Google, Microsoft, and Yahoo are clearly not the most secure email providers. None of them encrypt your messages end-to-end, and none take your privacy very seriously. Some users are still surprised to learn that Google and others scan your emails for keywords to show more personalized ads.
What’s more, none of these three companies will object if your government decides to snoop on your inbox. And their history of data breaches is not that great either.
Luckily, there’s more than one alternative on the market. Today I present our top 10 secure email providers that will protect your privacy. Each of these secure email services encrypt your messages so that neither they nor any third-party can decipher the content. Also, they all make money selling premium plans rather than ads or your data.
But how should one choose the best secure email service? Well, there’s personal preference, but I also have a list of criteria to meet, which I’ve described in detail below.
The best encrypted email services have security features like end-to-end encryption, 2FA, and a reputation that doesn’t include serious security vulnerabilities or breaches.
Even though most of these services offer free versions, they are a bit lacking. The premium plans add important features like much more storage and priority customer support. Check out the descriptions of every secure email service to find out, which one fits your needs the best.
|Free version:||Yes, 500 MB storage|
Started in 2013 by CERN scientists in privacy-friendly Switzerland, ProtonMail became arguably the most popular and the best secure email provider.
This open-source service has a strict no-logs policy and uses end-to-end encryption. Users can even send encrypted messages to those who don’t use ProtonMail. All their servers are stored deep-down in a nuclear bunker, more than three thousand feet below the ground.
ProtonMail doesn’t have a desktop app and uses a web-based client that works on all popular browsers. It feels a bit clumsy and outdated after years with Gmail, but you can get used to it. When it comes to mobile, you can download apps for both Android and iOS.
The smartphone applications are way more user-friendly and modern. As usual, mobile apps have fewer settings, but one we really liked was Combined Contacts, which lets you auto-complete email addresses from your other accounts.
The Plus plan of ProtonMail allows you 5 GB of storage and gives 5 email aliases together with your own domain support, among other things. In the meantime, the $24/month Visionary plan comes with 20 GB, 50 email aliases, multi-user support, and ProtonVPN. Chances are it will include the upcoming ProtonDrive storage solution as well.
There’s also a free version but it allows you only 500 MB of storage and 150 messages per day. Also, customer support will be limited.
If you don’t see ProtonMail’s cons as a showstopper and are not afraid of having no backup in case you forget your password, this secure email is a great choice. It’s as safe and private as they come, and great features are added to the mix every day.
|Free version:||Yes, 1 GB|
|Platforms:||Windows, macOS, iOS, Android|
An open-source, end-to-end secure mail provider with more than two million clients. Let’s see why all of them chose Tutanota instead of other services. But we can already say that if it wasn’t available in GitHub under the GPL v3 license, those numbers would probably be smaller.
To start, Tutanota implements AES and RSA instead of PGP encryption. Both use the same algorithms, but the latter adds an extra security layer by combining symmetric and asymmetric keys. On the other hand, Tutanota also encrypts the names of a sender and receiver and also the subject line. Two-factor authentication is supported and users can choose from TOTP (authenticator apps) and U2F (YubiKey).
This secure email service is dead serious about privacy. IP addresses and emails are deleted from the heading metadata to protect you. There’s also a strict no-logs policy, but the fact that Germany is in the Fourteen Eyes intelligence alliance casts a shadow on Tutanta’s otherwise spotless reputation.
Tutanota has a web-based application in addition to Windows, macOS, iOS, and Android apps. They are ad-free and easy-to-use, including the encrypted Calendar. What’s more, you can easily synchronize between all of them.
For a buck a month, you get custom domains, 1 GB of storage, 5 aliases, and email support. Add a dollar more, and see your storage expand into 10 GB, which costs nearly two times less than for Hushmail subscribers.
Tutanota’s business plans mimic the non-business plans and add Pro for 8.5$/month with a custom domain login, logos, and contact forms. You can also buy extra storage (10 GB for ~$2.36/month), email aliases (20 for ~$1.18/month), and features such as white label. To sum up, Tutanota is cheap but can soon become expensive if you continue adding extra features.
You can also try out the free version with 1 GB of storage, a calendar, and one user. However, it won’t have any customer support options.
|Free version:||Yes, 5 GB|
Zoho Mail is not that often found among the best secure email services. However, that has nothing to do with its quality – this provider is simply preferred by business clients. However, it’s great for individuals as well, so we are adding it to the list.
