Proton Mail gets lots of attention as a private and secure email service. You see lots of recommendations in various media outlets, and you surely have at least a few friends who are already using it. But when you strip away the flowery language, does this email provider really stand above the competition?
Have the major product changes that have rolled out recently changed the equation? Is Proton Mail worth testing for yourself? We’ll answer all this and more in our new and updated Proton Mail review for 2023.
If you want to protect your email from prying eyes, but don’t need the kind of protection that keeps spies and whistleblowers alive, Proton Mail could be the secure email service for you. It utilizes PGP encryption standards, end-to-end and zero-knowledge encryption. A high level of encryption is very important in an age of eroding security and regular data breaches in the news.
Because Proto Mail positions its service as one of the most secure email options available, above and beyond other secure email providers, we’re really going to put it under the microscope in this updated Proton Mail review for 2023.
|Free Tier||Up to 1 GB|
|Coupon||33% off Proton Mail >|
But remember, we can only give you information about Proton Mail. Only you can decide which is the best secure email service for your unique needs and threat model. So let’s get started.
- End-to-end (E2E) and zero-access encryption for Email, Calendar, and Contact information
- Operates under Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, Android and iOS code are all open source
- Support for custom domains
- Strips IP address from emails
- Can be used with third-party email clients through the Proton Mail Bridge feature
- Can import contacts and emails
- Subject lines not encrypted
- Sometimes requires personal information for verification of new accounts
Proton Mail feature overview
Proton Mail utilizes strong end-to-end (E2E) and zero-access encryption standards to protect all email, contacts, and calendar data. All your data is encrypted when stored on Proton Mail servers, except for email subject lines (more on this later).
Note: To understand the difference between E2E and zero-access encryption, check out this excellent explanation.
Aside from this multi-tiered encryption system, Proton Mail has plenty of interesting features, including:
- The ability to send “self-destructing messages,” which are automatically deleted at the time the sender specifies.
- Address Verification, a way to ensure that a Public Key received from another user hasn’t been tampered with since you first verified it.
- Full PGP support.
- Premium accounts with a range of additional benefits, including a brandable Business account.
- The ability to send encrypted emails to non-Proton Mail users.
- Android and iOS mobile apps plus a web client.
- Proton Mail Bridge, which allows Proton Mail to integrate with other email clients that support the IMAP and SMTP protocols.
- Easy Switch, which makes it easy to switch to Proton Mail by importing messages from other services.
Overall, this is a good lineup of features.
Since our last review of Proton Mail, it and its siblings (Proton VPN, Proton Calendar, and Proton Drive) have been joined together under a single Proton Account. Signing up for a free Proton Account automatically gives you access to the free versions of all four products.
Proton Mail company history and funding sources
The Proton Mail family of products is run by Proton AG, a company based in Geneva, Switzerland. The founders met while scientists at CERN, and came up with the idea for a secure email provider in the CERN cafeteria, as the story goes.
Funding for Proton Mail has come from various sources over the years. Aside from regular paying users, Proton Mail has also benefited from the following funding sources:
- In 2014, Proton Mail launched an Indiegogo crowdfunding campaign that brought in over half a million dollars.
- In 2015, Proton Mail accepted a $2 million investment from a US-based firm called Charles River Ventures (CRV).
- In 2019, Proton Mail accepted €2 million from the EU government to “develop a suite of encrypted services.”
Proton Mail does not encrypt email subject lines
One concern I have is that Proton Mail does not encrypt the subject lines of messages. From the Proton Mail website:
All ProtonMail data at rest and in transit is encrypted. However, subject lines in ProtonMail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end to end encrypted.
Proton Mail complies with the OpenPGP encryption standard, which is based on the proprietary PGP standard. In that standard, address-related metadata is part of the message header and must remain unencrypted to allow a message to reach its destination.
If this lack of encryption for the subject line is a problem for you, check out our Tutanota review. Tutanota does not rely on PGP and fully encrypts subject lines.
The ProtonMail approach makes them compliant with the PGP specification but leaves this potentially-revealing data unencrypted.
Proton Mail servers and data security
All Proton Mail servers are physically located in Switzerland in secure facilities. This means user data is protected by Swiss law, which generally provides for better privacy than USA or EU law.
However, Proton Mail makes it clear that if you violate Swiss laws, and they receive a Swiss court order, they will have to turn over whatever information they have on you to the Swiss authorities. This is where the lack of encryption for the Subject line of messages can become a problem.
