Skip to content
Email Tools

guide · Gmail Compose & Drafts

Gmail Confidential Mode: How It Works (and Its Real Limits)

How Gmail confidential mode works: expiry dates, SMS passcodes, revoking access — and why a confidential email is not encrypted or private from Google.

Alexis Dollé By Alexis Dollé · ·
Gmail Confidential Mode: How It Works (and Its Real Limits)

As of 2026, Gmail confidential mode still does exactly two things and not a single thing more: it strips the forward, copy, print and download buttons from a message, and it lets you set an expiry date. I sent myself a confidential message, then tried to forward it, screenshot it, and read it after expiry — the results tell you precisely where this feature helps and where it gives a false sense of safety. Here is how gmail confidential mode works step by step on desktop and mobile, what the expiration date and SMS passcode really do, and the limits Google itself admits.

What gmail confidential mode actually is

Gmail confidential mode is a sending option that disables forwarding, copying, printing and downloading for the recipient and adds an expiry date after which the message can no longer be opened. According to Google’s Gmail Help, it does not prevent screenshots and is not end-to-end encrypted.

The feature has been part of Gmail for both personal and Google Workspace accounts for years, and its behaviour has not changed in 2026. When you send a gmail confidential email, the recipient sees the message body inside Gmail (if they use Gmail) or opens it through a Google-hosted link (if they use any other mail client). The forward, copy, print and download controls are simply not available to them.

It is best understood as friction against casual re-sharing. If you email a contract draft to one person and you do not want them to one-click forward it to a mailing list, confidential mode raises that barrier. What it does not do is make the message genuinely private — and the gap between those two ideas is where most people get caught out.

Best for: sending sensitive-but-not-classified content (a draft, a quote, an internal note) to one trusted recipient when you want to discourage easy forwarding and set a natural shelf life.

How it works under the hood

Confidential mode stores the message on Google’s servers and shows the recipient a rendered view rather than a normal, downloadable email. Gmail recipients see it inline; non-Gmail recipients click a link to a Google-hosted page. The expiry and access controls are enforced by Google’s servers, not by encryption.

This server-side model is the whole story. Because Google renders the message for the recipient instead of handing over a portable copy, it can withhold the forward, copy, print and download options and it can cut access on a schedule. That is genuinely useful — but it only works because Google keeps the content and controls the view.

A few mechanics worth knowing from my own testing:

  • Non-Gmail recipients get a link, not the text. When I sent a confidential message to a non-Gmail address, the email that arrived contained a short notice and a “View the email” button, not the body. Some recipients find this confusing or treat it as suspicious.
  • The copy lives in your Sent folder. Your own sent copy behaves like a normal email — you can read it any time, including after the recipient’s access has expired.
  • It rides on standard transport security. Confidential mode uses Gmail’s normal TLS in transit, the same as any email. It is not a separate encryption layer.

If you also want a real review buffer before a message leaves your hands, pair this with Gmail’s schedule send a message feature, or the short undo send delay window for last-second recalls.

How to send a confidential email on desktop

On Gmail web, click Compose, then click the lock-with-clock icon in the bottom toolbar of the compose window. Set an expiry date and a passcode option, click Save, write your message, and click Send.

The step-by-step on the web client:

  1. Open Gmail and click Compose.
  2. In the compose window’s bottom toolbar, click the confidential mode icon — a small padlock with a clock beside it.
  3. In the panel that opens, choose an expiration date from the dropdown (1 day, 1 week, 1 month, 3 months, 5 years).
  4. Choose a passcode option: No SMS passcode or SMS passcode.
  5. Click Save.
  6. Finish writing the email — you will see a banner at the bottom confirming confidential mode is on, with the expiry date shown.
  7. Click Send.

To change the settings before sending, click Edit in that confidential-mode banner. I tested this flow in June 2026 and the panel matched Google’s current Gmail Help documentation exactly.

How to send one on Android and iPhone

In the Gmail app on Android or iPhone, tap Compose, then tap the three-dot menu in the top right and select Confidential mode. Set the expiry and passcode, save, finish the message, and tap Send.

The mobile flow is almost identical on both platforms:

  1. Open the Gmail app and tap the Compose pencil.
  2. Tap the three-dot menu (⋮) in the top-right corner.
  3. Tap Confidential mode.
  4. Set the expiration date and choose No SMS passcode or SMS passcode.
  5. Tap the back arrow (Android) or Done (iPhone) to save the settings.
  6. Finish composing and tap Send.

When I sent a confidential message from the Gmail Android app to a separate inbox and tried to forward it on the receiving end, the forward option was missing — exactly as the desktop version behaves. The protections are enforced server-side, so they apply regardless of which device the recipient uses.

Expiration dates, passcodes and revoking access

An expiry date sets how long the recipient can open the message; you can revoke access early by opening the email in Sent and clicking Remove access. The SMS passcode texts a one-time code to the recipient, which requires giving Google their phone number.

Here is how each control behaves in practice — this is the part where you most need to expire email gmail-side correctly:

  • Expiration date. Options run from 1 day to 5 years. After the date passes, the recipient’s link stops rendering the content. Your Sent copy stays readable.
  • Revoke (Remove access). You do not have to wait for the expiry date. Open the message in your Sent folder and click Remove access to cut the recipient off immediately. I tested this: once revoked, reopening the recipient link showed an access-denied notice rather than the body.
  • No SMS passcode. Gmail recipients open the message directly. Non-Gmail recipients receive a passcode by email to open the Google-hosted view.
  • SMS passcode. Every recipient gets a one-time code by text message. This is stronger against the wrong person reading it — but per Proton’s analysis, choosing it means you hand the recipient’s phone number to Google, which can then link that number to their email address.

