Are your emails and attachments safe from prying eyes?
Unless you are using a secure email service that respects your privacy, the answer is probably no. Most large email providers, such as Gmail and Yahoo, do not respect the privacy of your inbox. For example:
- Google is adding ever more advertisements into your Gmail Promotions section. We’re also seeing reports that some people are finding ads interspersed between messages within their Gmail Inbox.
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
- Advertisers have been allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo has been caught scanning emails in real time for US surveillance agencies.
In today’s digital age, securing your communications has become increasingly important as data breaches and privacy concerns are on the rise. With the average person spending more than five hours managing their work and personal emails daily, it’s essential to opt for the most secure email provider that prioritizes encryption and privacy. In this article, we present the top 10 secure email providers for 2024, along with essential factors to consider when choosing the best one for your needs.
Big-name email services put lots of money into security, but they are also large targets and not invulnerable. A while back, the big news was the ease with which hackers were able to compromise thousands of Microsoft Exchange email servers. You might well be safer using a smaller, less well-known email service.
On a positive note, there is a relatively simple solution for keeping your inbox more secure: switch to a secure email provider that respects your privacy.
Privacy Tip: When using email, be sure to also use a good VPN to hide your IP address and secure your internet traffic. We use and recommend NordVPN, one of the top services that has passed independent privacy and security audits. Get 74% off NordVPN here >
What is the best secure email service in 2024?
With so many different types of users, there is no single “best secure email” service that will be the top choice for everyone. While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.
With that being said, here are our top recommendations:
- Proton Mail – Best all-around secure email service based in Switzerland [33% off coupon]
- StartMail – Private email hosted in The Netherlands with unlimited aliases [50% off coupon]
- Mailfence – Secure email for professionals and teams
- Tuta Mail – Secure Email for Any Device
- Mailbox.org – Affordable private German email service
- Posteo – Reliable anonymous email service
- Runbox – Private email in Norway
- CounterMail – Swedish email with strong security features
- Kolab Now: Swiss email, compliant with GDPR, HIPAA, and PCI
- Soverin – Basic private email service
We also have a guide on encrypted email services here.
Factors to consider when choosing the best secure email service for your needs
Here are just a few factors to consider when switching to a secure email provider:
- Jurisdiction – Where is the service located and how does this affect user privacy? Where is your data physically stored?
- PGP support – Some secure email providers support PGP, while others do not use PGP due to its vulnerabilities and weaknesses.
- Import feature – Can you import your existing emails and contacts?
- Email apps – Due to encryption, many secure email services cannot be used with third-party email clients, but some also offer dedicated apps.
- Encryption – Are the emails end-to-end encrypted in transit? Are emails and attachments encrypted at rest?
- Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and support for DAV services.
- Security – What are the provider’s safety standards and policies?
- Privacy – In which ways does the email service protect your privacy? What data is being collected, for how long, and why?
- Threat model – How much privacy and security do you need and which service best fits those needs?
The goal of this guide is to help you find the best secure email solution for your unique needs.
Here are the most secure email providers in 2024 that will protect your privacy.
1. Proton Mail – Best all-around secure email service
| Based in | Switzerland |
| Storage | 15-500 GB |
| Price | $3.49/mo. |
| Free Tier | Up to 1 GB |
| Website | Proton.me |
Proton Mail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a team of academics working at MIT and CERN in 2014. Shortly thereafter, it was promoted in media as “the only email system the NSA can’t access” – which was around the time Lavabit was shut down for not cooperating with the US government.
Looking at the service itself, Proton Mail has a lot going for it. It uses PGP encryption standards for email and stores all messages and attachments encrypted at rest on Swiss servers. Proton Mail has a unique feature for “self-destructing messages”, address verification, and full PGP support. Recently, it introduced Tracking Links Protection feature which removes tracking pixels from email links.
It also offers end-to-end and zero-access encryption for messages, which means that even the service providers themselves cannot access your content. This is a crucial feature for anyone who values their privacy and wants to ensure their communications remain confidential.
Proton Mail also has some additional tools that you may expect from a paid service.
- Proton Mail Bridge – allows Proton Mail to connect to other email services.
- Proton Calendar – easily manage your meetings and personal appointments.
- Proton Drive – store and share your important files via secure links.
- Proton VPN – a solid VPN is available by subscribing to Proton Unlimited plan. If you are intrigued, you may want to take a look at our ProtonVPN review.
- iOS and Android apps
See all Proton Mail features here >>
Proton Mail Encryption
Regarding encryption, it’s important to note that Proton Mail does not encrypt the subject lines of emails or certain metadata. Unfortunately, these are the inherent limitations of the PGP standard. Most of the email services we discuss here use PGP, but I wouldn’t count on any of them to protect me from the NSA or their counterparts in other countries.
Additionally, the Proton Mail search function can only search subject lines within your inbox, not the actual content of your emails. This is another functional limitation that comes from integrating more encryption and security into the service.
Proton Mail does offer some great apps for mobile devices (Android and iOS). You can also use Proton Mail with third-party apps through the Proton Mail Bridge feature (restricted to paid users).
Overall Proton Mail is a well-regarded email provider and should be a great secure email option for most users. Switzerland remains a strong privacy jurisdiction that is not a member of any surveillance alliances.
Note: Proton Mail is now integrated into the Proton suite of services. The full suite includes Proton Mail, Proton Calendar, Proton Drive, and Proton VPN. You can learn more about these products in our full Proton Mail review.
+ Pros
- End-to-end (E2E) and zero-access encryption for Email, Calendar, and Contact information
- Operates under Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, Android and iOS code are all open source
- Support for custom domains
- Strips IP address from emails
- Can be used with third-party email clients through the Proton Mail Bridge feature
- Can import contacts and emails
– Cons
- Subject lines not encrypted
- May require personal information for verification of new accounts
Proton Mail Black Friday Deal is live:
Get 60% Off Proton Mail with two-year plans using the coupon below:
(Coupon is applied automatically; 30-day money-back guarantee)
See our Proton Mail review for more info.
2. StartMail – Private email hosted in The Netherlands with unlimited aliases
| Based in | The Netherlands |
| Storage | 10-20 GB |
| Price | $3.00/mo. |
| Free Tier | 7 day trial |
| Website | StartMail.com |
StartMail is a rising star in the secure email world. As an established email service founded in 2013, we can be confident that StartMail will be around for the long haul. Based in the Netherlands, StartMail’s servers are well-protected, and the service supports two-factor authentication for additional security.
One of the best features that StartMail offers is unlimited aliases here. This feature allows you to manage multiple email identities under a single account. You can easily create as many email aliases as you like, giving you maximum privacy over your main email address when signing up for services. You can also create time limits for your aliases, ranging from one-time use to forever.
