10 Best Private and Secure Email Services for 2023

Are your emails and attachments safe from prying eyes?

Unless you are using a secure email service that respects your privacy, the answer is probably no. Most large email providers, such as Gmail and Yahoo, do not respect the privacy of your inbox. For example:

• Google is adding ever more advertisements into your Gmail Promotions section. We’re also seeing reports that some people are finding ads interspersed between messages within their Gmail Inbox.
• Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
• Advertisers have been allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
• Yahoo has been caught scanning emails in real time for US surveillance agencies.

While Gmail does allow users to opt out of some invasive features, the basic business model of these services revolves around data collection.

Big-name email services put lots of money into security, but they are also large targets and not invulnerable. A while back, the big news was the ease with which hackers were able to compromise thousands of Microsoft Exchange email servers. You might well be safer using a smaller, less well-known email service.

Another concern is where your email service is located and how this may affect your data and privacy. Some jurisdictions have laws to protect data privacy (Switzerland), while others have laws in place that erode it (the US and Australia). We’ll cover this in more detail below.

On a positive note, there is a relatively simple solution for keeping your inbox more secure: switch to a secure email provider that respects your privacy.

What is the best secure email service in 2023?

With so many different types of users, there is no single “best secure email” service that will be the top choice for everyone.

While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.

Here are just a few factors to consider when switching to a secure email provider:

• Jurisdiction – Where is the service located and how does this affect user privacy? Where is your data physically stored?
• PGP support – Some secure email providers support PGP, while others do not use PGP due to its vulnerabilities and weaknesses.
• Import feature – Can you import your existing emails and contacts?
• Email apps – Due to encryption, many secure email services cannot be used with third-party email clients, but some also offer dedicated apps.
• Encryption – Are the emails end-to-end encrypted in transit? Are emails and attachments encrypted at rest?
• Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and support for DAV services.
• Security – What are the provider’s safety standards and policies?
• Privacy – In which ways does the email service protect your privacy? What data is being collected, for how long, and why?
• Threat model – How much privacy and security do you need and which service best fits those needs?

The goal of this guide is to help you find the best secure email solution for your unique needs.

This list is not in rank order, so choose the best secure email service for you based on your own unique needs!

Here are the most secure email providers in 2023 that will protect your privacy.

---

1. Proton Mail – Secure email in Switzerland

Proton Mail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a team of academics working at MIT and CERN in 2014. Shortly thereafter, it was promoted in American media as “the only email system the NSA can’t access” – which was around the time Lavabit was shut down for not cooperating with the US government.

Looking at the service itself, Proton Mail has a lot going for it. It uses PGP encryption standards for email and stores all messages and attachments encrypted at rest on Swiss servers. Proton Mail has a unique feature for “self-destructing messages”, address verification, and full PGP support. Recently, it introduced Tracking Links Protection feature which removes tracking pixels from email links.

Proton Mail Encryption

Regarding encryption, it’s important to note that Proton Mail does not encrypt the subject lines of emails or certain metadata. Unfortunately, these are the inherent limitations of the PGP standard. Most of the email services we discuss here use PGP, but I wouldn’t count on any of them to protect me from the NSA or their counterparts in other countries.

Additionally, the Proton Mail search function can only search subject lines within your inbox, not the actual content of your emails. This is another functional limitation that comes from integrating more encryption and security into the service.

Proton Mail does offer some great apps for mobile devices (Android and iOS). You can also use Proton Mail with third-party apps through the Proton Mail Bridge feature (restricted to paid users).

Overall Proton Mail is a well-regarded email provider and should be a great secure email option for most users. Switzerland remains a strong privacy jurisdiction that is not a member of any surveillance alliances.

Note: Proton Mail is now integrated into the Proton suite of services. The full suite includes Proton Mail, Proton Calendar, Proton Drive, and Proton VPN. You can learn more about these products in our full Proton Mail review.

See our Proton Mail review for more info.

---

2. StartMail – Private email hosted in The Netherlands

StartMail is a secure email service brought to you by the team behind Startpage, a popular private search engine. While there were news about System1 investing in Startpage, StartMail is its own unique entity under StartMail B.V. – a company operating under Dutch law in The Netherlands.

