Secure email providers to protect your privacy in 2020

Best secure email providers

Google, Microsoft, and Yahoo are clearly not the most secure email providers. None of them encrypt your messages end-to-end, and none take your privacy very seriously. Some users are still surprised to learn that Google and others scan your emails for keywords to show more personalized ads.

What’s more, none of these three companies will object if your government decides to snoop on your inbox. And their history of data breaches is not that great either.

Luckily, there’s more than one alternative on the market. Today I present our Top 5 secure email providers that will protect your privacy. Each of these encrypts your messages so that neither they nor any third-party can decipher the content. Also, they all make money selling premium plans rather than ads or your data.

But how should one choose the best secure email service? Well, there’s personal preference, but I also have a list of criteria to meet, which I’ve described in detail below.

Table of Contents

The most secure email providers of 2020:

  1. Protonmail - Best ratio between price and privacy
  2. Hushmail - Excellent for small businesses
  3. Tutanota - Best free version
  4. CounterMail - Strongest security features
  5. Zoho Mail - Part of the best B2B security product suite

Top 5 secure email services in 2020

The best encrypted email services have security features like end to end encryption, 2FA, and a reputation that doesn’t include serious security vulnerabilities or breaches. Most have a free version powerful enough for a majority of users. Additionally, there are premium plans that add features like priority customer support. We always recommend checking the free version first to see if you need the premium account at all.

1. ProtonMail - best ratio between price and privacy

Protonmail interface in smart devices
Free version:Yes, 500 MB storage
Price:$4/month
Storage:5–20 GB
Location:Switzerland

Started in 2013 by CERN scientists in privacy-friendly Switzerland, ProtonMail became arguably the most popular and the best secure email provider.

This open-source service has a strict no-logs policy and uses end-to-end encryption. Users can even send encrypted messages to those who don’t use ProtonMail. All their servers are stored deep-down in a nuclear bunker, more than three thousand feet below the ground.

ProtonMail doesn’t have a desktop app and uses a web-based client that works on all popular browsers. It feels a bit clumsy and outdated after years with Gmail, but you can get used to it. When it comes to mobile, you can download apps for both Android and iOS.

The smartphone apps are way more user-friendly and modern. However, I didn’t like the fact that read messages are marked using a light grey background without bold text. As usual, mobile apps have fewer settings, but one we really liked was Combined Contacts, which lets you auto-complete email addresses from your other accounts.

The free version of ProtonMail is great. It allows 500 MB of storage and 150 messages per day. Even though the customer support will be limited, you still get the full security and privacy package. Upgrading to the Plus plan increases the storage to 5 GB, gives 5 email aliases, and your own domain support, among others. Finally, the $24/month Visionary plan comes with 20 GB, 50 email aliases, multi-user support, and ProtonVPN. Chances are it will include the upcoming ProtonDrive storage solution as well.

If you don’t see ProtonMail’s cons as a showstopper and are not afraid of having no backup in case you forget your password, this secure email is a great choice. It’s as safe and private as they come, and great features are added to the mix every day.

Pros

  • No-logs policy
  • Encrypted messages to anyone
  • CSV contact import
  • Self-destructing emails
  • Over 20 account languages

Cons

  • Visionary plan is expensive
  • Web client feels outdated
  • POP3 not supported

2. Hushmail - excellent for small businesses

Hushmail interface in smart devices
Free version:No, free 14-day trial
Price:$4.17/month
Storage:10 GB
Location:Canada

Compared with some competitors, Hushmail’s secure email is a true veteran that dates back to 1999. It’s a new millennium now, but this provider is still going strong.

Hushmail uses PGP end-to-end encryption for email protection and SSL/TLS for the actual connection. There’s support for 2FA – you can choose between email, SMS, and app verification. Touch ID and Face ID are also available for iPhone users.

If the recipient doesn’t use Hushmail, you can still send him an encrypted message and even ask a security question, such as “When is my birthday?” And to further anonymize your communications, Hushmail will remove your IP address from the email headers.

When it comes to privacy, there are some concerns. First off, the home of Hushmail, Canada, is not a privacy-friendly country by any stretch of the imagination. What’s more, the company will store your activity records for 18 months. Having said that, your email content won’t be accessible because only you know the passphrase and there’s no way to retrieve it.