This secure email provider is particularly suited for individuals and businesses that rely heavily on desktop computers for their daily operations. With its state-of-the-art PGP end-to-end encryption, StartMail ensures that your emails are secure from the moment you hit send until they reach the recipient. This level of encryption is particularly important in today’s digital age, where data breaches and cyberattacks are increasingly common.
StartMail can be easily used with other email clients like ThunderBird or mobile clients on iOS and Android. And unlike some other providers, such as Proton Mail, StartMail does not offer dedicated apps. You can use the webmail version or any email client with StartMail.
The Netherlands is a good jurisdiction for privacy and StartMail aims to keep as little data as possible to run their operations. Unlike most other secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.
StartMail allows users to utilize PGP encryption with emails also being encrypted at rest on their Dutch servers. The whole service is user friendly, and you can encrypt and sign your mail with just one click.
StartMail’s strong encryption features and unlimited email aliases make it a great option for those who primarily use desktop devices for their email communications. If you’re looking for a secure email provider that offers robust encryption and the convenience of managing multiple email identities, StartMail could be the perfect fit for you.
+ Pros
- Create unlimited email aliases
- PGP end-to-end encryption
- Easy contacts and email migration
- Organize your inbox with filters
- Minimalistic design
- No ads. No tracking. No spam.
- Flexible spam filter
- Anonymous cryptocurrency payments
- Use custom domain
- Compliant with GDPR
- 7 day free trial
– Cons
- No free version
- Lacks calendar, notes, and file storage
StartMail Exclusive Coupon:
Get 50% off ANY subscription plan with the coupon below along with a 7 day free trial:
(Coupon is applied automatically.)
See our StartMail review for more info.
3. Mailfence – Secure email for professionals and teams
| Based in | Belgium |
| Storage | 11 – 225 GB |
| Price | €2.50/mo. |
| Free Tier | Up to 1 GB |
| Website | Mailfence.com |
Mailfence is a fully-featured secure email provider offering calendar, contacts, file storage, and PGP encryption. It is based in Belgium, which is a solid privacy jurisdiction with strict data protection laws.
The core of Mailfence’s security is its powerful end-to-end encryption and digital signatures using OpenPGP. OpenPGP, or Open Pretty Good Privacy, is a non-proprietary protocol for encrypting email using public key cryptography. It is based on the original PGP (Pretty Good Privacy) software. This means that only you and the person you’re communicating with can read what is sent, and nobody else, not even Mailfence, can access your content. This is a crucial feature for anyone who values their privacy and wants to ensure their communications remain confidential.
Furthermore, Mailfence is based in Belgium, a country known for its strong data protection laws. The Belgian Data Protection Authority (DPA) is one of the most stringent in the European Union, which is known for its robust data protection framework. This geographical advantage provides an additional layer of security to Mailfence users. It’s like having a virtual safe for your emails, providing you with the peace of mind that your data is safe and secure.
While many secure email services sacrifice features and functionality for security, you can have it all with Mailfence. This makes Mailfence a great alternative to full email and productivity suites, such as G Suite or Office 365.
Mailfence supports all standard protocols like POP, IMAP, SMTP, WebDav. It also integrates a calendar, document storage, workspaces, and a chat which enable real time sharing of data and group collaboration, making it an ideal choice for professionals and teams.
While Mailfence does log IP addresses and some other data, it provides a user-friendly interface and accepts cryptocurrency payments for added privacy. The logging of IP addresses and some other data is part of Mailfence’s commitment to transparency. However, this information is only kept for a short period and is primarily used to maintain the quality and safety of the service.
The user-friendly interface of Mailfence ensures that even users who are not tech-savvy can navigate the platform with ease. The interface is clean, intuitive, and easy to use, making it easy to send, receive, and organize your emails. Moreover, Mailfence accepts cryptocurrency payments, which can provide an additional layer of privacy for users.
In order to further enhance the user experience, Mailfence has recently launched mobile apps for both iOS and Android platforms. This comes in addition to the Progressive Web App that was already available.
When I did an in-depth test for the Mailfence review, I found it to be very intuitive, sporting a slick interface with a tons of features. Its performance was smooth and I didn’t encounter any bugs. But, in case you experience any problems, you can always turn to their responsive email and phone support.
Note: Due to financial requirements imposed by Google, Mailfence has dropped support for POP/IMAP connections to Gmail servers.
+ Pros
- Offers end-to-end encryption and digital signatures
- Mobile app for iOS and Android
- Data is stored on Belgian servers
- Offers OpenPGP encryption
- Messages, Documents, Calendar, Contacts, and Groups
- Custom domains (paid plans)
- Password manager and 2FA
- SMTP, POP, and IMAP support
- Can synchronize with other email clients
- Supports password-protected messages with expiration time
- Removes IP addresses from mail headers
- OpenPGP user keystore
- Cryptocurrency payment options
– Cons
- Logging of IP address and some other data
- Code is not open source
See our Mailfence review for more info.
4. Tuta Email – Private and secure email in Germany
| Based in | Germany |
| Storage | 1 – 1,000 GB |
| Price | €3.00/mo. |
| Free Tier | Up to 1 GB |
| Website | Tuta.com |
Tuta (formerly Tutanota) is a Germany-based secure email service run by a small team of privacy enthusiasts, with no outside investors or owners. Although it is not as well known as Proton Mail, Tuta is a serious player in the secure email space. Its hybrid encryption system overcomes some of the drawbacks of PGP, and your privacy rights are protected by the GDPR and other pro-privacy EU regulations.
Note: Tuta claims that their encryption can be updated and strengthened if necessary against quantum-computer attacks.
Tuta’s Encryption System
All messages in your inbox, contacts, and calendar are encrypted at rest on servers in Germany. For sending encrypted emails with Tuta, you have two options:
- When emailing another Tuta user, all of your emails are automatically encrypted (asymmetric encryption).
- When sending an email to someone with another email provider, the user receives a link to the message and a password key for encryption/decryption purposes (symmetric encryption).
Tuta establishes an external mailbox for that particular contact, where all the exchanged messages are securely encrypted. This proves to be quite useful, especially if you are using it for business.
While Tuta uses high-end encryption and is arguably one of the most secure email providers anywhere, there are also some downsides. This includes no support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tuta inbox.
To make up for the lack of IMAP support, Tuta has built open source desktop clients for Windows, Linux, and macOS. They also have offline mode, so you can open your emails, calendars, and contacts even when not having access to the web.
All in all, Tuta is a transparent, high-security email provider that just may take your privacy to a whole other level.