The Netherlands is a good jurisdiction for privacy and StartMail aims to keep as little data as possible to run their operations (see privacy policy). Unlike most secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.

StartMail allows users to utilize PGP encryption with emails also being encrypted at rest on their Dutch servers. The whole service is user friendly, and you can encrypt and sign your mail with just one click. Another cool feature is that you can create temporary, disposable email aliases “on the fly” to use with different services. IMAP and SMTP are also supported if you want to use StartMail with third-party apps such as Thunderbird.

In May of 2023, StartMail doubled the amount of storage for all their plans to 20GB without increasing the cost, thereby giving all their users a nice gift.

---

3. Mailfence – Fully-featured secure email in Belgium

Mailfence is a fully-featured secure email provider offering calendar, contacts, file storage, and PGP encryption. It is based in Belgium, which is a solid privacy jurisdiction with strict data protection laws.

For those wanting full PGP control and interoperability, without plugins or add-ons, Mailfence is a good choice. Whether you are a personal user or you need a secure email for your business or team, Mailfence likely has all the features and options you’d want.

While many secure email services sacrifice features and functionality for security, you can have it all with Mailfence. This makes Mailfence a great alternative to full email and productivity suites, such as G Suite or Office 365.

When I did an in-depth test for the Mailfence review, I found it to be very intuitive, sporting a slick interface with a tons of features. Its performance was smooth and I didn’t encounter any bugs. But, in case you experience any problems, you can always turn to their responsive email and phone support. Mailfence also allows cryptocurrency payment, which lets you remain fully anonymous.

Note: Due to financial requirements imposed by Google, Mailfence has dropped support for POP/IMAP connections to Gmail servers.

See our Mailfence review for more info.

---

4. Tutanota – Private and secure email in Germany

Tutanota is a Germany-based secure email service run by a small team of privacy enthusiasts, with no outside investors or owners. Although it is not as known as Proton Mail, Tutanota is a serious player among secure email providers. Its hybrid encryption system overcomes some of the drawbacks of PGP, and your privacy rights are protected by the GDPR and other pro-privacy EU regulations.

Note: Tutanota claims that their encryption can be updated/strengthened if necessary against quantum-computer attacks. Here’s the latest on quantum encryption from Tutanota.

Tutanota’s Encryption System

All messages in your inbox, contacts, and calendar are encrypted at rest on servers in Germany. For sending encrypted emails with Tutanota, you have two options:

1. When emailing another Tutanota user, all of your emails are automatically encrypted (asymmetric encryption).
2. When sending an email to someone with another email provider, the user receives a link to the message and a password key for encryption/decryption purposes (symmetric encryption).
   
   Tutanota establishes an external mailbox for that particular contact, where all the exchanged messages are securely encrypted. This proves to be quite useful, especially if you are using it for business.

While Tutanota uses high-end encryption and is arguably one of the most secure email providers anywhere, there are also some downsides. This includes no support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tutanota inbox.

To make up for the lack of IMAP support, Tutanota has built open source desktop clients for Windows, Linux, and macOS. They also have offline mode, so you can open your emails, calendars, and contacts even when not having access to the web.

All in all, Tutanota is a transparent, high-security email provider that just may take your privacy to a whole other level.

Website: https://Tutanota.com

See our Tutanota review for more info.

---

5. Mailbox.org – Affordable private German email service

Mailbox.org is a german secure email service that you should definitely consider. It provides robust security for your email, but it also functions as an all-inclusive productivity suite, similar to Microsoft 365 (formerly known as Office 365). It offers a huge lineup of features, including Mail, Calendar, Address Book, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. Impressively, Mailbox.org still has a user-friendly interface and sharp design.

When choosing a secure email provider, you often have to pick between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, it offers full PGP support and can easily encrypt all your data at rest on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party email clients.

Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month. You can pick up a free 30-day trial if you want to test-drive this privacy-focused email provider.

Note: Mailbox.org does receive requests for information from “public authorities.” In 2022, they received 55 requests for information, and ultimately rejected about 13% of them. They responded to the rest of them as required by law.

Website: https://Mailbox.org/

Check out our Mailbox.org review for more details.