Hushmail is available as a web client from their website. You can also configure it to work on third-party clients, such as Thunderbird, Outlook, Android, iPhone, or Mac Mail. This service offers a number of customizable templates that you can use instead of regular text. At the moment of writing this article, Hushmail only has an iPhone app. However, the web app is clean and intuitive, just like the iOS version.

There is no free version available, but Hushmail has a 14-day free trial. While that’s better than nothing, it requires you to enter another email address and verify your new account with an SMS. If you decide to upgrade after two weeks, don’t forget that data is still there on Hushmail servers.

Hushmail prices start from $4.17/month annually and come with 10 GB of storage space, unlimited email aliases, dedicated customer support, and the iOS app. The Business plan is $5.99/month/user and allows you to retain your current email address, catch-all email, and administrative tools. Both options have a 60-day money-back guarantee.

Pros

  • Supports Touch ID
  • IMAP/POP3
  • Spam filter
  • User-friendly
  • Encrypted messages to anyone
  • CSV contact import

Cons

  • Five Eyes country
  • No Android app
  • No free version

3. Tutanota - best free version

Tutanota interface in smart devices
Free version:Yes, 1 GB
Price:~$1.18/month
Storage:1–10 GB
Location:Germany

An open-sourceend-to-end secure mail provider with more than two million clients. Let’s see why all of them chose Tutanota instead of other services. But we can already say that if it wasn’t available in GitHub under the GPL v3 license, those numbers would probably be smaller.

To start, Tutanota implements AES and RSA instead of PGP encryption. Both use the same algorithms, but the latter adds an extra security layer by combining symmetric and asymmetric keys. On the other hand, Tutanota also encrypts the names of a sender and receiver and also the subject line. Two-factor authentication is supported and users can choose from TOTP (authenticator apps) and U2F (YubiKey).

This secure email service is dead serious about privacy. IP addresses and emails are deleted from the heading metadata to protect you. There’s also a strict no-logs policy, but the fact that Germany is in the Fourteen Eyes intelligence alliance casts a shadow on Tutanta’s otherwise spotless reputation.

Tutanota has a web-based application in addition to Windows, macOS, iOS, and Android apps. They are ad-free and easy-to-use, including the encrypted Calendar. What’s more, you can easily synchronize between all of them.

The free version gives you 1 GB of storage, which is two times more than ProtonMail. It also comes with a calendar, one user, and no support. However, for a buck a month, you get custom domains, 5 aliases, and email support. Add a dollar more, and see your storage expand into 10 GB, which costs nearly two times less than for Hushmail subscribers.

Tutanota’s business plans mimic the non-business plans and add Pro for 8.5$/month with a custom domain login, logos, and contact forms. You can also buy extra storage (10 GB for ~$2.36/month), email aliases (20 for ~$1.18/month), and features such as white label. To sum up, Tutanota is cheap but can soon become expensive if you continue adding extra features.

Pros

  • Cheap
  • No-logs policy
  • Spam filter
  • 20+ supported languages
  • Encrypted calendar

Cons

  • Fourteen Eyes country
  • No support for PGP and IMAP
  • Expensive extra storage

4. CounterMail - strongest security features

Countermail interface in smart devices
Free version:7-day free trial
Price:$3.29/month
Storage:4 GB
Location:Sweden

Started in 2008, CounterMail may have kept the same website design but otherwise has traveled a long road to become one of the top secure email providers. And thanks to its security-first approach, it might just be the most secure of them all.

CounterMail uses PGP encryption, which is the industry standard. However, they walk not one but a few extra miles by implementing RAM-only servers that do not store anything. What’s more, CounterMail has robust man-in-the-middle (MITM) attack protection, adding AES and RSA algorithms next to the SSL layer. For 2FA, you can use either a USB key or a Time-based One-time Password algorithm (TOTP) with a third-party authenticator app.

Even though CounterMail probably beats even ProtonMail when it comes to keeping their users private, I must still point out that Sweden is a Fourteen Eyes country. Other than that, this provider does more for your security than the rest. For example, CounterMail offers an anonymous payment option and a Safebox that’s protected with a separate password and can be used as a mini password manager of sorts.