+ Pros
- Encrypted messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
- Can search body of encrypted messages
- Can send encrypted messages to non-users
- Strips IP address from emails
- Desktop, mobile, and web apps
- Open source code (including mobile apps)
- Encrypted calendar with iCard support
- Encrypted contacts
- Inbox rules with Spam filter
- Multiple email addresses (aliases)
- Support for custom domains
– Cons
- Does not work with PGP
- Currently no way to import existing emails
- Will not work with 3rd-party email clients
Website: https://Tuta.com
See our Tuta review for more info.
5. Mailbox.org – Affordable private German email service
| Based in | Germany |
| Storage | 2 – 100 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Mailbox.org |
Mailbox.org is a german secure email service that you should definitely consider. It provides robust security for your email, but it also functions as an all-inclusive productivity suite, similar to Microsoft 365 (formerly known as Office 365). It offers a huge lineup of features, including Mail, Calendar, Address Book, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. Impressively, Mailbox.org still has a user-friendly interface and sharp design.
When choosing a secure email provider, you often have to pick between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, it offers full PGP support and can easily encrypt all your data at rest on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party email clients.
Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month. You can pick up a free 30-day trial if you want to test-drive this privacy-focused email provider.
Note: Mailbox.org does receive requests for information from “public authorities.” In 2022, they received 55 requests for information, and ultimately rejected about 13% of them. They responded to the rest of them as required by law.
+ Pros
- PGP support (server-side or E2E through Mailvelope app)
- Company and servers located in Germany with strong privacy protections
- HSTS and PFS for messages in transit
- Protected against man-in-the-middle attacks
- Message and spam filters
- Virus protection
- Full text search
- POP, IMAP, SMTP, ActiveSync support
- vCard, CardDAV, CalDav support
- Messages are encrypted at rest
- Supports custom domains
- Mobile apps for some of the Office features
- Open source
– Cons
- No mobile email clients (but can be used with third-party email clients)
- Some tracking during registration
- PGP encryption leaves message subject and metadata exposed
Website: https://Mailbox.org/
Check out our Mailbox.org review for more details.
6. Posteo – Privacy-focused email in Germany
| Based in | Germany |
| Storage | 2 – 20 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Posteo.de |
Posteo is yet another German email service. It provides strong privacy and security to its users, and in many ways is similar to Mailbox.org. Both are comprehensive email providers that employ PGP encryption. They even charge similar prices. However, Posteo distinguishes itself in a few significant aspects:
- It does not support custom domains.
- There is no designated spam folder (emails are either sent to the inbox or not accepted).
- There are no trial or free versions, which is somewhat offset by its reasonable pricing.
Posteo really makes an effort to protect the privacy of its users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.
Posteo also supports anonymous registration and anonymous payments – even allowing you to send cash in the mail for no digital trail. This is a trend we’ve seen with VPN services as well. And if you pay with a credit card, PayPal, or some other digital method, they manually separate account details from payment info.
In short, Posteo is an affordable, customizable, and secure service that’s a good option for users on a budget.
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
- Configurable spam filter
- Migration service for moving from another email service to Posteo
- Subject, headers, body, metadata, and attachments are encrypted
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong commitment to privacy, sustainable energy, and other social initiatives
- Self-financed; good track record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (cash) payments
- Supports SMTP, POP, and IMAP protocols
– Cons
- Custom domains not supported; no “.com” options available
- No spam folder (spam emails are either rejected or delivered to regular inbox)
- No trial or free version
- Cryptocurrency payments not supported
Website: https://Posteo.de/
See the Posteo review for more info.
7. Runbox – Private and sustainable email in Norway
| Based in | Norway |
| Storage | 2 – 50 GB |
| Price | $1.66/mo. |
| Free Tier | 30 day trial |
| Website | Runbox.com |
Runbox is a Norwegian company that has been in the email business for over 20 years. Norway is a good secure-email jurisdiction, with a strong legal framework for privacy. All Runbox servers are located in secure data centers, running on clean, renewable, hydropower energy.
One unique feature of Runbox is that it gives you 100 aliases to use with your account. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, POP, and IMAP protocols and can be used with third-party email clients. They released Runbox 7 (still in beta) over a year ago, and are improving it all the time, with a massive number of updates taking place so far this year. So far, this is only a webmail service, so you won’t find any mobile or desktop clients.
Unlike some other secure email services, Runbox doesn’t have a built-in option for encrypting your entire mailbox. And while you can use PGP with Runbox, it is not yet fully integrated into the platform. Another drawback is that Runbox does not offer a built-in calendar, but this feature may be included when Version 7 gets released.
Runbox offers a 30-day free trial and makes importing your existing emails simple with the guides on their site. They also go the extra mile by giving you a 60-day money-back guarantee, so you can really get a sense of whether this service suits you before getting locked into a subscription.
+ Pros
- IP addresses stripped from messages
- Includes Webmail, Contacts, and Files
- Servers run on renewable energy
- Supports SMTP, POP, and IMAP protocols
- Synchronizes with other email clients
- GDPR compliant
- Norway has strong data protection laws
- 100 email aliases per mailbox
- Custom domain names on some paid accounts
- Numerous payment methods accepted (including cash and cryptocurrencies)
– Cons
- Browser-based; no desktop or mobile apps
- Not open source
- Data not encrypted within the Runbox system or at rest
- No business-specific features
Website: https://Runbox.com
Check out our Runbox review here.
8. CounterMail – Private and secure Swedish email service
| Based in | Sweden |
| Storage | 4 GB+ |
| Price | $4.83/mo. |
| Free Tier | 7 day free trial |
| Website | CounterMail.com |
Next up on our list is CounterMail, a secure email provider based in Sweden. CounterMail has been operating for over 15 years with a goal to “offer the most secure online email service on the Internet, with excellent free support.”
Note: Before we go any further, you should know that registering for CounterMail currently requires an invitation from a premium CounterMail user. If you don’t know someone who already uses this service, you are not welcome right now.
CounterMail uses OpenPGP encryption with 4,096-bit encryption keys. They protect their users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL. Unfortunately, they do not have their own mobile or desktop apps.
In order to ensure your privacy, they keep no logs and they store your mail on diskless servers. Countermail anonymizes email headers and also strips the sender’s IP address. All emails and attachments are stored encrypted at rest using OpenPGP on servers in Sweden. Although the base storage is relatively small (4GB), you can permanently upgrade this via one-time payment.
While CounterMail is a bit more expensive than some other secure email providers, they explain this price difference comes from using only high-quality servers and implementing strong security measures. It may not have all the frills, but CounterMail is a serious security-focused email provider with a 15+ year track record.
