Google, Microsoft, and Yahoo are clearly not the most secure email providers. None of them encrypt your messages end-to-end, and none take your privacy very seriously. Some users are still surprised to learn that Google and others scan your emails for keywords to show more personalized ads.
What’s more, none of these three companies will object if your government decides to snoop on your inbox. And their history of data breaches is not that great either.
Luckily, there’s more than one alternative on the market. Today I present our Top 5 secure email providers that will protect your privacy. Each of these encrypts your messages so that neither they nor any third-party can decipher the content. Also, they all make money selling premium plans rather than ads or your data.
But how should one choose the best secure email service? Well, there’s personal preference, but I also have a list of criteria to meet, which I’ve described in detail below.
|Free version:||Yes, 500 MB storage|
Started in 2013 by CERN scientists in privacy-friendly Switzerland, ProtonMail became arguably the most popular and the best secure email provider.
This open-source service has a strict no-logs policy and uses end-to-end encryption. Users can even send encrypted messages to those who don’t use ProtonMail. All their servers are stored deep-down in a nuclear bunker, more than three thousand feet below the ground.
ProtonMail doesn’t have a desktop app and uses a web-based client that works on all popular browsers. It feels a bit clumsy and outdated after years with Gmail, but you can get used to it. When it comes to mobile, you can download apps for both Android and iOS.
The smartphone apps are way more user-friendly and modern. However, I didn’t like the fact that read messages are marked using a light grey background without bold text. As usual, mobile apps have fewer settings, but one we really liked was Combined Contacts, which lets you auto-complete email addresses from your other accounts.
The free version of ProtonMail is great. It allows 500 MB of storage and 150 messages per day. Even though the customer support will be limited, you still get the full security and privacy package. Upgrading to the Plus plan increases the storage to 5 GB, gives 5 email aliases, and your own domain support, among others. Finally, the $24/month Visionary plan comes with 20 GB, 50 email aliases, multi-user support, and ProtonVPN. Chances are it will include the upcoming ProtonDrive storage solution as well.
If you don’t see ProtonMail’s cons as a showstopper and are not afraid of having no backup in case you forget your password, this secure email is a great choice. It’s as safe and private as they come, and great features are added to the mix every day.
|Free version:||No, free 14-day trial|
Compared with some competitors, Hushmail’s secure email is a true veteran that dates back to 1999. It’s a new millennium now, but this provider is still going strong.
Hushmail uses PGP end-to-end encryption for email protection and SSL/TLS for the actual connection. There’s support for 2FA – you can choose between email, SMS, and app verification. Touch ID and Face ID are also available for iPhone users.
If the recipient doesn’t use Hushmail, you can still send him an encrypted message and even ask a security question, such as “When is my birthday?” And to further anonymize your communications, Hushmail will remove your IP address from the email headers.
When it comes to privacy, there are some concerns. First off, the home of Hushmail, Canada, is not a privacy-friendly country by any stretch of the imagination. What’s more, the company will store your activity records for 18 months. Having said that, your email content won’t be accessible because only you know the passphrase and there’s no way to retrieve it.
Hushmail is available as a web client from their website. You can also configure it to work on third-party clients, such as Thunderbird, Outlook, Android, iPhone, or Mac Mail. This service offers a number of customizable templates that you can use instead of regular text. At the moment of writing this article, Hushmail only has an iPhone app. However, the web app is clean and intuitive, just like the iOS version.
There is no free version available, but Hushmail has a 14-day free trial. While that’s better than nothing, it requires you to enter another email address and verify your new account with an SMS. If you decide to upgrade after two weeks, don’t forget that data is still there on Hushmail servers.
Hushmail prices start from $4.17/month annually and come with 10 GB of storage space, unlimited email aliases, dedicated customer support, and the iOS app. The Business plan is $5.99/month/user and allows you to retain your current email address, catch-all email, and administrative tools. Both options have a 60-day money-back guarantee.
|Free version:||Yes, 1 GB|
An open-source, end-to-end secure mail provider with more than two million clients. Let’s see why all of them chose Tutanota instead of other services. But we can already say that if it wasn’t available in GitHub under the GPL v3 license, those numbers would probably be smaller.