Zoho offers a number of IT solutions, including a password manager, so its Mail works best when you’re combining it with other products. Putting that aside, this service comes with secure data centers that can only be accessed with biometric authentication. Then there’s malware & spam protection, and end-to-end encryption (SSL, S/MIME, TLS).
This secure email supports 2FA for extra account security. Users can go for Zoho’s authentication app, OTP, QR code, or Touch ID. You can also access your mailbox from other apps via OAuth 2.0. Zoho Mail works as a web application or an app for your smartphone. You can also configure it on other third-party mail clients. The design is intuitive and eye-pleasing, which is important if you’re planning to use your secure email on a daily basis.
For a dollar a month, you get the apps and other IMAP/POP clients, 250 MB attachment size, and multiple domains. Power users can take Mail Premium for $4/month to send 1 GB of attachments, store 50 GB, backup emails, and use whitelabeling. A 15-day free trial is also available.
You might check out Zoho’s free version, too. However, even though it offers 5 GB of storage, its attachment size is ten times smaller than what you get with the cheapest plan. Also, you can use the web application only, which makes checking your mail on mobile a nuisance.
However, for a dollar a month, you get the apps and other IMAP/POP clients, a ten times bigger attachment size, and multiple domains. Power users can take Mail Premium for $4/month to send 1 GB of attachments, store 50 GB, backup emails, and use whitelabeling. A 15-day free trial is also available.
Thexyz is a little known private email service that is based in Canada. They're boasting that since the launch at approximately 40K accounts were created. Considering that's during the span of 13 years, the numbers aren't colossal, but it doesn't mean that it's a bad service.
On the contrary, it could be one of the safest alternatives if you're looking for a private mailbox. Their service is ad-free and is highly focused on keeping your emails secure. They have many filters in place to limit the spam that you get. In fact, if you go to their website, it shows a chart of how many threats are blocked by sender monitoring and analysis systems like Cloudmark or Message Sniffer. The same chart also shares that they have their proprietary filters that impact reducing the overall amount of spam messages.
One of the causes of concern is that being a Canadian service, they mainly use US-based data centers. Still, there are several in Europe as well. Their website lists the main locations like Chicago, Montreal, London, and Sydney. So, Five Eye's presence is unavoidable. If you're very privacy-minded, you should take note.Having that said, there are quite a few security measures that counterbalance its location drawbacks. For example, each email supports all encrypted ports for email exchanges, and every sent email won't display your IP address If you want even more security, it supports IMAP, POP, and even OpenPGP public key end-to-end encryption, which you can configure using addons like Mailvelope. While in transit, the only protection measures used are SSL/TLS to make sure that no one alters on intercepts the email contents. Also, the login can be further protected using two-factor authentication.
Suppose you want to try the service but don't want to deal with the tedious data moving across two separate mailboxes. In that case, there's an easy migration tool. It works with Office 365, Gmail , and more. Plus, it also applies not only to the messages you send but also to calendars, contacts, and notes. So, it's a fully-fledged email service with many useful options that can be useful even in a business setting.The major caveat is that the service is paid-only, and there's no free version. It has 25GB of total storage and a 50 MB cap for attachments. The prices start from $2.95.month, but depending on your needs, you can opt-in with more expensive plans that add even more.
|Free version:||7-day free trial|
Started in 2008, CounterMail may have kept the same website design but otherwise has traveled a long road to become one of the top secure email providers. And thanks to its security-first approach, it might just be the most secure of them all.
CounterMail uses PGP encryption, which is the industry standard. However, they walk not one but a few extra miles by implementing RAM-only servers that do not store anything. What’s more, CounterMail has robust man-in-the-middle (MITM) attack protection, adding AES and RSA algorithms next to the SSL layer. For 2FA, you can use either a USB key or a Time-based One-time Password algorithm (TOTP) with a third-party authenticator app.
Even though CounterMail probably beats even ProtonMail when it comes to keeping their users private, I must still point out that Sweden is a Fourteen Eyes country. Other than that, this provider does more for your security than the rest. For example, CounterMail offers an anonymous payment option and a Safebox that’s protected with a separate password and can be used as a mini password manager of sorts.
This secure email provider works as a web application and via third-party email apps, such as Android, iOS, and other IMAP/SMTP clients. The web app design is outdated (don’t try Light interface) but offers plenty of customization options.
CounterMail’s 7-day free trial should be enough to check out what it has to offer. However, you can only send and receive from secure email and VPN users, such as yourself. Also, the maximum attachment size is 3 MB, and you won’t be able to install CounterMail on third-party mailing apps. A two-year plan is $3.29/month and gives you 4 GB of storage, which you can extend by 1.75 GB for a one-time $89 fee.
