ProtonMail gets a lot of attention as a secure email service, even getting shoutouts in various media outlets. But when you strip away the flowery language, does this email provider really stand above the competition? And is it worth the above-average price? We’ll answer all this and more in our new and updated ProtonMail review for 2022.
If you want to protect your email from prying eyes, but don’t need the kind of protection that keeps spies and whistleblowers alive, ProtonMail could be the secure email service for you. It utilizes PGP encryption standards, end-to-end and zero-knowledge encryption. A high level of encryption is very important in an age of eroding security and regular data breaches in the news.
Because ProtonMail positions its service as one of the most secure email options available, above and beyond other secure email providers, we’re really going to put it under the microscope in this updated ProtonMail review for 2022.
At the end of the day, only you can decide which is the best secure email service for your unique needs and threat model. So let’s get started.
- End-to-end (E2E) and zero-access encryption for Email, Calendar, and Contact information
- Operates under Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, Android and iOS code are all open source
- Support for custom domains
- Strips IP address from emails
- Can be used with third-party email clients through the ProtonMail Bridge feature
- Can import contacts and emails
- ProtonMail does not encrypt email subject lines
- Sometimes requires personal information for verification of new accounts
- Confusing and expensive pricing
- Incredibly long beta test cycles
- May log IP addresses for government agencies
ProtonMail features overview
ProtonMail utilizes strong end-to-end (E2E) and zero-access encryption standards to protect all email, contacts, and calendar data. All your data is encrypted when stored on ProtonMail servers, except email subject lines (more on this later).
Note: To understand the difference between E2E and zero-access encryption, check out this excellent explanation.
Aside from this multi-tiered encryption system, ProtonMail has plenty of interesting features, including:
- The ability to send “self-destructing messages,” which are automatically deleted at the time the sender specifies.
- Address Verification, a way to ensure that a Public Key received from another user hasn’t been tampered with since you first verified it.
- Full PGP support.
- Premium accounts with a range of additional benefits, including a brandable Business account.
- The ability to send encrypted emails to non-ProtonMail users.
- Android and iOS mobile apps plus a web client.
- ProtonMail Bridge, which allows ProtonMail to integrate with other email clients that support the IMAP and SMTP protocols. This also allows you to import mail into your account from other services.
Overall, this is a good lineup of features.
ProtonMail company history and funding sources
The ProtonMail family of products is run by Proton Technologies AG, a company based in Geneva, Switzerland. The founders met while scientists at CERN and came up with the idea for a secure email provider in the CERN cafeteria, as the story goes.
Funding for ProtonMail has come from various sources over the years. Aside from regular paying users, Protonmail has also benefited from the following funding sources:
- In 2014, ProtonMail launched an Indiegogo crowdfunding campaign which brought in over half a million dollars.
- In 2015, ProtonMail accepted a $2 million investment from a US-based firm called Charles River Ventures (CRV).
- In 2019, ProtonMail accepted €2 million from the EU government to “develop a suite of encrypted services.”
ProtonMail does not encrypt email subject lines
One concern I have is that ProtonMail does not encrypt the subject lines of messages. From the ProtonMail website:
All ProtonMail data at rest and in transit is encrypted. However, subject lines in ProtonMail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end to end encrypted.
ProtonMail complies with the OpenPGP encryption standard, which is based on the proprietary PGP standard. In that standard, address-related metadata is part of the message header and must remain unencrypted to allow a message to reach its destination.
ProtonMail does not encrypt the subject of your emails. If this is a problem for you check out our Tutanota review, which does not rely on PGP and fully encrypts subject lines.
The ProtonMail approach makes them compliant with the PGP specification, but leaves this potentially-revealing data unencrypted. We will return to this important subject in a moment.
ProtonMail servers and data security
All ProtonMail servers are physically located in Switzerland in secure facilities. This means user data is protected by Swiss law, which generally provides for better privacy than USA or EU law.
However, ProtonMail makes it clear that if you violate Swiss laws, and they receive a Swiss court order, they will have to turn over whatever information they have on you to the Swiss authorities. This is where the lack of encryption for the Subject line of messages can become a problem.
While the bodies of your messages and any attachments should remain safely encrypted, addressing information and the Subject lines of your messages are stored in the clear and would be provided to the authorities. This information is enough to give anyone possessing it a good idea of who you communicate with and the subjects you discuss with them.
