To verify whether a signature is valid, simply look in the lower left-hand area of the encrypted email.

Questions regarding setup

Further information

Do I have to go through the encryption setup process each time I want to send an encrypted email?

No, each user has to only complete the process to set up the email encryption service once.

Do I have to use encrypted communication with GMX?

No, using and setting up encrypted communication is entirely voluntary. Even after you’ve set it up, you will always have the option of whether you wish to encrypt the email you are writing or not.

I forgot my password and cannot find my recovery document. It is possible to re-establish my encrypted communication?

If you can find neither your password nor your recovery document, contact our customer service so that they can reset encrypted communication for you. Keep in mind, however, that the emails you sent or received up until that point cannot be decrypted again.

Can I change my key password?

No, you can neither change nor reassign a key password. If you have forgotten it, you can display it using the recovery code from your recovery document.

I already have keys that I’ve created. Can they be imported?

Yes, your keys can be imported. Go to the expert settings in the Mailvelope browser extension to do this. Keep in mind, however, that these keys cannot be recovered using the recovery document. Also make sure that you do not delete the keys created by Mailvelope and GMX, as this will make the setup of GMX email encryption no longer be recognised.

Is it possible to set up encrypted communication if I already use Mailvelope?

For instructions on how to migrate your keys, please visit our help page about managing keys with Mailvelope.

Can I decrypt emails that I have previously encrypted using the mailbox?

Yes. Go to the expert settings in the Mailvelope browser extension to do so and import the key pair for the encrypted emails. Forward the emails to your mailbox. Keep in mind that these keys cannot be recovered using the recovery document. Make sure not to delete the keys that were created by GMX and Mailvelope as this will cause the encrypted communication setup to no longer be recognised.

Can I deactivate encrypted communication?

Yes. Simply contact our customer service so that they can reset your account. Keep in mind, however, that emails that are already encrypted can no longer be decrypted once you do this.

Questions regarding usage

Further information

Can I send encrypted emails to people using other email providers?

Yes, as long as the recipient also uses OpenPGP, you can send emails to them in encrypted form.

Where are my encrypted emails located?

Those encrypted emails that were sent to you can be found in your Inbox as usual. Those sent by you can be found in your 'Sent' folder. To make it easy for you to tell which emails are encrypted, we’ve marked them with a lock icon.

Is it possible for me to see that my communication is encrypted?

Emails that you’re reading or writing feature a customisable colourful background when they’re encrypted. Your browser extension will also display an ‘OK’ to indicate when you’re accessing the extension through the security window. For more information, please visit our help page about receiving and reading encrypted email.

Can the contents of a decrypted email be copied using Crtl+C?

Yes. Keep in mind, however, that the copied content is decrypted in the cache, meaning that it can be retrieved even after you have logged out as long as you have not emptied or overwritten the cache.

Is it still possible to read encrypted emails if I have forwarded my GMX mailbox to another email address?

As long as you set up encrypted communication with the destination mailbox, you should be able to also read the forwarded encrypted emails. However, if the destination mailbox is with a different provider, encrypted communication may not be offered with them or they may have a more complicated setup process.

What is the Key Directory used for?

The GMX Key Directory stores your public key by default after you have set up encrypted communication. This is done to simplify communication. Your public key is made available when you enter a recipient’s address. If you do not wish for your key to be stored in the Key Directory, revoke your consent under ‘Encryption’ > ‘Privacy’ in ‘Settings’.

No GMX account yet?