+ Pros
- Supports cryptocurrency payments
- Secure, built-in password manager
- All emails and attachments stored encrypted on no-logs, secure servers in Sweden
- Custom domain support
- Message filter and autoresponder features
- Uses RSA, AES-CBC, and SSL encryption to protect against leaks and MITM attacks
– Cons
- Design and UI feels outdated
- More expensive than other secure email options
- Now requires an invite to register
https://CounterMail.com
9. Kolab Now – Fully-featured Swiss email
| Based in | Switzerland |
| Storage | 5 GB+ |
| Price | $5.47/mo. |
| Free Tier | 30 day trial |
| Website | KolabNow.com |
Based in Switzerland, Kolab Now is a private email service offering lots of features and full email suite functionality. A Kolab Now subscription includes email, contacts, calendars, scheduling, collaboration/sharing tools, and cloud file storage. Right now they are also running a public beta of their voice and video conferencing system. All of these features make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.
The service does have a stylish and intuitive interface that makes it easy to organize yourself. There’s also a strong cross-platform support, so you can use Kolab Now on your computers, tablets, and smartphones. It can work in tandem with other email services, like Apple mail, Outlook, and Thunderbird.
While Kolab Now does offer numerous features and support for all major operating systems and devices, it does not provide the highest levels of security. End-to-end encryption for emails is available via Perfect Forward Secrecy and they are stored encrypted at rest.
The price is also on the higher end, especially if you want access to all features and unlock more storage. However, for those wanting a feature-rich email suite hosted in Switzerland, Kolab Now may be a good fit.
+ Pros
- Accepts cryptocurrency payments
- Full support for POP, SMTP, and IMAP
- Switzerland jurisdiction with strong privacy protection
- Full email suite with numerous features to replace Gmail, Office365, etc.
- Support for custom domains, teams, and business users
- End-to-end (E2E) encryption is available, but not built in
– Cons
- Email not encrypted at rest (but stored in high-security Swiss data center)
- Expensive
Website: https://KolabNow.com
10. Soverin – Basic private email in the Netherlands
| Based in | The Netherlands |
| Storage | 25 GB |
| Price | €3.25/mo. |
| Free Tier | No |
| Website | Soverin.net |
Focusing on user privacy and data protection, Soverin offers a straightforward private email service. With end-to-end encryption and a user-friendly interface, Soverin is an excellent choice for users who want a simple and secure email service. As a user, you get to enjoy the peace of mind that comes with knowing your emails are shielded from prying eyes. Moreover, Soverin’s user interface is designed to be intuitive, making it easy for both tech-savvy users and those less familiar with digital technologies to navigate their email accounts with ease.
While Soverin may not offer numerous advanced features compared to some competitors, its focus on privacy and simplicity make it a top choice for users seeking a basic private email service. This means that while you might not get all the bells and whistles that come with some other email services, you get a no-nonsense, secure platform that prioritizes your privacy and makes email management a breeze. For those who value simplicity and security over a plethora of features, Soverin is a solid choice.
+ Pros
- 25 GB of data storage for all plans
- Data protected under Dutch privacy laws and GDPR
- Can be used with third-party email clients
– Cons
- No custom mobile apps
- Not open source
- No built-in encryption options
Website: https://Soverin.net
Email jurisdiction and data privacy
Did you know that the jurisdiction in which your email service is located can seriously impact the security of your data? Depending on your threat model, this could be a major consideration. For an in-depth overview of jurisdiction and privacy, you may want to read our article on the Five/9/14 Eyes surveillance alliances.
Here are some reasons why you should pay attention to jurisdiction.
Surveilance in the United States (leading member of the Five Eyes)
Tech companies in the US can be forced to give government agencies direct access to their servers for “extensive, in-depth surveillance on live communications and stored information” – as explained in the PRISM surveillance program. Data requests can also be accompanied by gag orders, which forbid the company from disclosing what’s going on (see also National Security Letters).
Several instances have been reported where American email service providers were compelled to surrender information. In a notable case, Lavabit chose to shut down the business instead of disclosing user data. Riseup, another email service provider in the US, was forced to hand over data to law enforcement agencies.
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
State of privacy in Europe
Politicians in Europe are frequently trying to find an excuse to limit or ban the use of encryption by their people. This time, the argument is that encryption must be banned to fight child abuse. Once again it is up to email services like Tutanota and Mailfence to protect the privacy rights of their users. In April, a group of tech companies sent an open letter to the European Parliament arguing against the mass surveillance that the elimination of encryption would be meant to enable.
How this will turn out is unclear, but the possibility of the EU banning encryption casts doubts on the viability of any secure email service based in the EU.
We’ll let you know what happens with this.
All email providers must comply with the law
While these examples may seem alarming, the truth is that all email providers must comply with legal requirements in the country they are operating in. For example, Proton Mail, a Switzerland email provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency report.
All in all, some jurisdictions are much better than others, so choose wisely. As a general rule, I’d still avoid email services in the US, and other Five Eyes jurisdictions.
Want secure email? Pay for it.
The unlimited “free” email business model is fundamentally flawed. It offers a free service, which is used to collect data and thereby monetize the user and make money on ads. With these privacy-abusing “free” services, you are actually paying for the product with your data.
In contrast, here we recommend privacy-friendly, secure, ad-free email services. While some of these email services offer limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium business model).
Fortunately, you can “vote with your dollars” by supporting these privacy-respecting businesses and upgrade to paid accounts. This will help email providers to grow, improve, and serve more people with an ethical business model that does not rely on exploiting their users’ data.
Secure email shortcomings and PGP flaws
Most secure email services mentioned in this guide use PGP for end-to-end encryption. PGP, which stands for Pretty Good Privacy was invented back in 1991 by Phil Zimmermann.
PGP Flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently. And lets not forget about EFAIL vulnerabilities.
While the news did attract lots of attention, the “flaws” were mainly tied to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.
Limited Use – Another fundamental problem with adopting secure email is that few people are willing to go through the hassle of PGP key management, encryption, decryption, etc. However, there are some solutions to this, and by some measures encrypted email usage continues to grow.
Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses built-in AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They also provide a secure, two-way communication contact form called Secure Connect.
Vulnerabilities – Even when using a secure browser, there are still weak points to consider with using browser-based email clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:
“The browser is not a terribly safe place to run code. Browsers have a large attack surface,” he said. Wherever encryption and decryption take place, though, it’s a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes it vulnerable.
“Email has an enormous attack surface,” Zimmermann said. “You’ve not only got cryptographic issues but you’ve got things like spam and phishing and loading images from a server somewhere that might have things embedded inside.”
On a positive note, there are many options for securing your browser – see the secure browser and Firefox privacy guides. Furthermore, most secure email providers offer protection against these attack vectors by blocking email images by default and utilizing virus filters.