ProtonMail logging IP addresses
Additionally, ProtonMail may also be logging your IP address and providing this to government authorities. I learned about this by reading ProtonMail’s Transparency Report.
There was another high-profile case of ProtonMail logging IP addresses in 2021. This case received lots of attention because:
1) the ProtonMail user was arrested by authorities; and
2) ProtonMail then scrubbed its website of the “no IP logging” claims after the incident
This is another reason we also recommend using a good VPN service that hides your true IP address and location. Using a good VPN is also essential for basic digital privacy in a world when ISPs log everything you do online.
Some people also question how free from USA and EU influence Proton Technologies really is. Additionally, Switzerland now has data retention regulations, but ProtonMail argues that these regulations do not apply to their services, but rather Swiss internet providers.
All that said, the ProtonMail threat model document specifically states that,
“we cannot guarantee your safety against a powerful adversary.”
The spy agencies serving the USA and EU definitely qualify as “powerful adversaries.” Under most circumstances, this is a secure email service. But if you decide to take on one of the Five Eyes, violate Swiss laws, or do something else equally crazy, using ProtonMail is unlikely to save you.
Is ProtonMail really anonymous?
If you look at the ProtonMail home page, you’ll find this claim:
I like the idea of being able to create an account without providing any personal information. Just finding a secure and private email service is hard, which is why we have created this series of email reviews for you. An anonymous and encrypted email service would be great — but there’s a problem.
When creating an account to test out ProtonMail for this review, I was forced to go through a verification that is the exact opposite of “anonymous” — as they boldly claim to offer.
How does ProtonMail square this requirement to enter personal information, with their claim that, “no personal information is required to create your secure email account”? To me, it seems like a clear contradiction.
To attempt to explain away this contradiction, ProtonMail has created a page explaining their “Registration Human Verification” procedures, which you can read about here.
First, the system doesn’t always force you to enter personal information. They have, “an intelligent algorithm that determines the required verification method based on a number of factors.” Sometimes it will only require a reCaptcha to confirm that you are human.
At other times you will be forced to use email or SMS verification, or make a “donation” using a credit card or PayPal. In other words, their algorithm will decide for itself whether or not you are allowed to create an account without disclosing personal information. So let’s call it conditional anonymity.
The page also explains that if you do use email or SMS for verification, only a cryptographic hash of this information is stored. This hash, “is not permanently associated with the account that you create.” The page doesn’t explain if “not permanently associated” means “never associated,” or “temporarily associated.” Nor does it explain how credit card and PayPal verification is tracked.
I can understand the company’s desire to have processes in place to prevent spammers from abusing the system. But I can’t understand their claim that no personal information is required to create your secure email account with the fact that sometimes personal information is required. The fact that the email and SMS hashes are not permanently associated with your account doesn’t change the fact that you must provide them, then trust ProtonMail’s handling of them.
We have reviewed other secure email services that give you more privacy when registering for an account. For an example of this, see our Tutanota review.
My Two Cents: ProtonMail needs to clarify or eliminate the claim of offering anonymous email.
ProtonMail technical specifications
ProtonMail uses a variety of encryption algorithms to protect your messages. All messages are end-to-end encrypted and also remain encrypted in your mailbox until actively being read. The algorithms they use are open source versions of AES and RSA along with OpenPGPjs algorithms:
- TLS 1.0
- DHE RSA
- SHA 3
QuoVadis Trustlink Schweiz AG signs SSL certificates for ProtonMail.
Security features of the certificates include:
ProtonMail hands-on testing
If you’ve used email services like Microsoft Outlook or Gmail, you will find ProtonMail to be easy to work with. For this review, we’ll be looking at ProtonMail Plus plan, the first tier of paid ProtonMail service. At this time, you need to have a paid ProtonMail account and access the beta version of the product to use some of the newest features, such as their new encrypted Calendar.
Creating a ProtonMail account
Creating an account with ProtonMail is pretty self-explanatory. You can get an account in a matter of minutes:
- Go to the ProtonMail website and select the SIGN UP button.
- Create a username and password. (Recovery email is optional.)
- Go through the verification steps
I’ve seen complaints that ProtonMail sometimes forces people to go through phone (SMS) verification if they try to sign up using a VPN or the Tor network. While I don’t like the idea that ProtonMail may force you to use SMS verification, I understand their desire to protect the service from spammers and bots.
