Most people assume that once an email leaves the sender's server, it's either safe or it isn't. That assumption is wrong. Traditional email forwarding passes your messages through third-party servers in plaintext, meaning the forwarding service can read every word. PGP (Pretty Good Privacy) encryption changes that equation entirely. When a forwarding service encrypts your incoming email to your public key before delivery, even the service itself cannot read your messages. This guide walks through how PGP email forwarding works, what it protects, where its limits are, and how to use it effectively.
Table of Contents
- What is PGP email forwarding?
- How does PGP email forwarding work?
- Compatibility, deliverability, and technical nuances
- Security, privacy, and real-world risks
- Why PGP email forwarding is powerful—but not a silver bullet
- Get started with privacy-first PGP email forwarding
- Frequently asked questions
Key Takeaways
| Point | Details |
|---|---|
| End-to-end content privacy | PGP email forwarding encrypts message contents so the forwarder and attackers can’t read your emails even if compromised. |
| Technical compatibility matters | Choosing PGP/MIME over PGP/Inline boosts compatibility with modern mail clients like Thunderbird and Gmail. |
| Limitations exist | PGP only protects message bodies, meaning metadata like subject lines and email addresses remain exposed. |
| Use defense in depth | Combining PGP forwarding with vigilant account hygiene, per-alias segmentation, and security awareness greatly enhances privacy. |
What is PGP email forwarding?
PGP email forwarding is not just a renamed version of standard forwarding. It's a fundamentally different approach to privacy. With traditional forwarding, your email alias receives a message and passes it along to your real inbox in plaintext. Every server in that chain has full visibility into your message content. If any of those servers are compromised, your data is exposed.
PGP email forwarding works differently. As ForwardEmail explains, it refers to using email alias and forwarding services that encrypt incoming emails to aliases using your PGP public key before forwarding them to your real inbox, ensuring the forwarder cannot read plaintext even if compromised. That distinction matters enormously.
Here is what makes PGP forwarding different from standard forwarding:
- Content protection: The message body is encrypted before it ever reaches your inbox, so the forwarding service only handles ciphertext.
- Alias shielding: Senders interact with your alias address, never learning your real email.
- Zero-knowledge design: Services that process emails in RAM and avoid disk storage cannot expose what they never store.
- Compromise resistance: Even if the forwarding service's servers are breached, attackers retrieve encrypted blobs, not readable messages.
Using privacy-first email aliases in combination with PGP forwarding gives you two layers of protection: your real address stays hidden, and your message content stays encrypted. That combination is significantly stronger than either approach alone.
"PGP email forwarding ensures that even the forwarding service is not a trusted party. You extend trust only to the math of asymmetric encryption."
This is a meaningful shift in how you think about email infrastructure. Instead of trusting every server your email touches, you trust your private key.
How does PGP email forwarding work?
The workflow behind PGP email forwarding is straightforward once you break it into steps. Understanding each stage helps you configure the system correctly and troubleshoot issues when they arise.
Here is the complete process from start to finish:
- Generate a PGP key pair. You create a public key and a private key using a tool like GPG or a client such as Thunderbird's built-in OpenPGP manager.
- Upload your public key to the forwarding service. Services like AnonAddy or ForwardEmail let you paste your public key directly into your account settings, often under a "PGP Keys" section.
- The service receives an email to your alias. When a sender messages your alias, the forwarding service intercepts it before passing it anywhere.
- Encryption happens in transit. The service uses OpenPGP.js or GPG to encrypt the message body with your public key, wraps it in a MIME-compliant format (preferably PGP/MIME per RFC 3156), and prepares it for delivery.
- The encrypted message arrives in your real inbox. What lands in your inbox is ciphertext. Without your private key, it is unreadable.
- You decrypt with your private key. Your email client or a local GPG setup decrypts the message using your private key, which never leaves your device.