This secure email provider works as a web application and via third-party email apps, such as Android, iOS, and other IMAP/SMTP clients. The web app design is outdated (don’t try Light interface) but offers plenty of customization options.

CounterMail’s 7-day free trial should be enough to check out what it has to offer. However, you can only send and receive from secure email and VPN users, such as yourself. Also, the maximum attachment size is 3 MB, and you won’t be able to install CounterMail on third-party mailing apps. A two-year plan is $3.29/month and gives you 4 GB of storage, which you can extend by 1.75 GB for a one-time $89 fee.

Pros

  • Anonymous payment
  • Security-first
  • RAM-only servers
  • MITM-attack protection
  • Safebox storage

Cons

  • Fourteen Eyes country
  • Limited and expensive storage space
  • No POP3 support
  • No free version

5. Zoho Mail - part of the best B2B security product suite

Zoho Mail interface in smart devices
Free version:Yes, 5 GB
Price:$1/month
Storage:5 GB
Location:India

Our last entry, Zoho Mail is not that often found among the best secure email services. However, that has nothing to do with its quality – this provider is simply oriented towards business clients. But since it can be used by individuals as well, we are adding it to our Top 5.

Zoho offers a number of IT solutions, including a password manager, so its Mail works best when you’re combining it with other products. Putting that aside, this service comes with secure data centers that can only be accessed with biometric authentication. Then there’s malware & spam protection, and end-to-end encryption (SSL, S/MIME, TLS).

This secure email supports 2FA for extra account security. Users can go for Zoho’s authentication app, OTP, QR code, or Touch ID. You can also access your mailbox from other apps via OAuth 2.0.

Zoho Mail works as a web application or an app for your smartphone. You can also configure it on other third-party mail clients. The design is intuitive and eye-pleasing, which is important if you’re planning to use your secure email on a daily basis.

The free version has a huge 5 GB storage with a 25 MB attachment limit. Five users can share one account, but you can use the web application only, which effectively makes checking your mail on mobile a nuisance.

However, for a dollar a month, you get the apps and other IMAP/POP clients, a ten times bigger attachment size, and multiple domains. Power users can take Mail Premium for $4/month to send 1 GB of attachments, store 50 GB, backup emails, and use whitelabeling. A 15-day free trial is also available.

Pros

  • Sleek design
  • POP/IMAP import
  • Generous free version
  • Physically secure servers
  • Malware protection

Cons

  • Aimed at B2B clients
  • Some data centers are in the US and China

Features to look for in your secure email service

Not all secure email services are actually safe and private. There are plenty of free ones that might do more harm than good. Therefore, when searching for the most secure email service, see that it matches all or most of the following criteria:
  • End-to-end encryption. Without it, no email provider can call themselves secure. If you’re using a regular service, your letter is encrypted only until it reaches Gmail or Hotmail. When end-to-end encryption is used, only the sender and the recipient can read the message. The so-called Pretty Good Privacy, or PGP in short, is the most common end-to-end encryption for secure emails.
  • Two-factor authentication (2FA). It gives you extra security and saves your account in case someone learns your password. By adding something that you have, like a smartphone, you make it much harder to break into your email. There are many 2FA options, ranging from SMS to authentication apps by Google and others.
  • Stripping metadata headers. Each email contains metadata about you, such as your web browser, device, and even the recipient. Secure email services strip out header metadata for the sake of the sender’s and receiver’s privacy.
  • Server location. Not all countries are privacy-friendly. Some have data-retention laws that require to store your personal data for a certain period. The US, UK, Canada, and Australia are members of the Five Eyes intelligence network. They share signals intelligence data and are among the worst places to register a secure email provider.
Other features are mostly optional and depend on your personal needs.

How does secure email work?

The defining feature of a secure email is end-to-end encryption. It means that there's no way for the mail service or a third-party to decrypt your message – only the recipient can do that. On the contrary, any regular email provider like Google can read your emails (they are already scanning them for keywords!) and make them easier to get for hackers.

PGB and S/MIME are the most common choices for encryption. PGP combines both symmetric and asymmetric encryption while S/MIME uses certificates that must be signed either by a local or public certificate authority. Using a certificate ensures that you are the sender of the email and that nobody has tampered with it.

Due to the encryption, neither hackers nor the government can peek into your message or metadata, such as email addresses.