To start, Tutanota implements AES and RSA instead of PGP encryption. Both use the same algorithms, but the latter adds an extra security layer by combining symmetric and asymmetric keys. On the other hand, Tutanota also encrypts the names of a sender and receiver and also the subject line. Two-factor authentication is supported and users can choose from TOTP (authenticator apps) and U2F (YubiKey).
This secure email service is dead serious about privacy. IP addresses and emails are deleted from the heading metadata to protect you. There’s also a strict no-logs policy, but the fact that Germany is in the Fourteen Eyes intelligence alliance casts a shadow on Tutanta’s otherwise spotless reputation.
Tutanota has a web-based application in addition to Windows, macOS, iOS, and Android apps. They are ad-free and easy-to-use, including the encrypted Calendar. What’s more, you can easily synchronize between all of them.
The free version gives you 1 GB of storage, which is two times more than ProtonMail. It also comes with a calendar, one user, and no support. However, for a buck a month, you get custom domains, 5 aliases, and email support. Add a dollar more, and see your storage expand into 10 GB, which costs nearly two times less than for Hushmail subscribers.
Tutanota’s business plans mimic the non-business plans and add Pro for 8.5$/month with a custom domain login, logos, and contact forms. You can also buy extra storage (10 GB for ~$2.36/month), email aliases (20 for ~$1.18/month), and features such as white label. To sum up, Tutanota is cheap but can soon become expensive if you continue adding extra features.
|Free version:||7-day free trial|
Started in 2008, CounterMail may have kept the same website design but otherwise has traveled a long road to become one of the top secure email providers. And thanks to its security-first approach, it might just be the most secure of them all.
CounterMail uses PGP encryption, which is the industry standard. However, they walk not one but a few extra miles by implementing RAM-only servers that do not store anything. What’s more, CounterMail has robust man-in-the-middle (MITM) attack protection, adding AES and RSA algorithms next to the SSL layer. For 2FA, you can use either a USB key or a Time-based One-time Password algorithm (TOTP) with a third-party authenticator app.
Even though CounterMail probably beats even ProtonMail when it comes to keeping their users private, I must still point out that Sweden is a Fourteen Eyes country. Other than that, this provider does more for your security than the rest. For example, CounterMail offers an anonymous payment option and a Safebox that’s protected with a separate password and can be used as a mini password manager of sorts.
This secure email provider works as a web application and via third-party email apps, such as Android, iOS, and other IMAP/SMTP clients. The web app design is outdated (don’t try Light interface) but offers plenty of customization options.
CounterMail’s 7-day free trial should be enough to check out what it has to offer. However, you can only send and receive from secure email and VPN users, such as yourself. Also, the maximum attachment size is 3 MB, and you won’t be able to install CounterMail on third-party mailing apps. A two-year plan is $3.29/month and gives you 4 GB of storage, which you can extend by 1.75 GB for a one-time $89 fee.
|Free version:||Yes, 5 GB|
Our last entry, Zoho Mail is not that often found among the best secure email services. However, that has nothing to do with its quality – this provider is simply oriented towards business clients. But since it can be used by individuals as well, we are adding it to our Top 5.Zoho offers a number of IT solutions, including a password manager, so its Mail works best when you’re combining it with other products. Putting that aside, this service comes with secure data centers that can only be accessed with biometric authentication. Then there’s malware & spam protection, and end-to-end encryption (SSL, S/MIME, TLS).This secure email supports 2FA for extra account security. Users can go for Zoho’s authentication app, OTP, QR code, or Touch ID. You can also access your mailbox from other apps via OAuth 2.0.Zoho Mail works as a web application or an app for your smartphone. You can also configure it on other third-party mail clients. The design is intuitive and eye-pleasing, which is important if you’re planning to use your secure email on a daily basis.The free version has a huge 5 GB storage with a 25 MB attachment limit. Five users can share one account, but you can use the web application only, which effectively makes checking your mail on mobile a nuisance.However, for a dollar a month, you get the apps and other IMAP/POP clients, a ten times bigger attachment size, and multiple domains. Power users can take Mail Premium for $4/month to send 1 GB of attachments, store 50 GB, backup emails, and use whitelabeling. A 15-day free trial is also available.
