• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy Logo

Restore Privacy

Resources to stay safe and secure online

  • Privacy Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search
    • Password Manager
    • Tor
    • Privacy Tools
  • Reviews
    • Email Reviews
      • ProtonMail
      • Tutanota
      • Mailfence
      • CTemplar
      • Mailbox.org
      • Posteo
      • Fastmail
      • Hushmail
    • VPN Reviews
      • ExpressVPN
      • NordVPN
      • Surfshark
      • Perfect Privacy
      • CyberGhost
      • IPVanish
      • Private Internet Access
      • Netflix VPN
      • Best VPN for Torrenting
      • NordVPN vs ExpressVPN
    • Cloud Storage Reviews
      • pCloud
      • Nextcloud
      • IDrive
      • SpiderOak
      • Sync.com
      • MEGA Cloud Storage
      • Tresorit
    • Secure Messenger Reviews
      • Telegram
      • Signal
      • Wire
    • Password Manager Reviews
      • KeePass
      • NordPass
      • 1Password
      • Dashlane
      • LastPass
      • Bitwarden
  • VPN
    • What is VPN
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • NordVPN Cyber Monday
      • Cyber Monday VPN Deals
      • ExpressVPN Cyber Monday
      • Surfshark Cyber Monday
    • Best VPN Services
    • VPN Router
    • Free VPN
    • Free Trial VPN
    • Cheap VPNs
    • VPN for Firestick
  • Reports
  • Mission
  • Search
  • Privacy Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search
    • Password Manager
    • Tor
    • Privacy Tools
  • Reviews
    • Email Reviews
      • ProtonMail
      • Tutanota
      • Mailfence
      • CTemplar
      • Mailbox.org
      • Posteo
      • Fastmail
      • Hushmail
    • VPN Reviews
      • ExpressVPN
      • NordVPN
      • Surfshark
      • Perfect Privacy
      • CyberGhost
      • IPVanish
      • Private Internet Access
      • Netflix VPN
      • Best VPN for Torrenting
      • NordVPN vs ExpressVPN
    • Cloud Storage Reviews
      • pCloud
      • Nextcloud
      • IDrive
      • SpiderOak
      • Sync.com
      • MEGA Cloud Storage
      • Tresorit
    • Secure Messenger Reviews
      • Telegram
      • Signal
      • Wire
    • Password Manager Reviews
      • KeePass
      • NordPass
      • 1Password
      • Dashlane
      • LastPass
      • Bitwarden
  • VPN
    • What is VPN
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • NordVPN Cyber Monday
      • Cyber Monday VPN Deals
      • ExpressVPN Cyber Monday
      • Surfshark Cyber Monday
    • Best VPN Services
    • VPN Router
    • Free VPN
    • Free Trial VPN
    • Cheap VPNs
    • VPN for Firestick
  • Reports
  • Mission
  • Search

Secure and Private Email Services

January 11, 2021 By Sven Taylor — 343 Comments

Secure Email

Are your emails and attachments safe from prying eyes?

Unless you are using a secure email service that respects your privacy, the answer is probably no.

Most large email providers, such as Gmail and Yahoo, do not respect the privacy of your inbox. For example,

  • Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
  • Advertisers are allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
  • Yahoo was also caught scanning emails in real-time for US surveillance agencies.

Another concern is where your email service is located and how this may affect your data and privacy. Some jurisdictions have laws to protect data privacy (Switzerland), while others have laws in place to erode it (United States). We’ll cover this in more detail below.

On a positive note, there is a relatively simple solution for keeping your inbox more secure: switch to a secure email provider that respects your privacy.

What is the best secure email service?

With so many different types of users, there is no single “best secure email” service that will be the top choice for everyone.

While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.

Here are just a few factors to consider when switching to a secure email provider:

  • Jurisdiction – Where is the service located and how does this affect user privacy? Where is your data physically stored?
  • PGP support – Some secure email providers support PGP, while others do not use PGP due to its vulnerabilities and weaknesses.
  • Import feature – Can you import your existing emails and contacts?
  • Email apps – Due to encryption, many secure email services cannot be used with third-party email clients, but some also offer dedicated apps.
  • Encryption – Are the emails end-to-end encrypted in transit? Are emails and attachments encrypted at rest?
  • Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and support for DAV services.
  • Security – What are the provider’s security standards and policies?
  • Privacy – How does the email service protect your privacy? What data is being collected, for how long, and why?
  • Threat model – How much privacy and security do you need and which service best fits those needs?

The goal of this guide is to help you find the best secure email solution for your unique needs.

This list is not in rank order. (Choose the best secure email service for you based on your own unique needs!)

Here are the most secure email providers that protect your privacy.

1. ProtonMail – Secure email in Switzerland

Based inSwitzerland
Storage5 - 20 GB
Price$4.00/mo.
Free TierUp to 500 MB
WebsiteProtonMail.com

Secure Email in Switzerland

ProtonMail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a team of academics working at MIT and CERN in 2014. Shortly thereafter, it was promoted in American media as “the only email system the NSA can’t access” – which was around the time Lavabit was shut down for not cooperating with the US government.

Looking at the service itself, ProtonMail does a lot of things right. It utilizes PGP encryption standards for email and stores all messages and attachments encrypted at rest on Swiss servers. ProtonMail has a unique feature for “self-destructing messages” and they have also added address verification and full PGP support.

Regarding encryption, however, it’s important to note that ProtonMail does not encrypt subject lines of emails, which is an inherent limitation with PGP (not ProtonMail). Additionally, the ProtonMail search function can only search subject lines within your inbox, but not the actual content of your emails. This is another functional limitation that comes from integrating more encryption and security into the service.

ProtonMail does offer some great apps for mobile devices (Android and iOS). You can also use ProtonMail with third-party apps through the ProtonMail Bridge feature (restricted to paid users).

Overall ProtonMail is a well-regarded email provider, and should be a great secure email option for most users. Switzerland remains a strong privacy jurisdiction that is not a member of any surveillance alliances. In addition to email, the same team also offers a VPN service, which we have tested for the ProtonVPN review.

+ Pros

  • Can import contacts and emails through bridge feature
  • Strips IP address from emails
  • Emails are encrypted at rest and stored on Swiss servers
  • Officially under Switzerland jurisdiction
  • Apps for mobile devices
  • Can be used with email clients through the ProtonMail Bridge feature
  • Open source Android app

– Cons

  • Takes funding from United States VC investors and government entities
  • Utilizes phone number verification
  • Above-average prices

https://ProtonMail.com/

See our ProtonMail review for more info.


2. Mailfence – Fully-featured secure email in Belgium

Based inBelgium
Storage5 - 50 GB
Price€2.50/mo.
Free TierUp to 500 MB
WebsiteMailfence.com

Encrypted and Secure Email

Mailfence is a fully-featured secure email provider offering calendar and contacts functionality, file storage, and PGP encryption support. It is based in Belgium, which is a good privacy jurisdiction with strict data protection laws.