Note: I have no reason to suspect that ProtonMail is lying to you about this, but I also understand that many people want to use ProtonMail truly anonymously. I could imagine someone like that using an anonymous payment method like a new, virtual credit card to make a donation. Or maybe renting an SMS number just long enough to complete the process. Even using a disposable email address then discarding it once the verification is done.
Before we go further, we have to discuss how ProtonMail handles beta versions. They are serious about wanting community involvement in the process. As a result, the newest version of ProtonMail can be stuck in beta for a long time. How long? Years.
ProtonMail version 4 went live in October of 2019. The new ProtonMail was finally released in June of 2021, more than a year and a half later.. I find this mind-boggling but that’s the way this team rolls, apparently. In response to the various complaints on Reddit, ProtonMail acknowledges the missed deadlines and delays:
So what does this mean to you? I don’t think it is a good idea for a privacy-oriented person to rely on beta software. By definition, beta software isn’t completely ready yet. This could include flaws, bugs, and/or exploits that undermine your privacy and security.
Unless you are comfortable with the real, but hard to quantify privacy risks of using beta software, I recommend you stick with the released version of ProtonMail (v4.0.20 at the time of this review).
Signing in to ProtonMail
Signing in to ProtonMail is easy and straightforward. Simply go to the homepage and enter your login credentials. When using ProtonMail, you have the option to create a recovery email inbox, which can be used if you lose your password.
Once you sign into ProtonMail, you can stay with the free plan or upgrade to one of the paid plans. As is common with most secure email services, the paid plans offer more storage and additional features over the free plan. We noted this same dichotomy in our ProtonVPN review.
Note: As we go through this review, I’ll let you know which features are available only in a paid plan or only in the beta.
The look and feel of ProtonMail
The new version of ProtonMail has a pretty standard interface, with a 3-pane “Row View” layout (we saw that when talking about encrypted subject lines earlier). They also offer the “Column View” option, as you can see here:
With Column View, you get all the usual folders in the left-most pane, with the ability to add any custom ones you wish. And like other privacy-oriented mail services, ProtonMail blocks remote content like images by default, giving you the option to load them right at the top of the window.
The web client works smoothly although there can be a delay when opening a message, given that the message must be decrypted before you can read it. Since the client is browser-based, instead of a stand-alone app, you might find that it slows down as the number of messages as your folders increase, but I didn’t notice any problems during testing.
You can customize the layout of your ProtonMail inbox by clicking the Settings icon. In the menu that appears, select Go to settings, which opens the Settings window. Then select Appearance in the left-hand column of the Settings window. For example, I used the Layouts section of Settings to switch back and forth between the Row View of the inbox and the Column View.
Exactly what you can do here will of course depend on which ProtonMail plan you subscribe to. We’ll look at the differences between the plans later in the review.
Composing messages with ProtonMail
By default, you compose ProtonMail messages in a pop-up window called Composer. It comes with a good set of HTML formatting options, including inline images. This window appears in the lower-right corner of the ProtonMail window, and looks like this:
Once you get used to the layout, the composition window makes including things like Attachments, an Expiration time, a Read Receipt Request, and Encryption fast and easy. If you don’t like working in this little window, can make the Composer window large by clicking the Settings icon, then Appearance. In the Composer section that appears, select Maximized.
Note: You can only set an expiration time on messages sent to other ProtonMail users or encrypted messages sent to non-ProtonMail users. You cannot make an unencrypted message to a non-ProtonMail user expire.
There are a few keyboard shortcuts that help with composing messages. But you won’t find more advanced editing features such as macros and automatic suggestions.
Sending messages to non-ProtonMail users
Like some other secure email services, such as Tutanota and Mailfence, ProtonMail gives you the option to send encrypted messages to people who don’t use the service. The recipient will need to know the shared password you are using, so that will need to be arranged outside the system. These encrypted messages automatically expire in 28 days (but you can set a shorter date if you wish). Here’s a screenshot from our tests:
The recipient will then get an email with a secure link. If they enter the correct password and click the View Secure Message button, they will be able to see the message you sent them.
This system seems to work very well, as long as you can share the password outside the ProtonMail system to get the process started. For this endeavor, you could consider using a secure messaging app.
Searching for messages in ProtonMail
ProtonMail has a very limited ability to search your messages. Because messages are encrypted (except while you are actually viewing them), the client can’t search message bodies. This, of course, can be frustrating and really limit your ability to find the message you are looking for. Here’s a screenshot of the search feature:
If you give ProtonMail 4 permission to do so, it can download, decrypt, and index the bodies of your messages to facilitate searching them. This approach appears very similar to that taken by Tutanota several years ago.