While the bodies of your messages and any attachments should remain safely encrypted, addressing information and the Subject lines of your messages are stored in the clear and would be provided to the authorities. This information is enough to give anyone possessing it a good idea of who you communicate with and the subjects you discuss with them.
Proton Mail logging IP addresses
This is another reason we recommend using a good VPN service that hides your true IP address and location. Using a good VPN is also essential for basic digital privacy in a world when ISPs log everything you do online.
With the large investments that have been made by a US firm and the EU government, some people question how free from USA and EU influence Proton AG really is. Additionally, Switzerland now has data retention regulations, but Proton Mail argues that these regulations do not apply to their services, but rather to Swiss internet providers.
All that said, the Proton Mail threat model document specifically states that,
“we cannot guarantee your safety against a powerful adversary.”
The spy agencies serving the USA and EU definitely qualify as “powerful adversaries.” Under most circumstances, this is a secure email service. But if you decide to take on one of the Five Eyes, violate Swiss laws, or do something else equally crazy, using Proton Mail is unlikely to save you.
Proton Mail security, privacy, and anonymity – Addressing user comments
We’ve received several comments from our readers related to the security, privacy, and anonymity of Proton Mail. It is easy to see why.
It used to be that the Proton Mail home page claimed that the service, “provided an anonymous email gateway”, and “requires no personal information to create an account.” However, the algorithm that controlled the registration process sometimes decided that it needed some personal information before allowing you to create an account. You would see an, “Are you human?” dialog box like this one:
Clearly, if you are required to enter personally identifiable information, the system is not very anonymous. Proton Mail has addressed this issue by eliminating any mention of anonymity on their home page. They have also created a page explaining their “Registration Human Verification” procedures, which you can read about here.
First, the system doesn’t always force you to enter personal information. They have, “an intelligent algorithm that determines the required verification method based on a number of factors.” Sometimes it will only require a reCaptcha to confirm that you are human.
At other times you will be forced to use email or SMS verification, or make a “donation” using a credit card or PayPal. In other words, their algorithm will decide for itself whether or not you are allowed to create an account without disclosing personal information. So let’s call it conditional anonymity.
The page also explains that if you do use email or SMS for verification, only a cryptographic hash of this information is stored. This hash, “is not permanently associated with the account that you create.” The page doesn’t explain if “not permanently associated” means “never associated,” or “temporarily associated.” Nor does it explain how credit card and PayPal verification is tracked.
I can understand the company’s desire to have processes in place to prevent spammers from abusing the system. But I couldn’t understand their claim that no personal information was required to create your secure email account despite the fact that sometimes personal information was required. The fact that the email and SMS hashes are not permanently associated with your account doesn’t change the fact that you must provide them, then trust Proton Mail’s handling of them.
We have reviewed other secure email services that give you more privacy when registering for an account. For an example of this, see our Tutanota review.
To wrap things up, here are the things you need to know:
- Proton Mail Subjects are not encrypted
- Proton Mail can, and has, logged user IP addresses, at least once turning over that information to the authorities
- Proton Mail is not anonymous — but it is private
If you want a secure email service that is more private than services like Gmail and Outlook, Proton Mail could be a good choice.
If you want anonymity, or a guarantee that the Swiss government can’t find out your IP Address, Proton Mail can’t give you that.
If you want a guarantee that a powerful adversary like the NSA can’t read your email, Proton Mail can’t guarantee that. But neither can any of the Proton Mail alternatives.
Proton Mail technical specifications
Proton Mail uses a variety of encryption algorithms to protect your messages. All messages are end-to-end encrypted and also remain encrypted in your mailbox until actively being read. The algorithms they use are open source versions of AES and RSA along with OpenPGPjs algorithms:
- TLS 1.0
- DHE RSA
- SHA 3
QuoVadis Trustlink Schweiz AG signs SSL certificates for Proton Mail.
Security features of the certificates include:
Proton Mail hands-on testing
If you’ve used email services like Microsoft Outlook or Gmail, you will find Proton Mail to be easy to work with. For this review, we’ll be looking at the Proton Mail Plus plan, the paid version of the Proton Mail service.