For those wanting full PGP control and interoperability, without plugins or add-ons, Mailfence is a solid choice. Whether you are a personal user or you need a secure email solution for your business or team, Mailfence likely has all the features and options you’d want.

While many secure email services sacrifice features and functionality for security, you can have it all with Mailfence. This makes Mailfence a great alternative to full email and productivity suites, such as G Suite or Office 365.

In testing everything out for the Mailfence review, I found it to work very well with an intuitive design, slick layout, and tons of features. Mailfence also offers email and phone support, in addition to cryptocurrency payment options.

One of the main drawbacks with Mailfence, which separates it from other secure email providers, is that there’s no built-in way to encrypt your entire inbox. Instead, your only option to do this is locally with a third party client. Fortunately, they are working to integrate a built-in encryption option in the coming months.

+ Pros

  • Based in Belgium, with all data stored on Belgian servers
  • Full OpenPGP encryption support and digital signatures
  • Includes Messages, Documents, Calendar, Contacts, and Groups
  • SMTP, POP, and IMAP support
  • Can synchronize with other email clients
  • Supports password-protected messages with expiration time
  • Removes IP addresses from mail headers
  • Two-Factor Authentication (2FA) support
  • OpenPGP user keystore
  • Great user interface (recently updated)
  • Cryptocurrency payment options

– Cons

  • Code is not open source
  • Some basic connection logs are kept
  • No built-in options for encrypting entire inbox (at rest)

https://Mailfence.com

See our Mailfence review for more info.


3. Tutanota – Private and secure email in Germany

Based inGermany
Storage1 - 1,000 GB
Price€1.00/mo.
Free TierUp to 1 GB
WebsiteTutanota.com

private and secure email tutanota

Tutanota is a Germany-based secure email service run by a small team of privacy enthusiasts, with no outside investors or owners. While their service is focused on providing you with the highest levels of email security, it still remains user-friendly and intuitive.

Rather than using PGP and S/MIME, Tutanota utilizes their own encryption standard incorporating AES and RSA. This standard encrypts the subject line, supports forward secrecy, and can be updated/strengthened if necessary against quantum-computer attacks, as they explain here.

All messages in your inbox, contacts, and calendar are encrypted at rest on servers in Germany. For sending encrypted emails with Tutanota, you have two options:

  1. Emailing another Tutanota user, which encrypts everything automatically (asymmetric encryption)
  2. Emailing an external (non-Tutanota) user with a link to the message and sharing a password key for encrypting/decrypting messages (symmetric encryption).

While Tutanota uses high encryption standards and is arguably one of the most secure email providers anywhere, it also comes with some tradeoffs. This includes no support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tutanota inbox, but they’re currently working on adding a migration feature – see the roadmap.

To explain why Tutanota does not rely on PGP standards, Tutanota cofounder Matthias Pfau wrote this piece for Restore Privacy readers, Let PGP Die: Why We Need a New Standard for Email Encryption.

If you are looking for a transparent, high-security email provider run by a team of privacy enthusiasts, Tutanota is a solid choice.

Downtime Alert – One problem we have noticed in the past year is that Tutanota has suffered from lots of downtime. We have seen Tutanota blame DDOS attacks for these problems. Regardless of the reasons, the downtime has been a frustrating issue for many Tutanota users, especially those who need continuous access for business email. Keep this in mind when considering Tutanota.

+ Pros

  • Messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
  • Strips IP address from emails
  • Open source code (including mobile apps)
  • Great apps for mobile devices
  • Free accounts with 1 GB of storage
  • Encrypted calendar and contacts
  • Discounts and additional support for non-profits

– Cons

  • Issues with down time
  • Does not support PGP
  • Potentially delays with account approval
  • No way to import existing emails

https://Tutanota.com

See our Tutanota review for more info.


4. Mailbox.org – Private email in Germany

Based inGermany
Storage2 - 100 GB
Price€1.00/mo.
Free TierNone
WebsiteMailbox.org

Email with Security

Another Germany-based secure email provider worth considering is Mailbox.org. Unlike some of the other secure email services in this guide, Mailbox.org is fully-featured and can function as a full email and productivity suite, similar to Mailfence. It offers a huge lineup of features: Mail, Calendar, Address Book, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. The layout and design of Mailbox.org are also user-friendly, even with all the features and preferences.

When choosing a secure email provider, you often have to choose between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, Mailbox.org offers full PGP support and options to easily encrypt all your data at rest on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party email clients.

Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month and going up for more storage and features. You can pick up a free 30-day trial if you want to test-drive this privacy-focused email provider.

+ Pros

  • PGP support (server-side or through third-party app)
  • Company and server located in Germany with strong privacy protections
  • HSTS and PFS for messages in transit
  • Protected against man-in-the-middle attacks
  • Message and spam filters
  • Virus protection
  • Full text search
  • POP, IMAP, SMTP, ActiveSync support
  • vCard, CardDAV, CalDav support
  • Messages are encrypted at rest
  • Supports custom domains
  • Open source

– Cons

  • No mobile clients (but can be used with third-party email clients)
  • Some tracking during registration

https://Mailbox.org/

Check out our Mailbox.org review for more details.


5. Posteo – Privacy-focused email in Germany

Based inGermany
Storage2 - 20 GB
Price€1.00/mo.
Free TierNone
WebsitePosteo.de

Posteo email that is secure

Posteo is (another) German email provider that offers a high level of privacy and security for its users. In some respects, it has much in common with Mailbox.org. Both are fully-featured email providers that utilize PGP encryption standards, with similar prices. But in a few key areas, Posteo is a bit different:

  • Custom domains are not supported.
  • There is no spam folder (all emails are either delivered to your inbox or rejected).
  • There’s no trial or free tier (but still quite affordable).

In terms of privacy, Posteo really makes an effort to protect the privacy of their users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.

Posteo also supports completely anonymous registration and anonymous payments – even allowing you to send cash in the mail for no digital trail. (We see this trend with VPN services as well.) And if you pay with a credit card, PayPal, or some other digital method, they manually separate account details from payment info.

+ Pros

  • Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
  • Subject, headers, body, metadata, and attachments are encrypted
  • Includes Messages, Calendar, Contacts (Address Book), and Notes
  • Completely Open Source
  • Strong commitment to privacy, sustainable energy, and other social initiatives
  • Self-financed; good track record (operating since 2009)
  • No logs, IP address stripping, secure email storage with daily backups
  • Allows anonymous (cash) payments
  • Supports SMTP, POP, and IMAP protocol + Two-Factor Authentication

– Cons

  • Custom domains not supported; no “.com” options available
  • No spam folder (spam emails are either rejected or delivered to regular inbox)
  • No trial or free version
  • Cryptocurrency payments not supported

https://Posteo.de/

See the Posteo review for more info.