Comparison to Tutanota search – In comparison, we noted in our Tutanota review how this email offers full-text search capabilities — and has done so since 2017. To do this, Tutanota creates an encrypted search index which can then be searched locally on the users’ device.
The ProtonContacts secure contact manager is integrated into ProtonMail, giving users a secure way to protect their contacts while functioning smoothly with ProtonMail.
ProtonMail creates ProtonContacts encryption keys for you. It uses those keys in their zero access encryption system to encrypt clear text contact data, ensuring that once they do encrypt your data this way, even ProtonMail can’t read it. ProtonContacts also uses digital signature verification to ensure that no one else can secretly tamper with your contact information. ProtonContacts is also implemented in the mobile apps.
Note: Email addresses in contacts are not encrypted using zero access encryption. Why? Because ProtonMail needs to be able to read the email address to make sure your message gets sent to the right place.
Building an encrypted calendar sounds pretty easy at first. Just encrypt all the data until the user opens the calendar, then decrypt the data for them. But just as an email service has to interact with other email services, a calendar service needs to be able to interact with other calendar services.
Even worse, a full-powered calendar system needs to be able to share events with other calendar systems. The engineers battled with this complexity for over a year, and on December 20, 2019, they announced the arrival of ProtonCalendar.
- Calendar sharing
- Event invitations to anyone (whether they use ProtonMail or not)
- The ability to sync the calendar with events found in your ProtonMail inbox
- The ability to import other calendars in .ICS format
ProtonCalendar is also now available for iOS and Android.
In November, 2020, Proton announced the release of ProtonDrive in beta. This is a basic secure cloud storage feature that can be used with certain accounts. However, as we noted in our ProtonVPN vs NordVPN comparison, the Proton team has a habit of restricting features to only the highest-paying subscription tiers.
We see that ProtonDrive is only available to the following users at this time:
- Visionary or Lifetime accounts
- Accounts with both ProtonMail Plus and ProtonVPN Plus with one-year or two-year plans
- Accounts with both ProtonMail Professional and ProtonVPN Plus with one-year or two-year plans
How long will ProtonDrive stay in beta? Who knows. But given Proton’s history, it could be a really long time. I’ve seen a growing chorus of ProtonMail users voice their frustration over the endless beta status of this and other products:
This will someday be a welcome addition to the Proton product line. But if you need secure (non-beta) cloud storage now, I suggest you consult our guide to the best cloud storage instead of waiting for ProtonDrive to come out of beta.
ProtonMail mobile apps
ProtonMail has apps for both iOS and Android. I’ve been working with the Android app and it looks good and functions smoothly. At the time of this ProtonMail review, the Android app had 42,000 reviews with a rating of 4.2 out of 5 stars.
Since our last major review, Proton Technologies completed the process of making their Android app open source. However, it is still not available on F-Droid.
The iOS app is also open source. The iOS app gets a score of 4.0 out of 5, with over 2,900 reviews.
ProtonMail business features
ProtonMail also offers a service for businesses that provides “end-to-end encryption to secure your business communications.”
This service includes migration tools and dedicated support to transition your business from its current hosting to the ProtonMail infrastructure. It incorporates a user hierarchy allowing your Email Administrators to manage user accounts appropriately.
Given the current limitations with search and calendar, I’m not sure ProtonMail would be a great fit for businesses that need all these features. There are other good options that are more fully-featured, such as Mailfence or Mailbox.org.
ProtonMail provides differing levels of customer support depending on which subscription plan you have. Not surprisingly, free users get a basic support level, with access to a searchable knowledge base and some helpful step-by-step guides. As you move up through the paid plans you get email support and eventually priority support.
ProtonMail cost and pricing plans
Since they don’t display ads in their clients, or sell access to your messages to advertisers, ProtonMail charges for their services. ProtonMail has four pricing plans, including a free tier with 500 MB of storage.
The Free plan, with 500 MB of storage, 150 messages per day, and 3 folders / labels could be enough for you. If not, one of the paid plans will likely meet your needs.
The details of each pricing plan tend to change, so I haven’t included a screen capture. Your best bet is to go to the signup page and see what the current offer looks like.
ProtonMail’s paid plans have historically been more expensive than the competition. Their individual plans (Plus and Visionary) will set you back $48 per year and $288 per year respectively, while the Professional plan runs $6.25 per month per user.