Posteo is a secure email service provider based in Germany and focused on both businesses and individuals.
They have several methods to protect your emails while they're in transition: TLS with Perfect Forward Secrecy, HTTP Strict Transport Security HSTS, SSH , and more. Encryption isn’t enabled by default, but it’s easy to set up using the additional Mailvelope app. It's open-source, so you're not trusting your data to an unverified source. Plus, with it, you can add PGP , which is the best method to make your emails secure (provided both parties are using it).
There are also features that other secure email providers could be jealous of. For example, they have support for POP, SMTP, and IMAP protocols. So, you can retrieve the emails from your inbox through an app that you're the most comfortable with. For additional safety, you can even encrypt your mailbox, but if you lose the password, not even customer support can recover your data. These aren’t empty promises - Posteo has been audited by Cure53, a respected cybersecurity company.
The major downside is that Posteo currently doesn't have any desktop or mobile apps. This means you'll have to use the web client. This might be problematic because some mobile web browsers tend to crop the window, so it might not be easy to read your emails, depending on your mobile device's screen size. In addition, customer support doesn't have a live chat or ticket system, so you can be left waiting for a while until help arrives.
Although there's no free version, with some minor customization and a small monthly fee, you can get one of the most secure email services in the market.
Mailbox.org is another secure email provider that's based in Germany. The company is privately-funded, which protects it from outside influences and ensures you remain the client - not the product.
Mailbox respects your privacy from the very start. The service will ask for your recovery email or phone number only after you create your account. Even then, it's not mandatory to provide this data.
This email will let you send messages normally or in an encrypted form. Still, the latter will take some time to set up properly. It's well worth it, because Mailbox uses full PGP encryption. Even when you're sending emails regularly, your emails are protected with SSL/TLS with Perfect Forward Secrecy. You can customize your mailbox to prevent you from sending messages to recipients with insecure mail services. Mailbox.org is fully compatible with Mailvelope. It's useful if you want to store your encryption keys locally for added protection.
The developers have put a lot of work into the service to make it a complete suite. With your email, you can get cloud-based file storage and a text editor. It's as if they're trying to replicate the Google suite step-by-step. So, suppose you're looking for a safe email service with additional benefits. In that case, Mailbox.org is one of the services that you should consider.
If Startmail sounds unfamiliar, perhaps you’ve heard of their other project: startpage.com. It's a search engine that doesn't track any of your data. Essentially, Startmail takes the same core values and applies them here.
In practice, this means Startmail is one of the most secure email services. It fully integrates PGP, so you can safely communicate with other users who have PGP set up. The caveat is that PGP is only implemented server-side, meaning this isn't a true end-to-end setup that you'll hear other providers bragging about. It's also possible to add two-factor authentication to ensure that your email would remain impenetrable even if someone found out your password.
The significant upside is that it effectively integrates burner emails into its mode of operation. You can quickly and easily add additional aliases, for example, when you're registering somewhere and need a quick throwaway address. It also works perfectly when you're creating an email for the sole purpose of selling something on Craigslist.
Unfortunately, Startmail doesn’t have any mobile apps to make your experience better. However, there's IMAP and SMTP support, so you'll be able to grab your emails through your usual service. Although this mailbox is paid-only, you do get a 30-day trial with a five email a day limit and 10 GB of encrypted cloud storage.
Unlike most of the competitors, Runbox is based in Norway. This isn't a privacy haven like, for example, Panama, but it has adequate privacy laws, so your data should be safe. But do keep in mind that Norway isn't beyond the reach of the so-called 14-Eyes intelligence alliance, so it might be something of a concern with this service.
However, as an email service, Runbox has quite a few good qualities. It includes TLS/SSL with an added support for SMTP, POP, and IMAP, and it strips the IP address from outgoing emails. In addition, you don’t need to give any personal details when creating your account, which is a big plus. Finally, Runbox lets you use two-factor authentication and IP address whitelisting for restricting access to your mailbox even more.
Security aside, the privacy-first promise holds up as well. Their website and email after login displays no ads and runs no invasive scripts. You can use the service and feel safe, which is something that you shouldn't take for granted, especially in this day and age. It's a perfect replacement for Fastmail users as this service is quite similar.
Mailfence is a Belgian take on secure email. However, encryption measures are treated like an optional feature rather than something that every user must-have. So, by design, this service is intended for people who are looking for convenience first, and then safety.