6. Runbox – Private and sustainable email in Norway

Based inNorway
Storage1 - 25 GB
Price$1.66/mo.
Free Tier30 day trial
WebsiteRunbox.com

Email that is private and secure

Runbox is a long-running private email service in Norway that has been operating for over 20 years. Norway is also a good jurisdiction with a strong legal framework for privacy. All Runbox servers are located in secure Norwegian data centers, running on clean, renewable, hydropower energy.

One unique feature of Runbox is that it gives you 100 aliases to use with your account. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, POP, and IMAP protocols and can be used with third-party email clients. This year they released Runbox 7, which is a webmail client, but they do not offer custom mobile or desktop clients.

Unlike some other secure email providers, Runbox does not have a built-in option for encrypting your entire mailbox. And while you can use PGP with Runbox, it is not yet built into the platform. Another drawback is that Runbox does not offer a built-in calendar, but this feature may be included in Version 7 (when released).

Runbox offers 30 day free trials and makes importing your existing emails simple with the guides on their site. They are currently offering a discount “2 years for the price of 1” on their website here.

+ Pros

  • IP addresses stripped from messages
  • Includes Webmail, Contacts, and Files
  • Servers run on renewable energy
  • Supports SMTP, POP, and IMAP protocols
  • Synchronizes with other email clients
  • GDPR compliant
  • Norway has strong data protection laws
  • 100 email aliases per mailbox
  • Custom domain names on some paid accounts
  • Numerous payment methods accepted (including cash and cryptocurrencies)

– Cons

  • Browser-based; no desktop or mobile apps
  • Not open source (but version 7 should have open source client)
  • Data not encrypted within the Runbox system or at rest
  • No business-specific features

https://Runbox.com

Check out our Runbox review here.


7. CounterMail – Private and secure Swedish email service

Based inSweden
Storage4 GB+
Price$4.83/mo.
Free Tier7 day free trial
WebsiteCounterMail.com

countermail secure email service

Next up on our list is CounterMail, a secure email provider based in Sweden. CounterMail has been operating for over 10 years with a philosophy to “offer the most secure online email service on the Internet, with excellent free support.” CounterMail uses OpenPGPG encryption with 4,096-bit encryption keys along with no-logs, diskless servers to protect user privacy. Countermail anonymizes email headers and also strips the sender’s IP address. All emails and attachments are stored encrypted at rest using OpenPGP on servers in Sweden.

While CounterMail is a bit more expensive than some other secure email providers, they explain this price difference comes from using only high-quality servers and implementing strong security measures. CounterMail also protects users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL. It may not have all the frills, but CounterMail is a serious security-focused email provider with a 10+ year track record.

+ Pros

  • Supports cryptocurrency payments
  • Secure, built-in password manager
  • All emails and attachments stored encrypted on no-logs, secure servers in Sweden
  • Custom domain support
  • Message filter and autoresponder features
  • Uses RSA, AES-CBC, and SSL encryption to protect against leaks and MITM attacks

– Cons

  • Design and UI feels outdated
  • More expensive than other secure email options

https://CounterMail.com


8. CTemplar – An “armored email” service in Iceland

Based inIceland
Storage1 - 50 GB
Price$6.00/mo.
Free TierUp to 1 GB
WebsiteCTemplar.com

CTemplar email Iceland secure

CTemplar is a newer service in Iceland claiming to be the “The most secure & private email service in the world.” As they correctly point out, Iceland has very strong privacy laws, perhaps the best in the world. CTemplar offers some interesting security features, which you can read about here. All emails, attachments, and contacts are stored encrypted at rest on bare-metal servers in Iceland.

Although it is relatively new, CTemplar seems to be a strong contender in the secure email space. You can learn how they aim to raise the bar with security standards on their website. CTemplar offers free accounts with up to 1 GB of email storage, but to get access to all features you’ll need a paid plan.

+ Pros

  • Strong encryption standards with built-in support for end-to-end encrypted emails (uses OpenPGP)
  • 100% open source code
  • Based in Iceland, with some of the strongest privacy laws in the world
  • Zero logs; IP address stripped from emails
  • Anonymous signup options (no phone verification)
  • Support for Bitcoin, and Monero payments
  • Self-destructing emails and Dead Man’s Timer
  • Can send encrypted emails to non-CTemplar users
  • 2FA support

– Cons

  • No email clients (Android app in beta)
  • Higher prices for paid plans (and all features)
  • No support for IMAP/SMTP and third-party email clients

https://CTemplar.com

Check out the CTemplar review to see how this service did in our tests.


9. Kolab Now – Fully-featured Swiss email

Based inSwitzerland
Storage2 GB+
Price$4.50/mo.
Free Tier30 day trial
WebsiteKolabNow.com

Kolab Now email secure Switzerland

Based in Switzerland, Kolab Now is a private email service offering lots of features and full email suite functionality. A Kolab Now subscription includes email, contacts, calendar, scheduling, collaboration/sharing tools, and cloud file storage. All of the features and options make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.

While Kolab now does offer numerous features and support for all major operating systems and devices, it also does not offer as much encryption for those who want the highest levels of security. End-to-end encryption for emails is not built-in and emails are not stored encrypted at rest.

The price is also on the higher end, especially if you want access to all features and more storage. However, for those wanting a feature-rich email suite hosted in Switzerland, Kolab Now may be a good fit.

+ Pros

  • Accepts cryptocurrency payments
  • Full support for POP, SMTP, and IMAP
  • Switzerland jurisdiction with strong privacy protection
  • Full email suite with numerous features to replace Gmail, Office365, etc.
  • Support for custom domains, teams, and business users

– Cons

  • End-to-end email encryption is not built-in
  • Email not encrypted at rest (but stored in high-security Swiss data center)
  • Higher price

https://KolabNow.com


10. Startmail – Private email hosted in The Netherlands

Based inThe Netherlands
Storage10 - 20 GB
Price$5.00/mo.
Free Tier30 day trial
WebsiteStartMail.com

StartMail secure mail

StartMail is a secure email service brought to you by the team behind Startpage, a private search engine based in the Netherlands. While there was surprising news about System1 investing in Startpage, StartMail is its own unique entity under StartMail B.V. – a company operating under Dutch law in The Netherlands.

The Netherlands is a good jurisdiction for privacy and StartMail aims to keep as little data as possible to run their operations (see privacy policy). Unlike most secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.

StartMail allows users to utilize PGP encryption with emails also being encrypted at rest on their Dutch servers. One cool feature with StartMail is they give you the ability to create temporary, disposable email addresses “on the fly” to use with different services. IMAP and SMTP are also supported if you want to use StartMail with third-party apps such as Thunderbird.