Creating a Proton Mail account
To create an account with Proton Mail, you need to sign up for a Proton account. This gives you access to versions of the entire Proton product family (Proton Mail Proton VPN, Proton Calendar, and Proton Drive),
You can get an account in a matter of minutes:
- Go to the Proton.me website and click the Create a free account button.
- You will see three plan options. I recommend starting with the Free Plan so you can get the feel of the service.
- Create your Proton Account by entering a username and password. This gives you access to the Proton Mail plan you selected plus the free versions of the other products in the Proton family.
- Go through the verification steps.
I’ve seen complaints that Proton Mail sometimes forces people to go through phone (SMS) verification if they try to sign up using a VPN or the Tor network. While I don’t like the idea that Proton Mail may force you to use SMS verification, I understand their desire to protect the service from spammers and bots.
Note: While Proton Mail wants to make sure you aren’t doing anything shady, you may want to use Proton Mail truly anonymously. I could imagine someone in that situation using an anonymous payment method like a new, virtual credit card to make a donation. Or maybe renting an SMS number just long enough to complete the process. Even using a disposable email address and then discarding it once the verification is done.
Proton Mail betas
Before we go further, we have to discuss how Proton Mail handles beta versions. They are serious about wanting community involvement in the process. As a result, the newest version of Proton Mail can be stuck in beta for a long time. How long? Years.
Proton Mail version 4 went live in October 2019. The new Proton Mail was finally released in June of 2021, more than a year and a half later. I find this mind-boggling but that’s the way this team rolls, apparently. In response to the various complaints on Reddit, Proton Mail acknowledges the missed deadlines and delays:
So what does this mean to you? At the moment, not too much. Right now the only product that is in beta appears to be Proton Drive. And while you may be interested in using that product, today we are talking about Proton Mail, Contacts, and Calendar, all of which are fine to use in their current released versions.
That said, I don’t think it is a good idea for a privacy-oriented person to rely on beta software. By definition, beta software isn’t completely ready yet. This could include flaws, bugs, and/or exploits that undermine your privacy and security.
Unless you are comfortable with the real, but hard to quantify privacy risks of using beta software, I recommend you stick with the released version of Proton Mail, Contacts, and Calendar. Avoid the Proton Drive beta for anything other than testing until there is a released version to use.
Signing in to Proton Mail
Signing in to Proton Mail is easy and straightforward. Simply go to the homepage and enter your login credentials. When using Proton Mail, you have the option to create a recovery email inbox, which can be used if you lose your password.
Once you sign into Proton Mail, you can stay with the free plan or upgrade to one of the paid plans. As is common with most secure email services, the paid plans offer more storage and additional features over the free plan. We noted this same dichotomy in our Proton VPN review.
Note: As we go through this review, I’ll let you know which features are available only in a paid plan or only in the beta.
The look and feel of Proton Mail
The latest version of Proton Mail has a pretty standard interface, although it was updated in April 2022 to be consistent with the other products in the Proton family. There’s a 3-pane “Row View” layout (we saw that when talking about encrypted subject lines earlier). They also offer the “Column View” option, as you can see here:
With Column View, you get all the usual folders in the left-most pane, with the ability to add as many custom ones as you wish if you are using a paid version of Proton Mail. And like other privacy-oriented mail services, Proton Mail blocks remote content like images by default, giving you the option to load them right at the top of the window.
The web client works smoothly although there can be a delay when opening a message, given that the message must be decrypted before you can read it. Since the client is browser-based, instead of a stand-alone app, you might find that it slows down as the number of messages as your folders increase, but I didn’t notice any problems during testing.
Proton Mail Settings
You can customize the layout of your Proton Mail inbox by clicking the Settings icon. In the menu that appears, select Go to settings, which opens the Settings window.
Select Appearance in the left-hand column of the Settings window. You’ll be presented with several Themes, along with Layout options for the Inbox and the Composer window (see below). There is also an option to change the Density (how closely packed the text is) of the content Proton Mail displays.
Composing messages with Proton Mail
By default, you compose Proton Mail messages in a pop-up window called Composer. It comes with a good set of HTML formatting options, including inline images. This window appears in the lower-right corner of the Proton Mail window, and looks like this:
Once you get used to the layout, the composition window makes things like Attachments, an Expiration time, a Read Receipt Request, and Encryption fast and easy. If you don’t like working in this little window, you can make the Composer window large by clicking the Settings icon, then Go to Settings, then Appearance. In the Composer section that appears, select Maximized.
