What is PGP?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

PGP (Pretty Good Privacy) is an encryption system that lets you send messages only the intended recipient can read. The sender uses the recipient's public key to encrypt the message, and only the recipient's private key can decrypt it. Created by Phil Zimmermann in 1991, PGP became famous when the US government investigated him for "illegally exporting" strong encryption (classified as a munition at the time). But Here's the thing most email senders miss: PGP is almost entirely irrelevant to modern email deliverability. It's not what mailbox providers check when deciding whether your email lands in the inbox. That's what SPF, DKIM, and DMARC are for.

PGP encrypts the content of your message so only the recipient can read it. Modern email authentication authenticates the sender so mailbox providers know the message actually came from you. Different jobs. If you're running a newsletter, sending marketing campaigns, or handling transactional emails, you don't need PGP. You need SPF, DKIM, and DMARC set up correctly.

PGP does have real uses, just not in typical email marketing or transactional workflows. It's for highly sensitive one-to-one communication (journalists protecting sources, activists in hostile regions, legal or medical exchanges where confidentiality matters). If that's not you, you can skip PGP entirely.

One more distinction worth knowing: PGP uses a "Web of Trust" model, where users vouch for each other's keys instead of relying on a central authority. S/MIME (the other major email encryption standard) uses centralized Certificate Authorities instead. Both encrypt message content. Neither affects whether your email lands in spam.

And if you're reading this because you think PGP might help your deliverability, the short answer is no. Check your authentication setup instead with our free SPF checker or DKIM lookup tool. If you're dealing with actual sensitive content that needs end-to-end encryption, that's a different conversation (and you probably already know you need PGP or S/MIME).

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Get personalized help with PGP vs. authentication

I read this on the Email Almanac about "What is PGP": "PGP encrypts message content so only the recipient can read it. It's not what affects deliverability. That's SPF, DKIM, and DMARC. PGP matters for highly sensitive one-to-one communication, not typical marketing or transactional email." Help me figure out what actually applies to my situation: 1. Do I need PGP, or am I confusing it with authentication? 2. What should I check to make sure my deliverability setup is right? 3. If I DO need message encryption, is PGP or S/MIME better for my case? 4. What are the authentication records I should verify? --- My details (the more you share, the better the advice): - Email platform/ESP: e.g. Mailchimp, SendGrid, Postmark, custom SMTP - What I'm sending: newsletter, transactional, sensitive legal/medical content - Current challenge: what made you look up PGP - Deliverability concerns: [spam folder issues, authentication errors, or content privacy needs]

Edit the yellow boxes, then send to the AI of your choice.