+ Pros

  • Can create temporary, disposable email addresses
  • Accepts cryptocurrency payment
  • IMAP and SMTP support; can use custom domains
  • Headers and IP address stripped from all emails
  • Accounts come with 10 GB file storage

– Cons

  • No custom mobile apps
  • Not open source
  • Interface feels a bit outdated

https://www.StartMail.com


11. Soverin – Basic private email in Netherlands

Based inThe Netherlands
Storage25 GB
Price€3.25/mo.
Free TierNo
WebsiteSoverin.net

Soverin secure private email

Soverin provides a basic and private email service at a reasonable price. Plans come with 25 GB of storage and custom domains are supported. All data is stored on servers in Germany. Soverin strips IP addresses from headers while also using strong encryption standards, although email is not stored encrypted at rest by default.

For those wanting a basic private email with lots of storage that is protected by European privacy laws, Soverin may be a good choice. It can also be used with third-party email clients and importing old emails is relatively simple.

+ Pros

  • 25 GB of data storage for all plans
  • Data protected under Dutch privacy laws and GDPR
  • Can be used with third-party email clients

– Cons

  • No custom mobile apps
  • Not open source
  • No built-in encryption options

https://Soverin.net


12. Thexyz – A fully-featured private email service in Canada

Based inCanada
Storage25 - 100 GB
Price$2.95/mo.
Free TierNo
Websitewww.Thexyz.com

Thexyz private email

Another privacy-focused email service worth noting is Thexyz. It is a secure email and web hosting business based in Canada that offers solutions for businesses and private users. The email arm of Thexyz has been operating since 2009, as explained on the about page. While Canada may not be the best jurisdiction for privacy (Five Eyes), this may not be too concerning depending on your needs and threat model.

Thexyz does offer some great privacy and security features. Accounts come with encrypted cloud storage as well as contacts, calendar, and team collaboration tools. All emails are stored encrypted at rest using AES 256-bit encryption, with double geo-location redundancy. With a basic account, you get unlimited aliases and 25 GB of storage (upgradable to 100 GB). Even with all the perks and features, Thexyz is still very affordable at $2.49/mo with the premium webmail plan.

+ Pros

  • Great applications and user interface
  • Email encrypted at rest with 256-bit AES
  • Subscriptions include calendar, contacts, chat, and encrypted cloud storage
  • Unlimited aliases; emails can include up to 50 MB attachments
  • Support for custom domains
  • Autoresponder, spam filters, and incoming email filtering
  • Apps for iOS and Android
  • Accounts come with 25 GB of email storage (upgradable to 100 GB)

– Cons

  • Based in Canada (not the best privacy jurisdiction)
  • Support for end-to-end email encryption is not built-in

https://www.thexyz.com


Worth mentioning

Aside from the secure email services we discussed above, we are also keeping our eye out for new services emerging into this niche.

CyberFear Anonymous Email

CyberFear is an anonymous e-mail service in Poland that has caught our attention. It does not serve ads or log IP addresses, while also offering full encryption on par with our other recommendations. Here is an overview of CyberFear:

  • End-to-end encryption of emails and metadata
  • At rest, all of the following email elements are encrypted: email body, subject line, attachments, sender address, recipient address
  • Anonymous registration with only username and password
  • No IP logs
  • Offshore servers (Poland)
  • Cryptocurrency payments supported
  • TOR support (Onion address is cyberfear4hlcsac.onion)
  • Disaposable aliases
  • Custom domains supported
  • No external scripts nor captchas
  • 2 factor authentication option
  • PGP support
  • Sending encrypted emails outside (will require password to decrypt)
  • Option to host CyberFear frontend on your own computer
  • Push notifications
  • Open source frontend (and backend coming soon)

So far, CyberFear is looking good. You can learn more on their website here.

Email jurisdiction and data privacy

Where your email service is located (jurisdiction) can seriously impact the security of your data. Depending on your threat model, this could be a major consideration. For an overview on jurisdiction and privacy, you may want to read my article on the Five/9/14 Eyes surveillance alliances.

Here are some reasons to pay attention to jurisdiction.

United States (leading member of the Five Eyes)

Tech companies in the US can be forced to give government agencies direct access to their servers for “extensive, in-depth surveillance on live communications and stored information” – as explained in the PRISM surveillance program. Data requests can also be accompanied by gag orders, which forbids the company from disclosing what’s going on (see also National Security Letters).

There are a few known cases of US email providers being forced to give up data. In one prominent example, Lavabit decided to shut down the business rather than give up user data. Another US email provider, Riseup, was also forced to give up data to authorities.

After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).

There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].

Germany (member of the 14 Eyes)

While Germany has long been a rock-solid jurisdiction for privacy-focused tech companies, I’ve noticed some troubling trends recently:

  1. In January 2019, a German court ruled that Posteo must log IP addresses if required by a valid court order. Posteo explained they would not change their system to log all users’ IP addresses, but would comply for specific users, if ordered by a German court.
  2. In November 2019, a German court ruling forced Tutanota to provide real-time access to unencrypted emails for specific users targeted by a court order. As Tutanota explained, only unencrypted messages sent after the court order was received would be affected.

All email providers must comply with the law

While some of these cases may seem alarming, the truth is that all email providers must comply with legal requirements in the country they are operating in. For example, ProtonMail, a Switzerland email provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency report.

(Note: If you are concerned about your email service logging your IP address, then simply use a good VPN service.)

Considering everything, some jurisdictions are much better than others, so choose wisely. As a general rule, I’d still avoid email services in the US, and perhaps other Five Eyes jurisdictions.

Want secure email? Pay for it.

The unlimited “free” email business model is fundamentally flawed. It offers a free service, which is used to collect data and thereby monetize the user and make money on ads. With these privacy-abusing “free” services, you are actually paying for the product with your data.

In contrast, here we recommend privacy-friendly, secure, ad-free email services. While some of these private email services offer limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium business model).

Support good privacy businesses

Fortunately, you can “vote with your dollars” by supporting these privacy-respecting businesses and upgrade to paid accounts. This will help secure email providers to grow, improve, and serve more people with an ethical business model that does not rely on exploiting their users’ data.

Secure email shortcomings and PGP flaws

Most secure email solutions mentioned in this guide utilize PGP for end-to-end encrypted email. PGP, which stands for Pretty Good Privacy and was invented back in 1991 by Phil Zimmermann.

PGP flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently – see also the EFAIL vulnerabilities. While the news did attract lots of attention, the “flaws” were mainly limited to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.

Limited Use – Another fundamental problem with adopting secure email is that few people are willing to go through the hassle of PGP key management, encryption, decryption, etc. There are some solutions, to this, however, and by some measures encrypted email usage continues to grow.

Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses built-in AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They also provide a secure, two-way communication contact form called Secure Connect.

Vulnerabilities – Even when using a secure browser, there are still vulnerabilities to consider with browser-based email clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:

“The browser is not a terribly safe place to run code. Browsers have a large attack surface,” he said.

Wherever encryption and decryption take place, though, it’s a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes it vulnerable.