Note: You can only set an expiration time on messages sent to other Proton Mail users or encrypted messages sent to non-Proton Mail users. You cannot make an unencrypted message to a non-Proton Mail user expire.
There are a few keyboard shortcuts that help you to compose and send encrypted messages. But you won’t find more advanced editing features such as macros and automatic suggestions.
Sending messages to non-Proton Mail users
Like some other secure email services, such as Tutanota and Mailfence, Proton Mail gives you the option to send encrypted messages to people who don’t use the service. The recipient will need to know the shared password you are using, so that will need to be arranged outside the system. These encrypted messages automatically expire in 28 days (but you can set a shorter date if you wish). Here’s a screenshot from our tests:
The recipient will then get an email with a secure link. If they enter the correct password and click the View Secure Message button, they will be able to see the message you sent them.
This system seems to work very well, as long as you can share the password outside the Proton Mail system to get the process started. For this endeavor, you could consider using a secure messaging app.
Searching for messages in Proton Mail
Proton Mail has a very limited ability to search your messages. Because messages are encrypted (except while you are actually viewing them), the client can’t search message bodies. This, of course, can be frustrating and really limit your ability to find the message you are looking for. Here’s a screenshot of the search feature:
If you give Proton Mail permission to do so, it can download, decrypt, and index the bodies of your messages to facilitate searching them. This approach appears very similar to that taken by Tutanota several years ago.
Comparison to Tutanota search – In comparison, we noted in our Tutanota review how this email offers full-text search capabilities — and has done so since 2017. To do this, Tutanota creates an encrypted search index which can then be searched locally on the users’ device.
The Proton Contacts secure contact manager is integrated into Proton Mail, giving users a secure way to protect their contacts while functioning smoothly with Proton Mail.
Proton Mail creates Proton Contacts encryption keys for you. It uses those keys in their zero access encryption system to encrypt clear text contact data, ensuring that once they do encrypt your data this way, even Proton Mail can’t read it. Proton Contacts also uses digital signature verification to ensure that no one else can secretly tamper with your contact information.
Note: Email addresses in contacts are not encrypted using zero knowledge encryption. Why? Because Proton Mail needs to be able to read the email address to know where to send your messages.
Building an encrypted calendar sounds pretty easy at first. Just encrypt all the data until the user opens the calendar, then decrypt the data for them. But just as an email service has to interact with other email services, a calendar service needs to be able to interact with other calendar services.
Even worse, a full-powered calendar system needs to be able to share events with other calendar systems. The engineers battled with this complexity for over a year, and on December 20, 2019, they announced the arrival of Proton Calendar.
- Calendar sharing
- Event invitations to anyone (whether they use Proton Mail or not)
- The ability to sync the calendar with events found in your Proton Mail inbox
- The ability to import other calendars in .ICS format
All Proton Mail users get access to Proton Calendar.
In November 2020, Proton announced the release of Proton Drive in beta. This is a basic secure cloud storage feature that can be used with certain accounts. However, as we noted in our ProtonVPN vs NordVPN comparison, the Proton team has a habit of restricting the feature set, with more features as the price of your subscription climbs. In this case, access to Proton Drive is only available for paid users.
How long did ProtonDrive stay in beta? Almost 2 years. That fits with Proton AG’s history or multi-year test cycles. The beta went on so long that we recommended anyone who needed secure cloud storage that wasn’t stuck in beta to the best cloud storage instead of waiting for Proton Drive to come out of beta. But with Proton Drive finally out of beta, you should definitely give it a try!
Proton Mail mobile apps
Proton Mail has apps for both iOS and Android. I’ve been working with the Android app and it looks good and functions smoothly. At the time of this Proton Mail review, the Android app had over 5 million downloads and a rating of 3.5 out of 5 stars.
Since our last major review, Proton Technologies completed the process of making their Android app open source. However, it is still not available on F-Droid.
The iOS app is also open source. The iOS app gets a score of 4.0 out of 5, with over 3,200 reviews.
Proton Mail business features
Proton Mail also offers a service for businesses that provides “end-to-end encryption to secure your business communications.”
This service includes migration tools and dedicated support to transition your business from its current hosting to the Proton Mail infrastructure. It incorporates a user hierarchy allowing your Email Administrators to manage user accounts appropriately.