The features are decidedly “not great, not terrible.” It supports OpenPGP encryption, which is more than can be said about some of the more popular email service providers. It's even possible to use RSA or ECC encryption which should be enough in most cases. Your emails can even be digitally signed, meaning that if you need to be sure about the sender's identity, there's a way to verify. There's also two-factor authentication support.
Regular users will also appreciate the versatility of the service. It integrates a calendar, document storage, and user groups. With a free account, the cap will be 500 MB for either of them, but you can bypass the paid version limits. However, even as a free user, you get customer support options. That's a rare sight.
You should be aware that this service logs your IP address along with some minor logging that can't be disabled. There's also the caveat that it's partly open-source, so you cannot be too sure what's going on under the hood. However, if you're transitioning from an unsafe email service but don't want to go in too deep with encryption, this service is a solid alternative.
Not all secure email services are actually safe and private. There are plenty of free ones that might do more harm than good. Therefore, when searching for the most secure email service, see that it matches all or most of the following criteria:
Other features are mostly optional and depend on your personal needs.
The defining feature of a secure email is end-to-end encryption. It means that there's no way for the mail service or a third-party to decrypt your message – only the recipient can do that. On the contrary, any regular email provider like Google can read your emails (they are already scanning them for keywords!) and make them easier to get for hackers.
PGB and S/MIME are the most common choices for encryption. PGP combines both symmetric and asymmetric encryption while S/MIME uses certificates that must be signed either by a local or public certificate authority. Using a certificate ensures that you are the sender of the email and that nobody has tampered with it.
Due to the encryption, neither hackers nor the government can peek into your message or metadata, such as email addresses.
As noted above, transport-level encryption makes sure that your message travels through the web safely. However, it alone is not enough to ensure secure mail sending because the provider can see the unencrypted version once it arrives at their server. TLS is the successor of SSL, although the latter is still used. It's implemented on top of TCP (Transmission Control Protocol) to encrypt not only email (IMAP, SMTP) but also other protocols, such as HTTP or FTP. Unfortunately, it's still not used in all mail services. This might not be apparent for a regular user because, contrary to a web browser showing a green lock or similar symbol, there's no simple way to know when transport-level encryption is in place when using email.
End-to-end encryption ensures that neither your mail provider nor any other third-party can decrypt your message. Only you and the recipient have the necessary public and private keys for opening it.
End-to-end encryption works as follows:
You encrypt the message with your friend's public key – now it can be decrypted with your friend's private key only. Your encrypted message travels through servers until it reaches your friend. In turn, he or she uses the private key to decrypt your message.
PGP email encryption combines hashing, symmetric encryption, and public-key encryption without the need for users to exchange private keys. A secure mail service does everything behind the scenes, so you don't have to worry about the ins and outs.
Here's how PGP works:
After PGP generates a session key, the recipient's public key encrypts it. Now the sender sends this encrypted session key and the receiver decrypts it with his or her private key. Finally, the recipient uses the unencrypted session key to read the message.
If you've read this article, the pros of using a secure mail provider should be obvious to you. However, if you still have doubts, make sure to take a look at the following arguments before returning to Gmail:
Finally, always remember that your mail service is as secure as your chosen password. All end-to-end encryption and no-logs policies go through the roof if anyone can crack your password in a few minutes.
Gmail uses standard Transport Layer Security (TLS) encryption to protect the emails in transit. If you're sending an email to someone whose provider also supports TLS, your email's transition will be protected. However, once the email arrives in the mailbox, your email's contents will be visible to the provider.
Email is often used for sending confidential information, so its security is paramount. However, email as a method for sending messages hasn't evolved that much since its inception. It means that there are many ways how your email could be spoofed or read by nosy individuals.
No, you don't need to sign up for a service provider to encrypt your email. It's possible to do it manually. One of the most popular methods is PGP, but you'll need to ask everyone you're communicating with to set it up on their emails. It's much easier to use end-to-end encrypted email providers.
Every email that a hacker would send from your account would be something you sent. This could put your reputation at risk, especially if combined with money transfer requests. Your other online accounts rely on your email's security as well. So taking over your email account means taking over a significant portion of your online identity.
Although there are some obvious signs that your email was hacked, it's much harder to determine whether someone read your emails. Imagine that police expressed an interested in your communications. What's stopping them from asking your email provider for backdoor access to your message contents? The only way to make sure that the unintended readers don't read your emails is to use end-to-end encryption.