“Email has an enormous attack surface,” Zimmermann said. “You’ve not only got cryptographic issues but you’ve got things like spam and phishing and loading images from a server somewhere that might have things embedded inside.”

On a positive note, however, there are many options for securing and hardening your browser – see the secure browser and Firefox privacy guides. Furthermore, most secure email providers offer protection against these attack vectors by blocking email images by default while also utilizing virus filters.

Keep in mind, however, that non-browser email clients can also be problematic – potentially revealing unique information about your operating system (user agent) as well as your IP address and location.

Regardless of these limitations, using a secure email provider will help keep large tech companies from harvesting your email data for third parties.

Secure email vs secure messaging apps

secure messaging vs emailDepending on your threat model, you may also want to consider using secure messaging apps, which do not have all of the vulnerabilities discussed above with email.

We have tested many different encrypted and secure messaging apps and compiled a list of our favorites. Here are a few reviews of some of the best options we’ve tested:

  • Signal review
  • Wire review
  • Wickr review
  • Threema review
  • Telegram review

Encrypted messaging apps generally offer a higher level of security over email, plus they are much easier to use than PGP email encryption.

Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more information, check out our roundup guide on the best secure messaging apps.

Always use a good VPN with email

One fundamental problem with email is that it can expose your IP address and location to third parties, by design.

While some secure email services strip IP addresses and conceal metadata, many others do not. Even the popular Enigmail encryption plugin, which is used with Thunderbird, was found to be leaking user IP addresses. Some email services may be forced to log user IP addresses by valid court orders, without disclosing any information to the user.

There have also been many cases where email services are compelled to log user IP addresses by court orders. We’ve seen this with email providers in the US, Germany, and even Switzerland.

Finally, there’s also the fact that many email services keep logs for security, which may include user IP addresses, connections times, and other metadata. Of course, whenever you have logs, this data could end up with third parties (for various reasons).

To effectively conceal your IP address and location, you can simply use a good VPN service.

VPN to secure your email
A VPN will offer more privacy and security when you use email, by hiding your IP address and encrypting your internet traffic.

A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. The VPN will encrypt and anonymize your internet traffic, while you carry on with business as usual. Some of the larger providers, such as NordVPN and Surfshark, offer apps for all major devices and large server networks around the world.

Due to the security and privacy benefits a VPN offers, it’s a smart idea to use one whenever you’re online. Internet providers in many countries are recording user browsing history (via DNS requests), which may be passed off to advertisers or government agencies (mandatory data retention laws). With a VPN, your DNS requests are encrypted and handled by the VPN server and unreadable to your ISP or other parties.

For more info, see these best VPN services.

Conclusion on secure and private email

Whatever your situation is, using a secure and private email provider is a smart step to protect your data. Gmail, Yahoo, Microsoft, and the other big email players do not place the highest priority on your privacy. Paying for a good email service that values privacy ensures you aren’t paying with your personal data.

As a brief recap, below is a table highlighting the best secure and private email providers. If you have a specific question about one of these services, you may want to reach out to them directly through their website.

See the main privacy tools guide for other privacy and security essentials.

We also have a guide on encrypting email.


Email Service

Storage

Price/mo.

Website


protonmail

Up to 20 GB

€4.00
(Free to 500 MB)

ProtonMail.com


mailfence secure anonymous email

Up to 20 GB

€2.50
(Free to 500 MB)

Mailfence.com


tutanota best secure email

20 GB+

€1.00
(Free to 1 GB)

Tutanota.com


mailbox org

50 GB+

€1.00

Mailbox.org


which vpn service is best

Up to 20 GB

€1.00

Posteo.de


Runbox Secure Email

Up to 25 GB

$1.66

Runbox.com


countervail secure email

4 GB+

$4.00
(Free 1 week trial)

CounterMail.com


Iceland ctemplar secure email

Up to 50 GB

$6.00

CTemplar.com/


secure email comparison

2 GB+

€4.41

KolabNow.com


what is the best secure email

Up to 20 GB

$5.00

StartMail.com


secure email providers

25 GB

€3.25

Soverin.net


secure email providers

Up to 100 GB

$2.95

www.thexyz.com/


Have you used one of these secure email providers? Feel free to leave your feedback/review of the service below.

Sven Taylor

About Sven Taylor

Sven Taylor is the founder of Restore Privacy. With a passion for digital privacy and online freedom, he created this website to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics. His focus is on privacy research, writing guides, testing privacy tools, and website admin.

Reader Interactions

Comments

  1. AvatarPolarbeard152

    December 31, 2020

    Hi, Sven,

    I have been obsessively looking at this article/the reviews for secure e-mail providers for about three weeks (after I made a mistake of partly responding to a spoofing text on phone) and I am having trouble picking one of the providers you list. I get bogged down in the technical details, have done side reading to learn terms, but I am a little older, and after reading, my head is spinning. I have simple needs: as part of moving away from Google, I want a secondary e-mail that’s secure, mostly for occasional personal correspondence, or to interact with 2-3 companies to pay bills. Also hoping for not too complicated; I don’t need calendar, etc. I have already implemented suggestions from RestorePrivacy (VPN, browser, search engine) but am having trouble figuring out which secure e-mail fits for me!
    I also would like to contribute financially to R.P. site, just am increasingly paranoid lately about giving card or bank info online. Is there a safe way to do this?

    I appreciate your generosity with time and service to others/the world.

    Reply
    • Sven TaylorSven Taylor

      December 31, 2020

      Hi, with the email, I’d say test out a few different options to see which one you like the best, and then cancel the others you don’t like. No worries on donations. Right now we only accept Bitcoin, but if you can’t donate, sharing our articles with others and spreading the word is just as good. Thanks

      Reply
      • AvatarPolarbeard152

        December 31, 2020

        Thanks so much. I have already told some people about your website, and I will continue this. Wishing you and all who read this site a healthy, safe, and fulfilling new year.

        Reply
        • Sven TaylorSven Taylor

          January 1, 2021

          Thanks, same to you!

  2. AvatarJ.M.

    December 16, 2020

    For Protonmail:

    Another brilliant feature for Basic, Plus, and Visionary users!

    Really great item to have for there are many times I have found mistakes after I hit send.

    https://protonmail.com/blog/undo-send

    Reply
  3. AvatarArnon

    December 12, 2020

    Dutch, Swiss, German laws require at least 6 months before emails can be permanently deleted.
    That’s why I prefer Ctemplar, hope it would work well, till now(after almost 2 months), had few bugs by adndroid app, which were solved by the last update.

    Reply
    • AvatarJ.M.

      December 17, 2020

      The retention law does not apply to Protonmail.

      https://protonmail.com/blog/eu-data-collection-illegal/

      Reply
      • AvatarMatteo

        February 20, 2021

        But this is not credible. Any there is the Swiss law for data retention for all communication to and from foreign territories, obviously this includes ProtonMail! My guess is that Swiss Secret Services have direct backdoor in the case of ProtonMail.