However, you should keep in mind that desktop email clients can also be problematic. They can potentially reveal unique information about your operating system, your IP address, and location.
Regardless of these limitations, using a secure email provider will help you keep large tech companies from extracting your email data for third parties.
Secure email vs secure messaging apps
Depending on your threat model, you may also want to consider using secure messaging apps, which do not have all of the vulnerabilities discussed above.
We have tested many different services and compiled a list of our favorites. Here are a few reviews of some of the best apps we’ve tested:
Encrypted messaging apps generally offer a higher level of security than email services. Plus, they are much easier to use than PGP email encryption.
Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more information, check out our roundup guide on the best secure messaging apps.
Use a premium VPN with email
One fundamental problem with email is that it can expose your IP address and location to third parties, by design.
While some secure email services strip IP addresses and conceal metadata, many others do not. And as we saw with the Proton Mail logging case, email services may be forced to log user IP addresses by valid court orders, without disclosing any information to the user. We’ve seen this with email providers in the US, Germany, and even Switzerland.
Finally, there’s also the fact that many email services keep logs for security. This may include user IP addresses, connection times, and other metadata. Of course, whenever you have logs, there’s a risk that this data could end up with third parties, for various reasons.
To effectively conceal your IP address and location, you will need to use a good VPN (Virtual Private Network). Popular VPN services, such as ExpressVPN and NordVPN, offer VPN clients (apps) for all major operating systems and devices.
A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. This will improve your privacy and security, all the while you carry on with business as usual. Larger providers, such as NordVPN and Surfshark, have huge server networks all around the world, so you can use them everywhere.
Because a VPN offers significant privacy and security benefits, it’s a smart idea to use one whenever you’re online. Internet providers in many countries are recording user browsing history by logging DNS requests. Depending on local laws, this information could then be sold to advertisers or handed to government agencies in countries with mandatory data retention laws. With a VPN, your DNS requests are encrypted and handled by the VPN server and unreadable to your ISP or other parties.
At the time of publication, our top VPN recommendations right now are NordVPN, which also comes with a 74% off coupon here. For the latest VPN rankings and tips, see our guide on the best VPN services.
Benefits of Open Source in Secure Email Providers
When considering secure email providers, open source software offers a multitude of benefits. By allowing users and developers to access and review the source code, open source software ensures transparency and enables the verification of its security and trustworthiness. This public scrutiny helps identify any potential security vulnerabilities and ensures that the software is regularly updated and improved.
Another advantage of open source software is community-driven development, a collaborative approach that allows a community of developers to work together to improve the software. This leads to faster development and more reliable and secure software, as potential issues are identified and resolved more quickly.
In summary, choosing a secure email provider that utilizes open source software is advantageous in terms of security and reliability, as it allows for public review and verification of its encryption protocols and privacy protections.
Conclusion on secure and private email services in 2024
Regardless of your circumstances, switching to a secure and private email service will improve your privacy. Major email providers like Gmail, Yahoo, and Microsoft don’t always prioritize user privacy, so you have to look after it yourself. Paying for one of these secure email services means you won’t be paying with your privacy by using “freebies”.
Once you switch to one of these email services your private communications will be much more secure. Then, all you need to do is avoid non-technical attacks, like classic email scams that never seem to go away.
See the main privacy tools guide for other privacy and security essentials.
We also have a guide on encrypting email.
If you want more info on these secure email providers, you could check out our in-depth reviews below:
- Proton Mail Review
- Tuta Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Posteo Review
- Fastmail Review
- Runbox Review
- StartMail Review
Have you used one of these secure email providers? Feel free to leave your feedback/review of the service below.
This secure email guide was last updated on June 13, 2024.
CTemplar is shutting down.
https://ctemplar.com/ctemplar-is-shutting-down/
MAJOR ANNOUNCEMENT:
CTemplar is shutting down!
https://ctemplar.com/ctemplar-is-shutting-down/
I am sorry to see this go this way. They had been very responsive for my needs and helped me out a lot on many things. I am sorry to see them go this way.
Wonderful survey, Sven Taylor! Thank you for founding and operating RestorePrivacy!
I belong to a world religion that remains largely clueless about the need for online security, particularly email.
How would you weigh the pros and cons of choosing a secure email service (plus other services: VPN, secure messaging, secure chat rooms, online conferencing) versus setting up one or more of these services in-house through the IT department based at the world centre or possibly distributed around the world?
I’d tend to favor professional services that have the experience and expertise in their chosen field, rather than rolling out my own solution, but that’s just me…
I’m 80+ and was forced here because my checking account was emptied. I traced the source to my Hushmail account. They allow me to view current account openings and listed their IP address.
I want an encrypted email for financial and online buying. I have obtained a security key for online service that supports FIDO2. My search for Secure Email leaves me without understanding.
Do both ends of email require the same service? Can I send a message to someone on Gmail that they can open and read. The more I search Secure Email, I begin to think it is for private messaging between two with the same apps.
Thanks for any help
George
Hi George, the answer to your question depends. If you are using services like ProtonMail or Tutanota that utilize built-in encryption, then emails between other users (on the same email service) will be automatically encrypted. But an email to a different service, such as a gmail account for example, would not be end-to-end encrypted. However, if you want to go through the hassle of managing PGP keys and emailing other people who are also managing PGP keys, then you could go that route with an email service that supports PGP encryption. But most people you interact with probably are not managing PGP keys and will not want to start.
Tip: I’d recommend brushing up on how to create a secure password and also secure password managers. In many cases where accounts are breached, the same (or similar) password is used across different services. Attackers can breach one website, and then crack user accounts across different services. Having a secure and unique password for every single website/service will greatly increase your security, regardless of which email service you use. And then, a secure password manager, such as Bitwarden, will help you safely manage all of those secure passwords.
If you haven’t done so already, creating new, secure passwords for all of your online accounts, would be a good first step. Enabling two factor authentication on these accounts will also help.
Sven Taylor,
I have over 50 different PWs, using letters, numbers and symbols 12 or more characters long.
Manually managed on a flash drive and printed for use. Bitwarden indicates the my PWs are strong and will take centuries to crack. I use Edge to manage PWs
After reading Password Managers – “Everything You Need to Know” I compromised my strong password with Edge pw manger. My paid email account was not secure. Duckduckgo Search engine is good, but the links I go to are not.
I appreciate your thoroughness of covering a subject. You seem to have a genuine love of privacy.
After studying your many articles and other linked articles, I think I have enough understanding to choose “Tutanota Email,” “Bitwarden password manger” and “VPN.ac” with my “Yubi Security Key” for a more private experience. I hope to use the Yubi Key for all three.