The defining feature of a secure email is end-to-end encryption. It means that there's no way for the mail service or a third-party to decrypt your message – only the recipient can do that. On the contrary, any regular email provider like Google can read your emails (they are already scanning them for keywords!) and make them easier to get for hackers.
PGB and S/MIME are the most common choices for encryption. PGP combines both symmetric and asymmetric encryption while S/MIME uses certificates that must be signed either by a local or public certificate authority. Using a certificate ensures that you are the sender of the email and that nobody has tampered with it.
Due to the encryption, neither hackers nor the government can peek into your message or metadata, such as email addresses.
As noted above, transport-level encryption makes sure that your message travels through the web safely. However, it alone is not enough to ensure secure mail sending because the provider can see the unencrypted version once it arrives at their server. TLS is the successor of SSL, although the latter is still used. It's implemented on top of TCP (Transmission Control Protocol) to encrypt not only email (IMAP, SMTP) but also other protocols, such as HTTP or FTP. Unfortunately, it's still not used in all mail services. This might not be apparent for a regular user because, contrary to a web browser showing a green lock or similar symbol, there's no simple way to know when transport-level encryption is in place when using email.
End-to-end encryption ensures that neither your mail provider nor any other third-party can decrypt your message. Only you and the recipient have the necessary public and private keys for opening it.
End-to-end encryption works as follows:
You encrypt the message with your friend's public key – now it can be decrypted with your friend's private key only. Your encrypted message travels through servers until it reaches your friend. In turn, he or she uses the private key to decrypt your message.
PGP email encryption combines hashing, symmetric encryption, and public-key encryption without the need for users to exchange private keys. A secure mail service does everything behind the scenes, so you don't have to worry about the ins and outs.
Here's how PGP works:
After PGP generates a session key, the recipient's public key encrypts it. Now the sender sends this encrypted session key and the receiver decrypts it with his or her private key. Finally, the recipient uses the unencrypted session key to read the message.
If you've read this article, the pros of using a secure mail provider should be obvious to you. However, if you still have doubts, make sure to take a look at the following arguments before returning to Gmail:
Finally, always remember that your mail service is as secure as your chosen password. All end-to-end encryption and no-logs policies go through the roof if anyone can crack your password in a few minutes.
Gmail uses standard Transport Layer Security (TLS) encryption to protect the emails in transit. If you're sending an email to someone whose provider also supports TLS, your email's transition will be protected. However, once the email arrives in the mailbox, your email's contents will be visible to the provider.
Email is often used for sending confidential information, so its security is paramount. However, email as a method for sending messages hasn't evolved that much since its inception. It means that there are many ways how your email could be spoofed or read by nosy individuals.
No, you don't need to sign up for a service provider to encrypt your email. It's possible to do it manually. One of the most popular methods is PGP, but you'll need to ask everyone you're communicating with to set it up on their emails. It's much easier to use end-to-end encrypted email providers.
Every email that a hacker would send from your account would be something you sent. This could put your reputation at risk, especially if combined with money transfer requests. Your other online accounts rely on your email's security as well. So taking over your email account means taking over a significant portion of your online identity.
Although there are some obvious signs that your email was hacked, it's much harder to determine whether someone read your emails. Imagine that police expressed an interested in your communications. What's stopping them from asking your email provider for backdoor access to your message contents? The only way to make sure that the unintended readers don't read your emails is to use end-to-end encryption.