---

6. Posteo – Privacy-focused email in Germany

Posteo is yet another German email service. It provides strong privacy and security to its users, and in many ways is similar to Mailbox.org. Both are comprehensive email providers that employ PGP encryption. They even charge similar prices. However, Posteo distinguishes itself in a few significant aspects:

• It does not support custom domains.
• There is no designated spam folder (emails are either sent to the inbox or not accepted).
• There are no trial or free versions, which is somewhat offset by its reasonable pricing.

Posteo really makes an effort to protect the privacy of its users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.

Posteo also supports anonymous registration and anonymous payments – even allowing you to send cash in the mail for no digital trail. This is a trend we’ve seen with VPN services as well. And if you pay with a credit card, PayPal, or some other digital method, they manually separate account details from payment info.

In short, Posteo is an affordable, customizable, and secure service that’s a good option for users on a budget.

Website: https://Posteo.de/

See the Posteo review for more info.

---

7. Runbox – Private and sustainable email in Norway

Runbox is a Norwegian company that has been in the email business for over 20 years. Norway is a good secure-email jurisdiction, with a strong legal framework for privacy. All Runbox servers are located in secure data centers, running on clean, renewable, hydropower energy.

One unique feature of Runbox is that it gives you 100 aliases to use with your account. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, POP, and IMAP protocols and can be used with third-party email clients. They released Runbox 7 (still in beta) over a year ago, and are improving it all the time, with a massive number of updates taking place so far this year. So far, this is only a webmail service, so you won’t find any mobile or desktop clients.

Unlike some other secure email services, Runbox doesn’t have a built-in option for encrypting your entire mailbox. And while you can use PGP with Runbox, it is not yet fully integrated into the platform. Another drawback is that Runbox does not offer a built-in calendar, but this feature may be included when Version 7 gets released.

Runbox offers a 30-day free trial and makes importing your existing emails simple with the guides on their site. They also go the extra mile by giving you a 60-day money-back guarantee, so you can really get a sense of whether this service suits you before getting locked into a subscription.

Website: https://Runbox.com

Check out our Runbox review here.

---

8. CounterMail – Private and secure Swedish email service

Next up on our list is CounterMail, a secure email provider based in Sweden. CounterMail has been operating for over 15 years with a goal to “offer the most secure online email service on the Internet, with excellent free support.”

Note: Before we go any further, you should know that registering for CounterMail currently requires an invitation from a premium CounterMail user. If you don’t know someone who already uses this service, you are not welcome right now.

CounterMail uses OpenPGP encryption with 4,096-bit encryption keys. They protect their users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL. Unfortunately, they do not have their own mobile or desktop apps.

In order to ensure your privacy, they keep no logs and they store your mail on diskless servers. Countermail anonymizes email headers and also strips the sender’s IP address. All emails and attachments are stored encrypted at rest using OpenPGP on servers in Sweden. Although the base storage is relatively small (4GB), you can permanently upgrade this via one-time payment.

While CounterMail is a bit more expensive than some other secure email providers, they explain this price difference comes from using only high-quality servers and implementing strong security measures. It may not have all the frills, but CounterMail is a serious security-focused email provider with a 15+ year track record.

https://CounterMail.com

---

9. Kolab Now – Fully-featured Swiss email

Based in Switzerland, Kolab Now is a private email service offering lots of features and full email suite functionality. A Kolab Now subscription includes email, contacts, calendars, scheduling, collaboration/sharing tools, and cloud file storage. Right now they are also running a public beta of their voice and video conferencing system. All of these features make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.

The service does have a stylish and intuitive interface that makes it easy to organize yourself. There’s also a strong cross-platform support, so you can use Kolab Now on your computers, tablets, and smartphones. It can work in tandem with other email services, like Apple mail, Outlook, and Thunderbird.

While Kolab Now does offer numerous features and support for all major operating systems and devices, it does not provide the highest levels of security. End-to-end encryption for emails is available via Perfect Forward Secrecy and they are stored encrypted at rest.

The price is also on the higher end, especially if you want access to all features and unlock more storage. However, for those wanting a feature-rich email suite hosted in Switzerland, Kolab Now may be a good fit.