        Reply
  4. AvatarStephen

    December 8, 2020

    Hello Sven. Nice article. The secure email solutions seem to work well if you can talk all your contacts into subscribing to the same provider that you choose. If most of your contacts are on gmail, it seems like all your sent email will wind up on google’s servers in plain text, unless you use something like Tutanota’s “Emailing an external” that you mention. This doesn’t sound at all secure, am I missing something? Are there any of these other solutions that have an Encrypted ’email an external’ that uses a ‘password per recipient’ for decoding?

    Reply
    • Sven TaylorSven Taylor

      December 9, 2020

      True, but you can’t control the security of other peoples’ inboxes, only yours. And if your inbox is with a secure email service, it won’t be getting mined by third parties. And if your communications are really sensitive, just switch to a secure messenger service and skip email altogether.

      Reply
      • AvatarStephen

        December 9, 2020

        Sven, thanks for the reply. I understand there is value in having a secure Inbox, particularly for receiving secure email from places like your bank. It does seem though there is security to be gained by sending email using password protected link. While Tutanota has the best solution that I have personally seen for this (compared to password by message implementations), I am wondering if there are other and more complete solutions. While it is hard to switch email services, chasing features, finding a provider with more complete security model might be worth the trouble of switching.

        Reply
        • Sven TaylorSven Taylor

          December 9, 2020

          Hi Stephen, Mailfence and ProtonMail also have this feature as well.

  5. AvatarTalman G

    December 7, 2020

    Sven,

    One thing that still seems unclear about these secure email services, such as Proton and Tutamail, is whether or not you can receive email from non-secure email providers like gmail, yahoo mail without exchanging some type of password. For example, if I sent an unsolicited unencrypted email from gmail to a person with Tutamail would he or she receive it?

    Thank you for your response.

    Reply
    • Sven TaylorSven Taylor

      December 7, 2020

      Yes, you can receive emails from Gmail, etc., but they aren’t sent with PGP encryption, but with both ProtonMail and Tutanota, all emails in your inbox are stored encrypted at rest.

      Reply
  6. AvatarTrut

    December 6, 2020

    What about Criptext.com? I use it and like it..

    Reply
    • AvatarAnon

      January 7, 2021

      bump

      Reply
      • Avatarvanp

        January 10, 2021

        Which means what, exactly?

        Reply
  7. AvatarAton

    December 3, 2020

    Hi Sven. Can I use two secure email provider for different purpose so I can distribute trust between the two different company? Say, ProtonMail with Tutanota.

    Reply
    • Sven TaylorSven Taylor

      December 3, 2020

      Yes of course, and it’s a good strategy. I do that with email, browsers, computers, and vehicles 😉

      Reply
  8. AvatarVinicius

    November 25, 2020

    Sven Im trying to find a good option that supports IMAP. I saw some complains about the support of mailfence, wich one thats contain IMAP do you recommend?

    Reply
    • Sven TaylorSven Taylor

      November 25, 2020

      I’d still say Mailfence with IMAP, and they have email support with response times around 24 hours.

      Reply
      • AvatarVinicius

        November 27, 2020

        Thank you! 😀

        Reply
  9. AvatarHubert

    November 6, 2020

    Free and IMO very good servise: dismail.de

    Reply
  10. AvatarTrude Lambertz

    November 6, 2020

    Regarding the point of criticism about posteo: “Custom domains not supported; no “.com” options available”.

    “Other domains (e.g. posteo.us, posteo.uk, posteo.es and many more) are available for use as alias addresses after signup. ” 2 alias addresses are included for free.
    Source: https://posteo.de/en/signup

    Reply
  11. AvatarRajesh

    November 4, 2020

    Thank you for the great service and articles, I appreciate it. It might be a beginner’s question, but I am not sure what is the best username for a new email account. Is it best to choose a random name and then for the aliases have more of a structure, identifable name for friedns and family, for example? Thanks,

    Reply
    • AvatarRosemary's baby

      November 9, 2020

      On a users name I take it your talking about the part before the @ of the email address for your email account. If this is right – I try to think of short names (3-4) letters and/or numbers, so people typing it are not burdened.
      As well something that means something to you or sounds cool, Ex: cu8r, bikine, par9, nita3.

      Same or different email services you could use name as Ex: Rash for Rajesh then apply a number of importance. Like family members would be rash1@ – friends would be rash2@ – not so sure of a contact then it’s rash5@. Understand?
      You could also assign aliases and use aliases mail addresses with family and friends – – but be sure to use the mail servers option of a signature – – – and it be of your real name so they know it’s from you.
      Help any for you ??????

      Reply
  12. AvatarDouglas

    November 2, 2020

    It should be noted that mailbox.org *does* store IP addresses of users accessing the web interface, but for 4 days. See https://mailbox.org/en/data-protection-privacy-policy

    “Type: web server / web portal / administration interface
    Relates to: JPBerlin, mailbox.org, Heinlein-Hosting, ox.io

    Stored data: when and from which IP address our platform was accessed.
    Purpose: protection against misuse and unauthorised access
    Erasure period: after 4 days.
    Access by: system administration, support/help desk, programmer”

    Reply
  13. AvatarMiti

    November 2, 2020

    Has anyone heard of or had experience with Autiti.org https://www.autistici.org/?

    Reply
  14. AvatarMark Gailmor

    October 27, 2020

    Wow, great post but so sorry that there is no mention of sub rosa. I’ve been using them for two years and am very pleased. They are a bit on the higher side but you get what you pay for. They are based in Panama and have very strict privacy laws. If you subscribe for a year it comes out to around $2.83/mo. So they aren’t the most expensive. They also do no retain logs and they have self-destructing emails. And, because they aren’t in Europe, they aren’t subject to the prying eyes of the U.S. In fact, they are under no obligation to share any email with the U.S. And this is exactly why I chose them. I’m not hiding anything but my email is my email and I have a right to my privacy.

    https://novo-ordo.com/email-services/

    Reply
    • AvatarMark Gailmor

      October 27, 2020

      Ok, wait, I see there is mention of subrosa. I had no idea they had moved, at least one server to Switzerland. Hmm, this may require choosing a different email when renewal time comes up again. Now I just need to find a non-EU email/

      Reply
    • Avatarvanp

      October 27, 2020

      From “About Us>News”:

      “2018 March 23
      Sub Rosa moves to Switzerland. In an effort to improve reliability while maintaining customer privacy, we have moved our server from Panama to Switzerland.”

      Reply
    • AvatarAllan Smith

      October 28, 2020

      There is another good email service call CRIPTEXT. It’s based on Panama and use de Signal Protocol to secure all comunication.
      Plus, all the user data is store only in the smartphone. There is no information store in a server. The service it’s free, but it also has a paid version.