Transport-level encryption

As noted above, transport-level encryption makes sure that your message travels through the web safely. However, it alone is not enough to ensure secure mail sending because the provider can see the unencrypted version once it arrives at their server. TLS is the successor of SSL, although the latter is still used. It's implemented on top of TCP (Transmission Control Protocol) to encrypt not only email (IMAP, SMTP) but also other protocols, such as HTTP or FTP. Unfortunately, it's still not used in all mail services. This might not be apparent for a regular user because, contrary to a web browser showing a green lock or similar symbol, there's no simple way to know when transport-level encryption is in place when using email.

End-to-end encryption

End-to-end encryption ensures that neither your mail provider nor any other third-party can decrypt your message. Only you and the recipient have the necessary public and private keys for opening it.

End-to-end encryption works as follows:

You encrypt the message with your friend's public key – now it can be decrypted with your friend's private key only. Your encrypted message travels through servers until it reaches your friend. In turn, he or she uses the private key to decrypt your message.

PGP (Pretty Good Privacy) email encryption

PGP email encryption combines hashing, symmetric encryption, and public-key encryption without the need for users to exchange private keys. A secure mail service does everything behind the scenes, so you don't have to worry about the ins and outs.

Here's how PGP works:

After PGP generates a session key, the recipient's public key encrypts it. Now the sender sends this encrypted session key and the receiver decrypts it with his or her private key. Finally, the recipient uses the unencrypted session key to read the message.

Why use a secure email service?

If you've read this article, the pros of using a secure mail provider should be obvious to you. However, if you still have doubts, make sure to take a look at the following arguments before returning to Gmail:

  • Protect your messages. Gmail, Hotmail, and other mainstream services don't encrypt your messages after they reach their servers. This means they can read them and make it easier for hackers to read too.
  • Hide your metadata. If your regular mail service encrypts your messages, that doesn't automatically mean hiding the header with metadata. It often includes your and recipient's email address, device, browser, and network.
  • Don't be a product. If your email is great but free, chances are you are the product. Still, too few users know that Gmail actively scans your mailbox for keywords and uses them to show personalized ads. This way, by using Gmail, you're helping Google make money out of your data.
  • Store your messages in a privacy-friendly location. The US and any Fourteen Eyes intelligence-sharing country might one day decide to see your inbox. If the provider's servers are in one of those countries, doing so will be much easier than getting access to some nuclear bunker in Switzerland (see ProtonMail section above).

Finally, always remember that your mail service is as secure as your chosen password. All end-to-end encryption and no-logs policies go through the roof if anyone can crack your password in a few minutes.

FAQ

Is Gmail a secure service provider?

Gmail uses standard Transport Layer Security (TLS) encryption to protect the emails in transit. If you're sending an email to someone whose provider also supports TLS, your email's transition will be protected. However, once the email arrives in the mailbox, your email's contents will be visible to the provider.

Why should I need to encrypt my emails?

Email is often used for sending confidential information, so its security is paramount. However, email as a method for sending messages hasn't evolved that much since its inception. It means that there are many ways how your email could be spoofed or read by nosy individuals.

Do you need a service provider to encrypt your email?

No, you don't need to sign up for a service provider to encrypt your email. It's possible to do it manually. One of the most popular methods is PGP, but you'll need to ask everyone you're communicating with to set it up on their emails. It's much easier to use end-to-end encrypted email providers.

What could happen if a hacker took over my email?

Every email that a hacker would send from your account would be something you sent. This could put your reputation at risk, especially if combined with money transfer requests. Your other online accounts rely on your email's security as well. So taking over your email account means taking over a significant portion of your online identity.

How do I know that someone read my private emails?

Although there are some obvious signs that your email was hacked, it's much harder to determine whether someone read your emails. Imagine that police expressed an interested in your communications. What's stopping them from asking your email provider for backdoor access to your message contents? The only way to make sure that the unintended readers don't read your emails is to use end-to-end encryption.

Comments 14
  1. Epister says:

    Hello. I’ve recently switched from Gmail to Outlook and I wanted to ask – how do I send secure email using Outlook? Generally I trust Microsoft more than Google, but it’s still a business email and some things need to be kept secret without a chance of some snooping. Is there some integrated option or do I need to look for some third party tools?