Website: https://KolabNow.com

---

10. Soverin – Basic private email in the Netherlands

Soverin is a basic secure email service at a reasonable price. Plans come with 25 GB of storage and custom domains are supported. All data is stored on servers in Germany. Soverin strips IP addresses from headers while also using strong encryption standards, although email is not stored encrypted at rest by default.

Soverin can be used with third-party email clients and importing old emails is relatively simple. Unfortunately, it doesn’t offer additional features like calendar or notes. For those wanting a basic private email service with lots of storage that is protected by European privacy laws, Soverin may be a good choice.

Website: https://Soverin.net

---

Worth mentioning: Skiff Mail – New secure email service based in the US

Skiff Mail is a young email service based in San Francisco, California. It provides PKI end-to-end-encryption that doesn’t rely on using public/private keys or passphrases for access. If anything, this makes it more convenient for casual users to protect their data.

Skiff Mail offers plenty of space to store files and messages (15GB+). Speaking of which, you can easily import old messages via .EML file for convenient data migration. You will get aliases at your disposal, along with option to create custom/Skiff domains.

By the way, Skiff Mail is just one component in Skiff’s suite of tools. It also offers Drive (file storage), Calendar, and Pages (doc editor). So, it is equally suitable for private and business users.

With prices starting at $3/month, Skiff Mail is an affordable secure email alternative. There’s also a free version, so you can thoroughly test it before deciding to subscribe. However, I’d still be a bit reserved, considering this is a US-based service.

Website: https://skiff.com/mail

---

Email jurisdiction and data privacy

Did you know that the jurisdiction in which your email service is located can seriously impact the security of your data? Depending on your threat model, this could be a major consideration. For an in-depth overview of jurisdiction and privacy, you may want to read our article on the Five/9/14 Eyes surveillance alliances.

Here are some reasons why you should pay attention to jurisdiction.

Surveilance in the United States (leading member of the Five Eyes)

Tech companies in the US can be forced to give government agencies direct access to their servers for “extensive, in-depth surveillance on live communications and stored information” – as explained in the PRISM surveillance program. Data requests can also be accompanied by gag orders, which forbid the company from disclosing what’s going on (see also National Security Letters).

Several instances have been reported where American email service providers were compelled to surrender information. In a notable case, Lavabit chose to shut down the business instead of disclosing user data. Riseup, another email service provider in the US, was forced to hand over data to law enforcement agencies.

After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).

There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].

State of privacy in Europe

Politicians in Europe are frequently trying to find an excuse to limit or ban the use of encryption by their people. This time, the argument is that encryption must be banned to fight child abuse. Once again it is up to email services like Tutanota and Mailfence to protect the privacy rights of their users. In April, a group of tech companies sent an open letter to the European Parliament arguing against the mass surveillance that the elimination of encryption would be meant to enable.

How this will turn out is unclear, but the possibility of the EU banning encryption casts doubts on the viability of any secure email service based in the EU.

We’ll let you know what happens with this.

All email providers must comply with the law

While these examples may seem alarming, the truth is that all email providers must comply with legal requirements in the country they are operating in. For example, Proton Mail, a Switzerland email provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency report.

Note: If you are concerned about your email service logging your IP address, then simply use a good VPN service.

All in all, some jurisdictions are much better than others, so choose wisely. As a general rule, I’d still avoid email services in the US, and other Five Eyes jurisdictions.

Want secure email? Pay for it.

The unlimited “free” email business model is fundamentally flawed. It offers a free service, which is used to collect data and thereby monetize the user and make money on ads. With these privacy-abusing “free” services, you are actually paying for the product with your data.

In contrast, here we recommend privacy-friendly, secure, ad-free email services. While some of these email services offer limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium business model).

Fortunately, you can “vote with your dollars” by supporting these privacy-respecting businesses and upgrade to paid accounts. This will help email providers to grow, improve, and serve more people with an ethical business model that does not rely on exploiting their users’ data.

Secure email shortcomings and PGP flaws

Most secure email services mentioned in this guide use PGP for end-to-end encryption. PGP, which stands for Pretty Good Privacy was invented back in 1991 by Phil Zimmermann.

PGP Flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently. And lets not forget about EFAIL vulnerabilities.