      Reply
      • Avatarsupokaylah

        November 6, 2020

        I believe they use AWS though.

        Reply
    • AvatarRosemary's baby

      November 2, 2020

      Scroll down the founder or guy running sub rosa named Rick was here about Nov. 16 -22 2019. Sub Rosa is not for long term email storage and it was advised to off-load your emails with a thirdparty client if you want to keep them.

      Then I’d challenge your thought that ‘they aren’t subject to the prying eyes of the U.S. Really with the US Government there many years on the panama canal in a lead roll. You don’t think bonds weren’t formed to get past red tape.
      As Panama is a corrupt place as well with the wealth class running it so the main population stays behind and poor.

      Reply
  15. AvatarAnonymous

    October 27, 2020

    Sven,

    Have you heard of a browser extension called Mailvelope and if so, what do you think of it?

    Reply
    • Sven TaylorSven Taylor

      October 27, 2020

      We have not tested Mailvelope, but noted that it can be used with Mailbox.org in the review.

      Reply
  16. AvatarLeah

    October 25, 2020

    Please update Tutanota’s pricing: (as of October 2020)

    They offer three plans each for Personal and Business.

    •Personal Options:
    ——————————
    1) Free: 100% free basic account -limited to just one email address. 1 Gb. No extras.
    ( A few years ago there was no limit – now they delete email accounts after six months if not accessed during that time. )
    2) Premium: $12 Year – 1 Gb. Up to five additional aliases. Custom domains. Support.
    3) Teams: $48 Year – 10 Gb. Up to five additional aliases. Custom domains. Support.

    •Business Options:
    ——————————
    1) Premium: $12 Year – 1 Gb. Up to five additional aliases. Custom domains. Support.
    2) Teams: $48 Year – 10 Gb. Up to five additional aliases. Custom domains. Support.
    3) Pro: $72 Year – 10 Gb. Up to twenty additional aliases. Custom domain+Login. Priority Support. Custom logos, colors and Contact Forms.

    They also offer several extras and features:
    •Larger Storage Options -All Cloud Storage and Calendars are Encrypted.
    1) 10 Gb – $24
    2) 100 Gb – $120
    3) 1 Tb – $600

    •Additional Aliases
    1) 20 – $12
    2) 40 – $24
    3) 100 – $48

    •Business Accounts can upgrade/add customizable features.
    •Tutanota donates Business Accounts to Non Profit Organizations.
    • If you are a developer, you can request adding your favorite feature by contributing code.
    •Pricing Calculator: select your specific needs from all their various options to view yearly price.

    After using Tutanota for more than six years, I can say without a doubt, it’s by far the best email service, paid or free.

    Reply
  17. AvatarAnonymous

    October 24, 2020

    Sven,

    I’ve read that Swiss law requires all email providers to retain deleted emails for six months. How do Swiss secure email providers deal with this issue? It suggests a lack of security if the provider saves the emails after the client has deleted them.

    Reply
    • Sven TaylorSven Taylor

      October 25, 2020

      No, Swiss data retention laws do not apply to Swiss email services operating there.
      https://protonmail.com/blog/eu-data-collection-illegal/

      Reply
      • AvatarAnonymous

        October 25, 2020

        I only asked because on the CTemplar site it states, “Email services in the US and Switzerland are legally required to track your IP address even if you disable IP tracking.”
        Am I misreading this?

        Reply
        • Sven TaylorSven Taylor

          October 25, 2020

          As with most laws, there are probably different interpretations of the Swiss data retention law. But I think it is clear this only applies to internet service providers.

  18. AvatarBo Yu

    October 20, 2020

    when look at those secure email locations are all under 14 eyes, 41 eyes, Europe alliance.

    Germany Switzerland Belgium Norway Sweden Iceland The Netherlands Canada

    Reply
    • AvatarJackie

      October 23, 2020

      In which country (outside of Europe and North america) you can get secure email address? Panama?

      Reply
    • AvatarArnon

      October 25, 2020

      Tutanota, which recommended here, is German based and all emails in Germany are reported as a text file to authorities;
      There is no such thing as a secure email,not from NSA and Govt spying world wide, same thing anyway, MAYBE TO AVOID ANNOYING ADS OR USING YOUR DATA BY COORPORATES, NOT GOV.

      Reply
      • Sven TaylorSven Taylor

        October 25, 2020

        You said “all emails in Germany are reported as a text file to authorities.”
        Where is your proof for this claim? Tutanota has admitted that in certain cases when they receive a valid court order, they are required to collect data on the respective user, but this is not “all emails” from all people.

        Reply
        • AvatarJackie

          October 25, 2020

          A new data law came into force in Germany about a year ago. All email providers have to perform data retention.

        • Sven TaylorSven Taylor

          October 25, 2020

          Source?

        • AvatarJackie

          October 26, 2020

          https://tutanota.com/blog/posts/transparency-report/

          https://www.sueddeutsche.de/digital/tutanota-verschluesselung-e-mail-ueberwachung-polizei-1.4676988

          Is in german but you can translate. That mean all email providers in Germany like Tutanota, Mailbox.org or Posteo.de must give the datas to the court! In future the EU will make new laws againt the email provider.

        • Sven TaylorSven Taylor

          October 26, 2020

          No, this is not data retention on “all emails”. Wrong context.
          Once again, as I’ve said before, this is about TARGETED data collection that only affects specific people who are the subject of a valid court order in Germany. In other words, this is not blanket meta data collection on all users, like we are already seeing in the UK and Australia. But rather, if you attract the attention of the German police or government, a German court can force German email providers to target specific users with data collection. This was the case when hackers were blackmailing companies in Germany, from Tutanota email address.
          But if you are using full encryption with your emails, as Tutanota recommends, the contents of your emails remain protected and encrypted. This specific case was about real-time surveillance of data on specific, targeted users named in a valid German court order.

        • AvatarEd

          October 26, 2020

          Sven,
          Thanks for the page. Interested in getting out of gmail. Cost aside, what do you recommend as the most secure across the board? (encryption type, content, location, etc…)? CTemplar?

        • AvatarJackie

          October 26, 2020

          I understand what you mean. But in Germany there is a “Bundestrojaner” (Virus) from the state, here some detail information: https://resources.infosecinstitute.com/german-trojan/

          But the german state also makes secret general controls.
          For examle the Whatsapp messages: https://www.computerbase.de/2020-07/whatsapp-bka-liest-mit-ohne-staatstrojaner/

          That is the reason why you should find a secure mail outside of Europe, North america, Australia and New Zealand. Perhaps in South America, Panama, Asia?

  19. AvatarDeci

    October 16, 2020

    Any thoughts on Inbox.eu? I do not need top security. I just want something that is not tracking me across websites and selling my data. Does anyone know if they strip IP addresses from headers? They advertise “encrypted messages” but not sure that the mailbox is encrypted at rest.
    They’ve been operating in Latvia for 20 years.