Skip the SMS passcode if: you are uncomfortable sharing a contact’s phone number with Google, or you do not actually have it — the email passcode path works without one.

What confidential mode does not protect

Confidential mode does not prevent screenshots or photos, is not end-to-end encrypted, and does not hide content from Google. Google states recipients can still capture the screen, and the message remains on Google’s servers even after it “expires”.

This is the honest part, and it is short on purpose:

  • Screenshots and photos are unstoppable. Google’s own Gmail Help says confidential mode “doesn’t prevent recipients from taking screenshots or photos of your messages or attachments.” When I opened my test message and pressed the screenshot key, nothing blocked it. Security reviewers have described bypassing the restrictions as a roughly ten-second job.
  • Not end-to-end encrypted. Proton’s analysis puts it plainly: “Gmail’s confidential mode does not mean your messages are end-to-end encrypted.” It uses standard TLS in transit, then the content sits decrypted on Google’s servers.
  • Google can read it. Because the content lives server-side, Google retains access. Confidential mode does not change that.
  • “Expired” is misleading. The Electronic Frontier Foundation argued that because messages remain retrievable by the sender and by Google after the expiry date, calling them expired oversells the protection.
  • Malware on the recipient’s machine can copy it. Google notes that a recipient with malicious software may still be able to copy or download the content.

The danger is behavioural: people send things through confidential mode that they would never have sent in a plain email, believing it is locked down. It is not.

When to use something stronger

Use end-to-end encryption — a PGP-capable client or an encrypted email provider — when the content is genuinely sensitive (legal, medical, financial, credentials). Reserve confidential mode for low-stakes anti-forwarding, not for secrets you cannot afford Google or a screenshotting recipient to keep.

A simple decision rule from years of testing email tools:

  • Confidential mode is enough when the worst case of the recipient forwarding or saving the message is mild embarrassment or inconvenience — a draft, a quote, an internal heads-up.
  • You need real encryption when the worst case is serious harm: passwords, identity documents, health records, financial account details, anything subject to a confidentiality obligation. For these, use a provider that offers end-to-end encryption so the content is unreadable to the mail provider itself.

A practical hardening step regardless of which route you choose: lock down the account doing the sending. Turn on two-factor authentication on Gmail so a leaked password alone cannot expose your sent confidential threads. And if you frequently juggle senders, get comfortable with sending as a different address so the right identity carries the right level of protection.

Alexis Dollé, founder of Email Tools
Alexis Dollé
Founder & Editor

Alexis Dollé, email expert for 10+ years. Founder of Email Tools. I test every email client and utility myself, then write about them the way I’d explain them to a friend — no marketing fluff, no sponsored rankings, every claim sourced.

LinkedIn

Frequently asked questions

Is Gmail confidential mode actually secure?

It blocks forwarding, copying, printing and downloading, and lets you set an expiry date, but it is not end-to-end encrypted. Google can read the content, the message stays on Google’s servers after expiry, and recipients can still screenshot or photograph the email. Treat it as anti-casual-sharing, not as protection against a determined recipient or Google itself.

Does confidential mode encrypt my email?

No. Confidential mode uses Gmail’s standard transport encryption (TLS) in transit, the same as any normal email. It is not end-to-end encrypted, so Google can read the message on its servers. For end-to-end encryption you need a different tool, such as a PGP-based client or an encrypted email provider.

Can the recipient still take a screenshot of a confidential email?

Yes. Gmail disables forward, copy, print and download, but it cannot stop a recipient from taking a screenshot or photographing the screen with another device. Anyone who can read the message can capture it. Security researchers have shown the restrictions can be bypassed in seconds.

What happens when a confidential email expires?

After the expiry date the recipient can no longer open the message from the access link. The copy in your Sent folder remains, and Google still holds the content on its servers. The Electronic Frontier Foundation has argued that calling these messages “expired” is misleading because they remain retrievable by the sender and by Google.

Do I need the recipient’s phone number for the SMS passcode?

Yes. If you choose the SMS passcode option, you must enter the recipient’s mobile number so Google can text the code. This means handing the recipient’s phone number to Google, which can link it to their email address — a privacy trade-off worth weighing before you use it.

How do I send a confidential email on my phone?

Open the Gmail app, tap Compose, then tap the three-dot menu in the top right and choose Confidential mode. Set the expiry date and passcode option, tap the back arrow or Done to save, finish the message, and tap Send. It works the same on Android and iPhone.

Sources & references
  1. Google, “Send messages & attachments confidentially” — official documentation for confidential mode, expiry dates, passcode options, removing access, and the stated screenshot/encryption limitations. Accessed 2026-06-03. support.google.com/mail/answer/7674059
  2. Proton, “Gmail confidential mode is not secure or private” — independent analysis confirming the feature is not end-to-end encrypted, that Google can read the content, the phone-number privacy trade-off, and the EFF “expired is misleading” point. Accessed 2026-06-03. proton.me/blog/gmail-confidential-mode-security-privacy

Related: schedule send a message, undo send delay window, two-factor authentication setup.