While the news did attract lots of attention, the “flaws” were mainly tied to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.

Limited Use – Another fundamental problem with adopting secure email is that few people are willing to go through the hassle of PGP key management, encryption, decryption, etc. However, there are some solutions to this, and by some measures encrypted email usage continues to grow.

Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses built-in AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They also provide a secure, two-way communication contact form called Secure Connect.

Vulnerabilities – Even when using a secure browser, there are still weak points to consider with using browser-based email clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:

“The browser is not a terribly safe place to run code. Browsers have a large attack surface,” he said. Wherever encryption and decryption take place, though, it’s a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes it vulnerable.

“Email has an enormous attack surface,” Zimmermann said. “You’ve not only got cryptographic issues but you’ve got things like spam and phishing and loading images from a server somewhere that might have things embedded inside.”

On a positive note, there are many options for securing your browser – see the secure browser and Firefox privacy guides. Furthermore, most secure email providers offer protection against these attack vectors by blocking email images by default and utilizing virus filters.

However, you should keep in mind that desktop email clients can also be problematic. They can potentially reveal unique information about your operating system, your IP address, and location.

Regardless of these limitations, using a secure email provider will help you keep large tech companies from extracting your email data for third parties.

Secure email vs secure messaging apps

Depending on your threat model, you may also want to consider using secure messaging apps, which do not have all of the vulnerabilities discussed above.

We have tested many different services and compiled a list of our favorites. Here are a few reviews of some of the best apps we’ve tested:

• Signal review
• Wire review
• Wickr review
• Threema review
• Keybase review
• Session review
• Telegram review

Encrypted messaging apps generally offer a higher level of security than email services. Plus, they are much easier to use than PGP email encryption.

Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more information, check out our roundup guide on the best secure messaging apps.

Use a premium VPN with email

One fundamental problem with email is that it can expose your IP address and location to third parties, by design.

While some secure email services strip IP addresses and conceal metadata, many others do not. And as we saw with the Proton Mail logging case, email services may be forced to log user IP addresses by valid court orders, without disclosing any information to the user. We’ve seen this with email providers in the US, Germany, and even Switzerland.

Finally, there’s also the fact that many email services keep logs for security. This may include user IP addresses, connection times, and other metadata. Of course, whenever you have logs, there’s a risk that this data could end up with third parties, for various reasons.

To effectively conceal your IP address and location, you will need to use a good VPN (Virtual Private Network). Popular VPN services, such as ExpressVPN and NordVPN, offer VPN clients (apps) for all major operating systems and devices.

A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. This will improve your privacy and security, all the while you carry on with business as usual. Larger providers, such as NordVPN and Surfshark, have huge server networks all around the world, so you can use them everywhere.

Because a VPN offers significant privacy and security benefits, it’s a smart idea to use one whenever you’re online. Internet providers in many countries are recording user browsing history by logging DNS requests. Depending on local laws, this information could then be sold to advertisers or handed to government agencies in countries with mandatory data retention laws. With a VPN, your DNS requests are encrypted and handled by the VPN server and unreadable to your ISP or other parties.

At the time of publication, our top VPN recommendations right now are NordVPN, followed by Surfshark and ExpressVPN. For the latest VPN rankings and tips, see our guide on the best VPN services.

Conclusion on secure and private email services in 2023

Regardless of your circumstances, switching to a secure and private email service is a will improve your privacy. Major email providers like Gmail, Yahoo, and Microsoft don’t always prioritize user privacy, so you have to look after it yourself. Paying for one of these secure email services means you won’t be paying with your privacy by using “freebies”.

Once you switch to one of these email services your private communications will be much more secure. Then, all you need to do is avoid non-technical attacks, like classic email scams that never seem to go away.

See the main privacy tools guide for other privacy and security essentials.

We also have a guide on encrypting email.

If you want more info on these secure email providers, you could check out our in-depth reviews below:

• Proton Mail Review
• Tutanota Review
• Mailfence Review
• Mailbox.org Review
• Hushmail Review
• Posteo Review
• Fastmail Review
• Runbox Review
• StartMail Review

Have you used one of these secure email providers? Feel free to leave your feedback/review of the service below.

This secure email guide was last updated on September 26, 2023.