The table below summarizes the key components of this workflow:
| Stage | Who handles it | What happens |
|---|---|---|
| Key upload | You + forwarding service | Public key stored; private key stays local |
| Email receipt | Forwarding service | Alias receives plaintext from sender |
| Encryption | Forwarding service | Body encrypted with your public key |
| Delivery | Forwarding service | Encrypted email sent to real inbox |
| Decryption | You (local client) | Private key decrypts message |
One important technical note: services that take privacy seriously process email in RAM only. No plaintext is written to disk, and no logs of message content are created. This zero-knowledge approach means even a server seizure yields nothing useful to an attacker. Our security overview covers how this principle applies to privacy-first infrastructure.
Pro Tip: Always verify that the forwarding service you choose explicitly states RAM-only processing and no plaintext logging. "We encrypt your emails" is not the same as "we never store plaintext." Ask for specifics or check their technical documentation.
Deliverability is also a factor. Services use Sender Rewriting Scheme (SRS) to preserve SPF alignment when forwarding, and they implement DKIM and DMARC compliance to prevent your forwarded messages from landing in spam folders. This is not just a convenience feature; it is essential for the system to work reliably at scale. If you also need secure file transfer alongside encrypted email, encrypted file transfer tools that use client-side encryption follow the same zero-knowledge principle.
Compatibility, deliverability, and technical nuances
Once you understand the core mechanics, real-world deployment introduces a few additional layers of complexity. Knowing these nuances upfront saves you from frustrating troubleshooting later.
PGP/MIME vs. PGP/Inline
There are two ways to embed PGP encryption in an email: PGP/MIME (defined in RFC 3156) and PGP/Inline. They are not interchangeable, and the difference matters for client compatibility.
| Feature | PGP/MIME | PGP/Inline |
|---|---|---|
| Standard | RFC 3156 | Older, informal |
| Attachment handling | Encrypts attachments properly | Attachments often excluded |
| Non-ASCII support | Full support | Can break with special characters |
| Thunderbird support | Full, native | Dropped in recent versions |
| Web client compatibility | Requires plugin/extension | Slightly more portable but inconsistent |
| Recommended | Yes | No, for most use cases |
PGP/MIME is the clear winner for modern setups. Thunderbird's OpenPGP implementation, which became native in version 78, works seamlessly with PGP/MIME but has dropped reliable support for PGP/Inline. If you use Inline, you risk rendering failures, broken attachments, and non-ASCII character corruption.
Deliverability factors you need to know
Forwarded emails face a unique deliverability challenge. When a message is forwarded, the sending IP changes, which can break SPF checks. Forwarding services handle this with:
- SRS (Sender Rewriting Scheme): Rewrites the envelope sender so SPF passes at the recipient's mail server.
- DKIM preservation: Some services preserve the original DKIM signature; others re-sign.
- ARC (Authenticated Received Chain): A newer standard that chains authentication results across hops, helping Gmail and other providers trust forwarded mail.
According to technical implementation documentation, forwarding services process messages in RAM with no disk storage, use SRS for deliverability, and maintain SPF/DKIM/DMARC compliance to avoid spam filters. Without these mechanisms, your encrypted forwarded emails could end up in junk folders, which defeats the purpose.
Pro Tip: Use one alias per service or context (one for newsletters, one for banking, one for work contacts). This limits exposure if any single alias is compromised and makes it easier to identify the source of a data leak.
Understanding potential security threats in email infrastructure also helps you evaluate whether a forwarding service's technical choices align with your threat model. Not all services implement ARC, for example, and that gap can affect both deliverability and trust chain integrity.
Security, privacy, and real-world risks
PGP email forwarding is a significant privacy upgrade. It is not a complete solution to every email security problem. Being clear-eyed about what it does and does not protect helps you make better decisions.
What PGP forwarding protects:
- Message body and attachments from interception at the forwarding layer
- Your real email address from senders and the forwarding service
- Message content from exposure in the event of a server breach
- Communications from passive surveillance at the infrastructure level
What PGP forwarding does not protect:
- Email metadata: sender address, recipient alias, subject line, timestamps, and IP headers are typically visible
- Social engineering attacks targeting you directly
- Compromised endpoints (if your device is infected, your private key may be at risk)
- Rule-based attacks where an attacker modifies forwarding rules rather than reading email content
The metadata exposure point is significant. Research on email forwarding risks shows that forwarding is frequently exploited in Business Email Compromise (BEC) attacks via manipulation of forwarding rules. Encryption mitigates content exposure, but metadata remains visible. An attacker who gains access to your alias account settings could redirect your forwarded emails without ever needing to break encryption.