Note that the Free, Plus, and Professional plans all offer ProtonVPN as an option, while the Visionary plan has the VPN built in.
While there are several secure email services on the market, Tutanota is the first alternative I would suggest. Rather than using PGP and S/MIME, Tutanota has rolled out their own encryption standard incorporating AES and RSA, which encrypts the subject line, supports forward secrecy, and can be updated/strengthened over time. Tutanota has also rolled out a fully-encrypted Calendar feature.
My verdict: Tutanota is the best alternative to ProtonMail in the high-security category. (It is based in Germany.)
There are other alternatives to ProtonMail that offer a lesser degree of encryption and security, but with more features:
- Mailfence is a Belgium-based email that has many features, integrated PGP support, and it works well for groups/teams.
- Mailbox.org is another good option based in Germany with many features and options for teams.
Both Mailfence and Mailbox.org support custom domains.
Here are some of the more common questions about this product and its related components such as ProtonMail Bridge.
Is ProtonMail really secure?
There is a lot of debate out there about how secure ProtonMail really is. Aside from the financial ties to the US and EU that we discussed earlier, there have been some criticisms of the service on other grounds as well.
- Leaving the Subject field in the clear (for PGP compatibility) means more data could be exposed to those spying on the message traffic.
- A paper published at the end of 2018 criticized ProtonMail’s cryptographic architecture on a number of grounds. However, these same criticisms could be applied to any browser-based email client (not just ProtonMail). Here is the response from ProtonMail.
On the subject of using PGP, there are also some benefits in terms of security. OpenPGP is an open standard, which has been extensively audited for security, and is battle tested, and well proven to be secure. ProtonMail also the maintainer of OpenPGPjs, which is the most widely used open source encryption library and has therefore been thoroughly audited.
Lastly, we also have to keep in mind that ProtonMail is arguably the biggest name in the private email space. This makes it a good target for criticism, as we also noted in our NordVPN review, as the largest VPN provider.
Can ProtonMail hand over my data to the authorities?
Because ProtonMail uses E2E and zero-knowledge encryption, there isn’t a lot of data that they can hand over to anyone. The only thing that is stored unencrypted is message headers and the email addresses of contacts.
Even here, Proton Technologies says they won’t hand over any data unless directed to by the appropriate Swiss authority. Your data is about as safe as it can be using publicly available tech.
A bigger risk to the security of your data, is the way governments are pushing to break end-to-end encryption. There are constant efforts to force companies to insert “backdoors” into their software that would allow law enforcement to bypass encryption. This recent Fortune magazine article nicely describes the situation in the United States today.
Can you switch between paid and free ProtonMail versions?
Proton Technologies allows you to switch between the free and paid versions of this encrypted email service. You can go from a paid version to the free version, but if you do you’ll lose all the premium features of the paid version you are leaving. You can also return to a paid version from the free version. How? By subscribing to the paid version you want. You won’t lose any of your messages when you do this.
What is ProtonMail Bridge?
ProtonMail Bridge handles encrypting/decrypting messages when you connect it to a third-party email client. The ProtonMail Bridge page describes it best:
Bridge runs in the background by seamlessly encrypting and decrypting messages as they enter and leave your computer. The app is compatible with most email clients supporting IMAP and SMTP protocols.
You must have a paid subscription to use the bridge.
ProtonMail review conclusion
ProtonMail is a polished and popular end-to-end encrypted email service that will meet the needs of many regular users.
As one of the most popular secure email services on the market, with a free basic account, it is a great option for regular encrypted communications with friends, business partners, and others who want protection from routine snooping and hacking. You will, however, need to be patient about getting advanced features thanks to ProtonMail’s extended beta test cycles.
For those who want maximum security with full encryption of subject lines and strong data security, or simply faster delivery of new features, Tutanota might be a better fit.
Is ProtonMail the best secure email service for you?
I can’t tell you that since everyone’s needs are different. There are many factors to consider when selecting a secure email provider and the choice all comes down to your own preferences. You can learn more about ProtonMail on their website here:
Alternatives to ProtonMail
We have numerous email solutions that offer a higher level of privacy and security. You can also check out our full lineup of recommended secure email providers.
We also have a roundup guide on temporary disposable email services if you need a quick email for registration.
And here is a list of other email services we have reviewed:
This ProtonMail review was last updated May 1, 2022.