    • Mindaugas Jancis says:

      Hi, Epister. Thanks for your comment. Not all secure emails have a POP3/IMAP import feature. I’d suggesting trying Hushmail – it works not only with Outlook but also with other mail clients.

  2. Amanda Drummond says:

    I’m actually dealing with a hacker at the moment and I cant make an email that is secure, how is something like this managed better with your email service?

    • Mindaugas Jancis says:

      Hello, Amanda. Secure emails are way better protected against hacker attacks. They encrypt all your data, making it unreadable to third-parties, including themselves. Most support two-factor authentication, meaning that anyone who got hold of your password would also need to make an approval on your smartphone. You can even choose to ask for a Touch ID or Face ID. Therefore, if you haven’t been kidnapped by the hacker, there’s no way to open your secure mailbox.

  3. Josh Hunter says:

    My employers are using G Suite and I don’t really have a choice, have to use it all the time at work. Still, I think it could use some extra security, cant be too careful when confidentiality is on the line. So how do I send secure email in gmail? as in secure from Google too, i dont need them to steal my personal data through my business email.

    • Mindaugas Jancis says:

      Hey, Josh. I’m afraid there’s no way to secure it in Gmail. However, there are some things that you could do. When composing a letter, turn on the confidential mode at the top-right. From there, you can set the expiration date or request to enter a passcode. For the latter, you’ll need to enter the recipient’s phone number. Finally, use S/MIME encryption whenever possible and don’t send or open unencrypted messages.

  4. Draventzer47 says:

    do email apps have different security features on different platforms and devices? for example what would be the most secure email app android? I dunno maybe iit’s safer to send emails from mobile devices because then your location info is all over the place. I would prefer something free of course or very cheap if the security is worth it.

    • Mindaugas Jancis says:

      Dear Draventzer47,
      Yes they do. I think that Tutanota has the best free version for Android. However, if you’re ready to spend a few bucks, ProtonMail should be your #1 Android email.

  5. Rhonda L Porter says:

    I’ve been looking for an encrypted email provider that would meet the high security standards set forth by the IRS. Our tax program uses Dynamic KBA, and I was wondering if it is possible or necessary to have this same encryption service for client emails that could contain social security numbers, bank accounts, etc?
    There are times we need to send forms for signatures only, or a client calls and requests we email a copy of a tax return. What options are available for those looking for this type of security in servicing their client base?

  6. Lawrence Warren says:

    what kind of things do i need to look out for to understand which email providers are secure or not? And what kinds of policies are most helpful to secure email use? I need to send out some sensitive info and I dont want to risk getting exposed. Preferably free, I dont want my credit card info to be related to this. thank you for your insights.

  7. Vilma Van Cann says:

    i’m doing some comunication through email and i have this issue that needs to be solved – how do you request a secure link in email? I know of some services that let you generate secure links, but they don’t always work if the other person doesn’t use that service too. Maybe some email providers have their own solutions to this? At the moment I’m using the free plan of ProtonMail, but I’m willing to switch

  8. MatrixRainbow says:

    With no end in sight for all this quarantine business I’ve decided to work on some tech related project at home. I’ve been thinking of making some homelab server at my place and hosting various services for myself, for example a website, vpn and email. So once everything is up and running how can i test if my email server is secure?

  9. Blianezh says:

    If you are not using an E2EE mail provider, here is a way to protect your message:
    Just add more efforts. Don’t write message directly in the draft mail. 1. Write message in a file (txt, docx, etc.) instead. 2. Encrypt the file and data(with 12 characters or longer password) you want to send with a good encryption software. 3. Attach the encrypted file and send mail.
    In my opinion, Free mail or online storage is the most secure place to store or backup your important data if you use it correctly and smartly. You know “the most dangerous place is also the safest one”!

  10. Lawrence Snider says:

    When using thunderbird how to send secure email? I’m thinking it’s always secure but maybe it’s possible to make it even extra secure than usual? You know make it very untraceable. Overall I’m very happy with Thunderbird, just looking for some extra tips and tricks for security and privacy.

Leave a Reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Related articles:

© 2020 CyberNews – Latest tech news, product reviews, and analyses.

Subscribe for Security Tips and CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!