Bitwarden uses identifiers that are foreign to me. (Enter the domain name, free SSL certificate, environment file, Docker Hub, Triggers tab. containers ) I don’t think that I need all of that info entered. I can get a lot of instructions on the various use, but have been unable to find a simple instruction that allows me to add my most used website that I want to use, one by one.
Thank you for sharing your knowledge.
George
Sounds like a good plan, George, good luck!
thexyz is the worst experience I ever had…
This is the worst experience I ever had with setting up e-mail. Tried signing up for their so-called “premium” e-mail service. Payment seemed to go through but when I tried logging in my account was tagged as “pending.” Tried their online chat system to try and determine what was going on. Had to wait for 20-30 minutes before someone finally answered. But Lucy could not help in any way apart from assuring me she would mark the matter a priority. She didn’t seem too confident that would help since she also advised me to open a support ticket which I did. The next morning the issue was still not resolved. I decided there might have been a payment issue since when I entered credit card info my computer had auto-filled certain blanks which I had to correct (I have 2 credit cards and I suspected data from the 2 might have gotten mixed). I went into my account and entered correct details for the card I meant to use, making it the default card, thinking that might resolve the issue but it didn’t. When I later tried to check whether they’d answered my support ticket I was greeted by a message that they had banned my IP! What?! I opened a new chat session to ask what the hell was going on with this but got no answer for the 40 minutes I waited before needing to leave. They finally sent me an e-mail “response” stating they’ve “become more picky” about who they allow to be their customers! Can you believe this?! What an outrage! And meantime they have details for 2 of my credit cards in their system. These people are dishonest crooks and no one should ever do business with them. I hope their company dies a slow and painful death. Imbecileiots. Avoid at all costs! Meantime they have the gall to send me e-mails asking me to “let them know about the quality of my experience” – right, when you’ve blocked my IP and closed my account?
Is it too soon to tell if they charged you any money?
I have a solution 100% private and 100% anonymous. However it’s not for everybody, weaklings and addicted zombies, please stay away from this post.
If you stay out of the digital world, you are 100% private and 100% anonymous…
No phone, no connection, live the real life outside of the matrix…
I totally agree with that idea so I applaud your comments. Problem is, in this day and age it is basically impossible to do so as many state organizations in the US are turning to this platform and forcing the public’s hand if they should need to use their services. It’s sad but it’s so.
Still, thanks for sharing. 🙂
I don’t know if anyone was aware of this, but last year Tutanota was ordered by a German court to allow police to monitor a customer’s incoming and outgoing unencrypted emails as part of an investigation law enforcement was conducting on a blackmail case. It was originally thought to have been a decision to mandate a backdoor, but turned out to be otherwise.
https://www.hackread.com/encrypted-email-provider-tutanota-backdoor-service/
Yep, we discussed that a bit before with regard to their transparency report, I believe in the Tutanota review. It’s important to keep in mind these are targeted court orders against specific individuals who have gotten the attention of law enforcement, rather than blanking mandates affecting all Tutanota users. Either way, not a very reassuring situation though.
There are obviously many people who would love to jump to a more secure, private email service, but many could not take the leap for a variety of reasons. Therefore, for those who want to keep their web-based email accounts with web-based services, like GMail, there is a solution.
Mailvelope is a free, open source add-on or extension (for Chrome and Firefox browsers) people can use that will provide end-to-end encryption for people’s existing email address. I have used Mailvelope before jumping to ProtonMail and it is pretty good! Though it is recommended to avoid using your browser to access email, for those that do, Mailvelope is a good solution to help keep you emails secure.
https://mailvelope.com/en
I see Swisscows email is now available. Can we get a critique?
The guys behind this website are super busy so a review may take a while. Care to outline why you like it? Is the email service open source?
Great article.
You have missed out Mutant Mail.
They are making a lot of headway.
Are they open source? Why do you like them?
There are services available so that emails can be forwarded anonymously to your email address and when you reply I believe they will use your alias too. They’re also available for use on my platforms as well.
1) SimpleLogin – https://simplelogin.io/
2) AnonAddy – https://anonaddy.com/
AnonAddy supports GPG or OpenPGP encryption.
So, Sven, on the whole, given what we know about the pros and cons regarding email apps that live on your phone vs email clients you need to open in a secure browser, which is preferable? It’s maybe mostly a question of which of the two are you most concerned about, the email app having greater insight into your whole OS, or the emails you open that can more easily track you when you open them in a browser? Come to think of it, even from inside an app, they will open in an outside browser….
I really don’t know how technically these things work, who gets to see/track what, where and when.
(I did notice though that Criptext, contrary to Tutanota, will only work with a JavaScript enabled browser, which kind of makes me feel better about Tuta)
“regarding email apps that live on your phone vs email clients you need to open in a secure browser”
I’m the wrong guy to ask about privacy with mobile devices to be honest. I avoid mobile devices as much as possible and am not up on the latest privacy trends/tips with mobile, but someone else may chime in here.
try “fairmail” only in mobile
Quick question about Criptext – someone ne ruined that it has been “ruined by sketchy characters” or something like that. I looked for more about this online but came up empty. Is this this for real, and what’s the problem?
Thanks
By the way, I just discovered there’s another Matt here. Maybe I should change to Matt2?
Criptext has been ruined? Could you elaborate on that? I just signed up with them.
I’m not tech savvy and would like to know if I can copy folders and/or emails from my current email provider to a new one?
This can be challenging, and the exact answer is different for every email provider.
Sven’s right, can vary between providers and servers. Typically each email has its own three-letter filename extension, like *.eml for example.
In a lot of cases, most aggegate mail compilers (like Thunderbird, a corollary to Firefox) and providers themselves typically have an “import” function (Thunderbird Menu/Tools/Import) which will then import “everything” (like emails, settings, attachments, contacts, filters, folders) and place them within T-Bird for viewing.
Likewise “export” (or “download”) to a special folder on your system (usually they hide it so it’s not easily erased/amended).
The problem lies with “converting” the three letter filename extension exclusive to the original provider. Ditto contacts: *.vcf –or– *.vcards
….luckily, many platforms use *.eml, but you generally can’t determine attachments except by size of the particular email…open it in an email aggregator (like T-Bird, Outlook, GMail, Eudora) can usually solve that problem.
In a lot of cases, one can determine (by the size of the downloaded file) whether it has a pic attachment or not (most pics are from 200 – 900 kbs). I just select the filters on top of columns in downloaded mail folder to the “size” (of document), and open those up individually, typically your photo editor will open it as a pic.
Fortunately, you can go online for converters, which can convert within the browser for individual files, or download the software to convert [*.eml—> to *.emix (Apple) *.pbx (Outlook)].
