Privacy & Security

Is Email Metadata Encrypted? The Data That Talks Even When the Message Stays Sealed

5/3/2026

Is email metadata encrypted? For almost every email provider on the planet, the honest answer is no. The message body may be locked tight, but the sender, the subject line and the timestamps travel and sit in databases as plain text.

When people think about email privacy, they think about the content. The text, the attachments, the links. But email metadata, the “envelope” information around every message, is often more revealing than the content itself. At TempInbox.cloud we encrypt that layer too. Here is what metadata exposes, why most services leave it open, and how a zero-knowledge inbox closes the gap.

What Is Email Metadata?

Email metadata is the set of fields that exist outside the message body:

  • Sender address (the From field)
  • Subject line
  • Timestamps (when it was sent and received)
  • Routing headers (which servers handled it on the way)

None of this is “content”. And yet, look at what email metadata reveals:

  • From: [email protected] tells an observer where you bank.
  • Subject: Your appointment confirmation tells them you visited a clinic.
  • From: [email protected] tells them you are job hunting.

You can map out a person’s life from metadata alone. Security researchers have a saying: content tells you what was said, metadata tells you who you are.

Are Email Subject Lines Encrypted? Usually Not, Even by “Encrypted” Providers

Here is the part most people miss. Even well-known encrypted email services do not end-to-end encrypt subject lines. The PGP standard treats the subject as a header, not content, so it stays readable to keep different mail systems compatible. Your provider, your ISP and anyone with access to the server can read every subject line in your mailbox.

Most disposable email services are worse: they store everything in plain text, body included. We covered the risks of that model in our guide on whether temp mail is safe. But even the better services that encrypt the message body usually keep the metadata readable.

Why? Because it is convenient. The server needs to show you a list of messages: sender, subject, time. The easy way to build that list is to keep those fields unencrypted in the database.

The result: the provider cannot read your emails, but it still knows who writes to you and what about. That is not zero-knowledge. That is half-knowledge.

Advertisement
NordVPN ad

How TempInbox.cloud Encrypts Email Metadata

We treat the sender and the subject with the same care as the message body. Here is the technical breakdown:

  1. When an email arrives, our server splits it into two parts: the metadata (from, subject) and the body.
  2. Each part is encrypted separately with AES-256-GCM, using a key derived from your public X25519 key. Each part gets its own independent nonce.
  3. Both encrypted blobs are stored in the database. The server keeps no plain-text copy of either.
  4. Your browser downloads the blobs and decrypts them locally with your private key, which never left your device.

If someone gained access to our database, they would see two pieces of random noise per message. No sender. No subject. No content. Just ciphertext and a delivery timestamp.

Why Encrypt Metadata and Body Separately?

Separate encryption lets your browser decrypt only what it needs. The inbox list view needs the sender and subject, not the full body. Your device decrypts the small metadata blob to render the list, and decrypts the body only when you open the message. The privacy stays absolute and the inbox stays fast. This split is one stop in the full journey every message takes through our zero-knowledge pipeline.

What Email Metadata We Still Cannot Hide

Honesty is part of our engineering culture, so let’s be clear about the limits:

  • Arrival time. We need a timestamp to know when to delete expired messages.
  • Message size. Ciphertext length roughly matches the original size.
  • The mailbox address itself. The receiving server has to know which inbox the mail belongs to, otherwise delivery is impossible.

This is the minimum any email system needs to function. Everything above that minimum is encrypted before it touches our disk.

FAQ: Email Metadata and Privacy

Is email metadata encrypted by Gmail or Outlook?

No. Big providers encrypt the connection (TLS) and the disks, but they themselves can read every sender, subject and body in your account. That access is what powers ad profiling and “smart” features.

Can email metadata be traced back to me?

It can. Sender patterns, timestamps and subjects are enough to build a profile of your habits, contacts and services. That is why minimizing stored metadata matters as much as encrypting content.

Does encrypting the email body protect my privacy?

Only partially. Body encryption without metadata encryption is like shredding a letter but keeping the envelope. The address, the sender and the stamp still tell the whole story.

How do I keep my subject lines private?

Use a service that encrypts metadata client-side, so the server never stores it readable. That is exactly how TempInbox.cloud works: subjects and senders are sealed with the same zero-knowledge encryption as the body.

The Takeaway

Most email privacy fails not at the content level but at the metadata level. If you want to understand the cryptography behind our approach in more depth, read our post on end-to-end encryption. And if you just want an inbox where even the subject lines are sealed, TempInbox.cloud is one click away. No account, no tracking, no readable metadata.

Recommended Articles