"PGP adds an end-to-end encryption layer without requiring you to trust the forwarder. But it does not eliminate the need to secure the account that controls your forwarding rules."
Services that use RAM-only processing add an important layer of protection. As noted in ForwardEmail's service documentation, zero-knowledge processing means the forwarder never has persistent access to your plaintext. But general forwarding risks persist, and PGP's protection is specifically scoped to message content in transit and at rest on the forwarding server.
Your approach to analyzing potential threats should account for both the technical and operational dimensions. Securing your forwarding account with a strong password and two-factor authentication is just as important as configuring PGP correctly.
Why PGP email forwarding is powerful—but not a silver bullet
We have worked with privacy-conscious users across a wide range of threat models, and one pattern comes up consistently: people either overestimate or underestimate what PGP forwarding does. Both mistakes create real risk.
Overestimating leads to complacency. If you assume PGP forwarding makes your email fully private, you might skip account hygiene, ignore phishing risks, or neglect key rotation. That is a mistake. The encryption is only as strong as the operational security around it.
Underestimating leads to abandonment. Some users hear that metadata is still visible and conclude PGP forwarding is not worth the effort. That is also wrong. Protecting message content from the forwarding layer is a meaningful, concrete improvement over plaintext forwarding. For most real-world use cases, especially when combined with aliases, it raises the cost of surveillance significantly.
Our honest take: PGP email forwarding belongs in your privacy toolkit as one layer among several. Combine it with defense in depth strategies that include strong account authentication, phishing awareness, regular key rotation (at least annually), and alias segmentation. Treat each alias as potentially exposable over time. Segment your aliases by risk category: high-value accounts like banking and work get dedicated aliases; lower-stakes signups get disposable ones.
The goal is not perfect privacy, which does not exist. The goal is making surveillance, data harvesting, and unauthorized access meaningfully harder. PGP email forwarding, used correctly, does exactly that.
Get started with privacy-first PGP email forwarding
When you're ready to move from understanding to action, the right tools make the setup straightforward. Applying PGP email forwarding does not require deep cryptographic expertise. It requires choosing a service that supports it and following a clear configuration process.
At anon.li, we built PGP forwarding support directly into our alias system because we believe encrypted delivery should be a standard feature, not an add-on. You can set up an email alias with your PGP public key in minutes, and your forwarded messages will be encrypted before they ever reach your inbox. Our platform uses zero-knowledge architecture and client-side cryptography throughout, so we are never in a position to read your content. Review our full security features documentation to understand exactly how we handle your data, verify our practices, and deploy with confidence. Your privacy setup starts here.
Frequently asked questions
Can PGP email forwarding hide my real email address?
Yes. When you use aliases with PGP email forwarding, your real address stays private from both senders and the forwarding service, as established services encrypt to your key without ever exposing your actual inbox address.
What part of the email does PGP encrypt during forwarding?
PGP encrypts the message body and attachments, but headers like sender, recipient, and subject remain visible because SPF/DKIM/DMARC compliance requires header access for deliverability checks.
Is PGP email forwarding compatible with Gmail and Outlook?
It works with both, but requires manual decryption steps or browser extensions since neither client has native PGP support. PGP/MIME per RFC 3156 is the preferred format for modern client compatibility.
Can PGP email forwarding protect against all email threats?
No. PGP protects message content, but metadata and rule-based attacks like Business Email Compromise remain possible, so account security and operational hygiene are still essential.
How difficult is it to set up PGP email forwarding?
Most services make it simple: you generate a key pair, then upload your public key to the service's settings page. Ongoing management mainly involves protecting your private key and rotating keys periodically.