Hope that helps
ProtonMail has an Easy Switch function. It seems to be what you are talking about
Use an anonymous credit card and a fake name.
I am an average and completely tech-stupid person. All I need is a personal email for banking, paying credit cards online, amazon email, communicating with friends and family, etc. I don’t really understand encryption other than it is safer. I don’t want to have to run another program, or ask friends and family to do so, to “read” my emails. (And maybe you don’t have to do that with encrypted emails…I don’t know because I am too stupid to understand it….really!) I have used yahoo for 18 or so years with no issues at all, then all of a sudden I’m getting 50+ spams a day that are coming into my regular inbox. I’m over it. What do you recommend for a paid service for me? I’ve read this and other articles and it’s overwhelming and I still don’t understand which one I can use that is simple, where other people can read (my emails) without extra work. Sorry for the long explanation/question and I hope it makes sense! Thank you 🙂
I’d recommend checking out Mailfence for your situation.
I will do that. Thank you so much!!
Hi Lisa,
You might want to look into Privacy.com for credit card and online shopping. I am definitely not a Tech or Privacy expert, but maybe one of the real experts here would be kind enough to lend a hand, or opinion. Good Luck.
Oh dear, is that available in the US? I’m not sure what the price is…is that euros? (told you I’m not that smart)
Yes it is available to anyone, anywhere. It’s free with 500 MB of data, and after that (for more space), it’s still pretty cheap.
CTemplar, for all of the rough edges, seems to be a very responsive company.
I was not sure about them at first, but every issue I have had, they responded very quickly, professionally, and accurately on fixing the issues.
Do know it is not the smoothest or most polished service but They have been good in helping me.
Potentially looking at cyberfear as an email service. Any thoughts on them?
Been using cyberfear for over 10 months now server only down once. Happy with them hope they will be in business for a longtime.
Is source routing possible for POP and SMTP access?
My meaning is, a client has a fixed IP and only the users’ should be accessing the mail gateway for sending and receiving, with a firewall permit:
#allow-IP=203.33.xxx.x#
#deny-IP>≉<203.33.xxx.x#
thx
It would be really helpful if you could put the email services with their features into an online spreadsheet- so we can compare features in a side-by-side manner. Great Article! Thank you.
That would be awesome!
Great article. How about fastmail? Are they secure
Here is the Fastmail review.
sekur.com
never heard of it?
no review on your site!
That’s correct, we have not yet reviewed sekur.com email.
Excellent article on the best secure email providers with pros and cons. I’m using the RMail services for years, which provides the free plan and starts from $7 only.
RMail specializes in elegantly easy to use email encryption for privacy and compliance, e-signatures, legal e-delivery proof, secure file sharing, email impostor protection, document rights management, and AI-infused services to prevent data leaks and human e-security errors.
question. And which Linux from is safe to use? Which distribution is free? thanks.
A good starting question is, What do you want from Linux? Plug and play, full customization?
Location? Desktop looks?
As for free, most are (Red Hat is one exception).
I would suggest checking out distrowatch.com.
I have used Mint, Zorin, AntiX, PureOS, and Spark Linux.
So help us by telling us what you want Linux for.
What about a secure email client to manage my emails in one app interface? Do you have any thoughts or recommendations? I would rather have something like that than the default email management apps that come on my computer and phone. Thanks.
Thunderbird
What about Swiss Cows’ new secure email, or their secure messaging program, are they good? I found them while using their secure search, one of your site’s recommendations. Thanks.
We’ll check them out in the coming months.
I would like to introduce you to: Infomaniak Email Service
The all-in-one email experience from Infomaniak, developed and hosted in Switzerland that is advertising-free and privacy-friendly. You get 20 GB for mails and 15 GB for your documents and photos with free access to kDrive. It also has a contacts management and a calendar. Also Infomaniak is a local company that’s strongly committed to a sustainable economy and listening to its customers. Infomaniak doesn’t finance its free services by selling your personal data either.
Check it out! [https://www.infomaniak.com/en/free-email]
Any commenta from the author?
Infomaniak requires not only your name, but also telephone number and address!
https://www.infomaniak.com/en/legal/confidentiality-policy
Too bad they don’t take privacy as seriously as they do carbon capture.
https://www.infomaniak.com/en/ecology
Sure, I can understand that. But the point with “Too bad they don’t take privacy as seriously as they do carbon capture.” is not true. They require a lot of data when registering, but they are not sold in any case. Ultimately, everyone must decide for themselves who they trust and who not. I love Infomaniak’s services.
Thank you for this.
Ive used this service yet the email was hacked and password changed!
If I may make a suggestion, could you also look at the ability to export emails and add that to your pro and cons list. Not all of these providers support exporting “your” email messages from the free tier. For me personally that is a big deal when using a free tier, because I like to have full control over my messages.
I know that e.g. ProtonMail support that, but Mailfence and Tutanota don’t.
Great article but it seems it’s geared towards people with serious privacy concerns. I use Gmail and I’m having trouble getting into my account online and of course their support sucks. I want to switch to a paid service that has good customer support so I don’t have to worry about losing access to my account. I don’t really care about or use encryption and I’m not that concerned with privacy, I just don’t want the provider purposefully looking thru my emails to target ads to me or any other reason. I use Thunderbird with IMAP to read and send emails and rarely access my account with a browser. I’d like to have several aliases and a custom domain.
I tried to filter thru your recommendations and it looks like runbox might be the best fit for what I need. Would you be willing to make a recommendation based on my requirements ? Are there other basic reliable email services out there that aren’t necessarily so encryption/privacy centric but aren’t sleezy like google or yahoo etc?
Thanks in advance!
Mailfence is also a great fully featured option to consider.
Thanks for your response.
I checked out mailfence and they do have a lot of positive reviews and good support. When I went to signup, they require an alternate email address for verification and/or recovery which defeats the purpose of getting rid of all my current email accounts and having only one provider.
Tutanota is the only provider so far that doesn’t require an alternate email but provides a key for recovery instead when you create the account. But they do not allow IMAP clients like Thunderbird so they are out.
Protonmail also requires an alternate email.
My search continues.
Tww ways to handle that.
1) Use the Google account, sign up, transfer all your contacts and info, then delete Google.
2) Use a temp email the deletes everything. https://restoreprivacy.com/email/temporary-disposable/
If privacy is not necessary, option one is the fastest and easiest.
Have you guys tested Ctemplar?
Yes, Heinrich has been testing it over the past few months.
Edit: And here’s the CTemplar review.
@Sven,
You do. Unless you mean an updated one?
https://restoreprivacy.com/email/reviews/ctemplar/
Ah, good point! I overlooked that one. Thanks for the reminder.
@Sven,
Of course. You’re welcome.
@Quasimodo,
What questions do you have? I use them.