Given the current limitations with search and calendar, I’m not sure Proton Mail would be a great fit for businesses that need all these features. There are other good options that are more fully featured, such as Mailfence or Mailbox.org.
Proton Mail Support
Proton Mail provides differing levels of customer support depending on which subscription plan you have. Not surprisingly, free users get a basic support level, with access to a searchable knowledge base and some helpful step-by-step guides. As you move up through the paid plans you get email support and eventually priority support.
Proton Mail cost and pricing plans
Since they don’t display ads in their clients or sell access to your messages to advertisers, Proton Mail charges for their services. Proton Mail has three pricing plans, including a free tier with up to 1 GB of storage.
The Free plan, with 1 GB of storage, 150 messages per day, and 3 folders/labels could be enough for you. If not, one of the paid plans will likely meet your needs.
The image above shows the details of each pricing plan as of August 2022. But these tend to change so your best bet for current info is to go to the signup page and see what the current offer looks like.
Proton Mail’s paid plans have historically been more expensive than the competition. They are still higher than you might like, but the company has dropped the prices somewhat since our last review. It still isn’t a cheap service, but I think the improved features and reduced-price make it a better value than just a few months ago.
Proton Mail FAQ
Here are some of the more common questions about this product and its related components such as Proton Mail Bridge.
There is a lot of debate out there about how secure Proton Mail really is. Aside from the financial ties to the US and EU that we discussed earlier, there have been some criticisms of the service on other grounds as well.
Leaving the Subject field in the clear (for PGP compatibility) means more data could be exposed to those spying on the message traffic.
A paper published at the end of 2018 criticized Proton Mail’s cryptographic architecture on a number of grounds. However, these same criticisms could be applied to any browser-based email client (not just Proton Mail). Here is the response from Proton Mail.
On the subject of using PGP, there are also some benefits in terms of security. OpenPGP is an open standard, which has been extensively audited for security and is battle-tested, and well-proven to be secure. Proton Mail is also the maintainer of OpenPGPjs, which is the most widely used open source encryption library and has therefore been thoroughly audited.
Lastly, we also have to keep in mind that Proton Mail is arguably the biggest name in the private email space. This makes it a good target for criticism, as we also noted in our NordVPN review, as the largest VPN provider.
Because Proton Mail uses E2E and zero-knowledge encryption, there isn’t a lot of data that they can hand over to anyone. The only thing that is stored unencrypted is message headers and the email addresses of contacts.
Even here, Proton AG says they won’t hand over any data unless directed to by the appropriate Swiss authority. Your data is about as safe as it can be using publicly available tech.
A bigger risk to the security of your data, is the way governments are pushing to break end-to-end encryption. There are constant efforts to force companies to insert “backdoors” into their software that would allow law enforcement to bypass encryption. This recent Fortune magazine article nicely describes the situation in the United States today.
Proton Technologies allows you to switch between the free and paid versions of this encrypted email service. You can go from a paid version to the free version, but if you do you’ll lose all the premium features of the paid version you are leaving. You can also return to a paid version from the free version. How? By subscribing to the paid version you want. You won’t lose any of your messages when you do this.
Proton Mail review conclusion
Proton Mail is a polished and popular end-to-end encrypted email service that will meet the needs of many regular users. Thanks to their recent user interface updates, the entire Proton family of products now has a consistent look consistent with their treatment of the products as more of a suite of tools, than a bunch of standalone privacy products. This made an already good product even more appealing.
As perhaps the most popular secure email provider on the market, with a free account, it is a great option for regular encrypted communications with friends, business partners, and others who want protection from routine snooping and hacking. You will, however, need to be patient about getting additional features thanks to Proton Mail’s extended beta test cycles.
While Proton Mail will suit many users, those who want maximum security with full encryption of subject lines and strong data security (or simply faster delivery of new features), Tutanota might be a better fit.
Is Proton Mail the best secure email service for you?
I can’t tell you that since everyone’s needs are different. There are many factors to consider when selecting a secure email provider and the choice all comes down to your own preferences. You can learn more about Proton Mail and get a great deal with the coupon below:
Alternatives to Proton Mail
We have numerous email solutions that offer a higher level of privacy and security. You can also check out our full lineup of recommended secure email providers.
We also have a roundup guide on temporary disposable email services if you need a quick email for registration.
And here is a list of other email services we have reviewed:
This Proton Mail review was last updated on August 7, 2023.