Have you guys tested and researched https://www.zoho.com/ ?
Are they privacy friendly as they claim to be?
No, but it looks decent and is outside the US.
If you go far enough in the website, you’ll see that depending on where you’re located, your data will stored in America.
Also, “No” what? He asked 2 questions.
No we have not tested or reviewed Zoho.
Why are there no secure mail options in the US listed here that have servers inside the borders?
Are there any that exist?
If we had a secure email service with servers inside of our country, our privacy rights will be preserved… however the bouncing back and forth between 14+ Eyes Countries (Creepy Uncle Sam and his 13+ weirdo voyeuristic buddies) get to peep on you.
I switched from yahoo mail to using protonmail to avoid account hacks (due to backdoor weaknesses being created for NSA,CIA etc.) and all the data mining from corporate advertisers. However in avoiding the pesky nature of ads popping up from a marketing opportunities skimmed in my personal emails, now my information is subject to the various alphabet agency taxpayer funded creeper programs skimming my emails by bouncing to servers in Switzerland and back into my country.
NSA co-operation
The ‘5-Eyes’: The US, the UK, Canada, New Zealand and Australia
The ‘9-Eyes’: The ‘5-Eyes’ group plus Denmark, Norway, the Netherlands and France
The ’14-Eyes’: The two above groups plus Germany, Sweden, Belgium, Spain, and Italy
https://web.archive.org/web/20131219010450/http://cphpost.dk/news/denmark-is-one-of-the-nsas-9-eyes.7611.html
In 2013, documents leaked by the former NSA contractor Edward Snowden revealed the existence of numerous surveillance programs jointly operated by the Five Eyes. The following list includes several notable examples reported in the media:
PRISM – Operated by the NSA together with GCHQ and the ASD[60][61]
XKeyscore – Operated by the NSA with contributions from the ASD and the GCSB[62]
Tempora – Operated by GCHQ with contributions from the NSA[63][64]
MUSCULAR – Operated by GCHQ and the NSA[65]
STATEROOM – Operated by the ASD, CIA, CSE, GCHQ, and NSA[66]
@Sven,
I know you may be working on updates, but here is some info about CounterMail.
First, they only have room for 20K users. They said they are cycling through old accounts that do not pay but there is a waiting list.
In order to get access you MUST have or know someone who has extra invite codes, or go on a list with no details of when you will get an invite.
They also do not have prices on their website, from what I see.
Their free version is only good for 10 days and you either have to pay for a professional account or lose it completely.
So if you want to use them, they look solid but just be aware you may not be able to unless you know one of the 20K who use it.
https://webmail.countermail.com/register/index.php – Login screen
https://support.countermail.com/kb/faq.php?id=250 – What you can and cannot do with their free account
https://support.countermail.com/kb/faq.php?id=258 – Info on the Invite codes
Interesting, thanks for sharing this info J.M.
You’re welcome.
As an aside, I have been using CTemplar.
They are a diamond in the rough.
Very good but DDOS attacks have hit them a little.
It didn’t break them but I went a few days where my Email was good till about 10:30ish my time to about 3 PM.
After that it was back.
Haven’t had an issue now for about four months until today. But today it was 15 minutes at worst.
No, they are not as polished and I had to piece together cloud storage, email, and a calendar, but it is what it is.
I was asked by Proton what they needed to do and I pointed out they need to run everything on RAM disks and not just not flip the switch to track but not even HAVE a switch to flip.
I am waiting to see what they do. If they fix that, it would be good.
CTemplar said they are working on a Calendar but I have not heard anything back yet.
“ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages.”
https://www.bleepingcomputer.com/news/security/protonmail-introduces-a-new-email-tracker-blocking-system/
Very cool, thanks for sharing Mike.
Personally I use SekurMail for sensitive communication. I am really satisfied with it up to now.
Sven, without scouring this website to find exact references, I believe you’ve made negative comments in the past about Fastmail, generally regarding privacy. How is Fastmail any different from ProtonMail, which you have listed here as a recommended email service? And you stated that “All email providers must comply with the law.” So what’s the difference? Thanks.
Hi Vanp, see the Fastmail review for a list of cons. Same goes for the ProtonMail review here.
Protonmail is a mess. Can’t open attachments and there is essentially zero support.
I’ve had nothing but problems with Mailfence. 1. There is no way to receive a notification that you have an email. This is a simple thing that should have been put into the software from day one. Their suggestion is to use a third part app that it can synch with. That means you lose all of the security you are paying for to only have one of the other services selling your information and spying on you. 2. I pay for an upgraded account and there is no phone number listed anywhere on their website in spite of them claiming they have phone support. 3. I’ve only been using it a couple of weeks and yesterday I sent an email to someone else and the email I sent was found in my spam folder rather than sent mail? Can’t even begin to understand how that occurred but it did and the person I was emailing never received the email. 4. The turnaround time for assistance through emails is literally days. That’s not acceptable for a service you are paying for and especially when you are unable to send or receive emails due to problems. 5. When I log into the service which I have to do frequently since there is no way to know if you received emails I have to first close a splash screen to get to my emails. Logging in doesn’t take you straight to the emails. Overall I would love to continue using it but I don’t trust it after having emails I sent found in my spam folder. Having no notifications in this day and age was abysmal planning.
Protonmail was also a nightmare. I was in the middle of litigating against an organization and I wasn’t able to open any attachments sent to me by my attorney. I had to keep forwarding them to my gmail account where they opened with no problems. I also have another browser open every time I try to open the email client. Another epic failure. I’ve emailed them for assistance and every 10 days they respond asking me to send screenshots etc. Sorry but I don’t have the luxury of taking 3 years of trying to resolve something that likely could be fixed in 10 minutes if they had phone support.
Tutanota is too wordy. I’m not interested in having to spell out the name of my email address 3 times to people. What a dumb name. As of right now I have yet to find a secure email client that does the basic functions of gmail efficiently.
Thanks Doug. Your post has warned me off from nearly giving mailfence another shot yet. Your experience seems to corroborate mine.
Mailfence also advertises a monthly price without clearly stating on the pricing page that it is actually yearly billing. To find out that it is yearly you either need to move through the purchasing process, or go into Support / Account subscription and payments / and find the KB article about monthly billing. <– that is not ok in my opinion.
The other services I've used state right on the pricing page that it is yearly billing right next to the pricing itself. Anything else is basically semi-false advertising imo.
Great info. Thank you. I have been researching for sometime on these matters for myself and family. Do u have any info on Sekur, i believe they are in Switzerland. Can you recommend a wifi router/ modem?
We have not yet tested out Sekur. We have a guide on VPN routers here, but that’s about it for hardware recommendations.