    Per the TOS, the do collect name, birthdate, gender and log IP and a, but do not sell it. I’m okay with this for basic online registrations etc.
    https://help.inbox.eu/category/312/question/834
    https://help.inbox.eu/category/323/question/998
    3.7. «Inbox.eu» reserves the right to impose restrictions on the use of the Service, and can change them at its discretion without prior notice.
    «Inbox.eu» collects personally identifiable information when you register in Inbox.eu system.
    4.3. When you register for Inbox.eu, you are no longer unknown to us.
    4.4. «Inbox.eu» automatically receives and records information from your browser on our servers including your IP address, cookie information and the page you requested.
    4.5. «Inbox.eu» will not sell or rent your personally identifiable information.
    4.10. Your personal data will be processed in accordance with the “Personal Data Protection Law” requirements, and will be based on personal data processing systems of Latvian Republic Data State Inspectorate.

    Reply
  20. AvatarRosemary's baby

    October 13, 2020

    Reply to Jackie,

    You could try 33Mail and where the basic service is absolutely FREE.
    Create a new e-mail address whenever you need one. Maintain complete control over active addresses. Forwards all mail to your existing e-mail address. You can even reply anonymously to emails forwarded by 33Mail.

    Reply
    • AvatarJackie

      October 24, 2020

      But is 33 Mail open source? Tracking free?

      Reply
      • AvatarRosemary's baby

        November 9, 2020

        Jackie that’s the leg work you need to do – I offered an option only.
        Also see this if it has what your looking for – [https://restoreprivacy.com/email/temporary-disposable/]

        Reply
  21. AvatarJackie

    October 10, 2020

    Which alternative address should I give to runbox for inscription? gmail or gmx not possible.
    If you loose password or any problems with the mail account then you can not get it if there is no altervative email address!
    Thanks.

    Reply
  22. Avatarcharles

    October 1, 2020

    Is the ability to search ONLY email subject lines a limitation with PGP? Or is that a just a limitation with Protonmail?

    Do you know which ones do support searching the content of the emails?
    I don’t think I could live without that feature.

    Great article.

    Reply
    • Sven TaylorSven Taylor

      October 1, 2020

      PGP does not encrypt subject lines, which remain in the clear, and hence are searchable with ProtonMail, which relies on PGP. As an alternative, you can check out Tutanota. They do not use PGP, encrypt subject lines, along with the rest of your inbox being encrypted at rest, but content of emails is still searchable. The other email services in this guide, such as Mailfence and Posteo, also allow you to search content of emails.

      Reply
      • AvatarPanda

        October 8, 2020

        I need a suggestion for the best free versions of paid ones or free secure email services coz I can’t afford to pay for softwares right now.

        Reply
        • Sven TaylorSven Taylor

          October 8, 2020

          Mailfence or Tutanota

  23. AvatarAlex

    September 23, 2020

    This is an excellent comparison, I found it to be very insightful.
    Especially the privacy aspect of each service.
    Online privacy and anonymity are two subjects that are very important to us.
    We run a privacy-driven email provider: https://cyberfear.com.
    It comes with end-to-end encryption, TOR support, crypto payments, no IP logging policy and many more features which you can find on our website.
    I hope you will find time to review it 🙂

    Reply
    • Sven TaylorSven Taylor

      September 23, 2020

      Thanks. We’ll test the service and consider adding it with the next update to this guide.

      Reply
    • AvatarRosemary's baby

      September 23, 2020

      Where is cyberfear located?
      Are you aware the Contact Us on the cyberfear doesn’t respond.
      “Contact us anytime. We will answer ASAP. CONTACT US”

      Reply
      • AvatarAlex

        September 23, 2020

        Servers are located in Poland, Europe.
        To contact us please drop us an email, cyberfear [at] cyberfear.com
        The button links to that email.
        We will add a Contact Form shortly.

        Reply
  24. AvatarGarry

    September 22, 2020

    Hello Sven,
    Please I am desperate to know if this is true-
    https://tarnkappe.info/tutanota-muss-polizei-e-mails-unverschluesselt-uebermitteln/
    I use Tutanota for even my most critical emails. Can you reach to root of this as fast as possible. I have to switch to another service if this is true. (And that would not be an easy task. Thanks in advance.

    Reply
    • Sven TaylorSven Taylor

      September 22, 2020

      Yes, this is true, and we cite that exact case in this guide. See the section on Germany jurisdiction, where we commented on both this case with Tutanota and also the case with Posteo being forced to log IP addresses. So we see two cases where German courts went against privacy. Things to keep in mind…
      For better security and more privacy, we recommend using an encrypted messaging service rather than email.

      Reply
      • AvatarRosemary's baby

        September 22, 2020

        Summing it up, where no EU legislation reach applies, it is not possible to force an email operator to divulge it’s customer data in the 1st place.
        As the two cases cited where Tutanota and Posteo must comply I’d rather see them not. Yet, dissolve or restructure their headquarters to a more privacy and data respecting local.
        Bottom line, if they or any like them truly believe that their service is valuable and changes peoples lives for the betterment. They should be willing to change their life first and foremost by moving it and their cause to stay unblemished. Not just accepting a legal compromise of the moment that forever changes their business and philosophy projections going forwards.
        Eek, I’ve used them both.

        Reply
        • Sven TaylorSven Taylor

          September 22, 2020

          Yep, me too, and Iceland is looking pretty good as a safe jurisdiction, but who knows what the future holds.

        • AvatarRosemary's baby

          September 22, 2020

          I remember back when I learnt of Ctemplar. I believe they stated then, they had a legal staff employed to monitor privacy laws changes. Such changes to laws that would affect their business operations in and out of the country they operate. I wasn’t able to source it now. I did find the following, though dated it is current to the trend of times.

          The term “Privacy Shield” is a deceptive name and is harmful to peoples privacy. The EU/Swiss-US Privacy Shield Frameworks were initially formed by the US Department of Commerce, the European Commission, and the Swiss government. The main objective behind the joint alliance was to provide a way for organizations and corporations to adhere to data protection when sharing peoples private data between countries. By 2016, the European Commission decided to allow the EU-US Privacy Shield Framework to monitor data transfer under the EU law. It is strongly advised that people who seek privacy should not choose a country, like Switzerland or Germany, within the privacy shield. The desire for increased profits has been the driving force for joining the Framework, and in the process, these nations/organizations end up knowingly abusing their citizens privacy.
          [https://web.archive.org/web/20190217192703/https://blog.ctemplar.com/swiss-privacy-is-dead-icelandic-privacy-is-most-secure/]

          Icelandic Privacy Laws
          [https://ctemplar.com/icelandic-privacy-laws/]

  25. AvatarGerhard

    September 20, 2020

    Tutanota must transmit unencrypted e-mails to the police

    https://tarnkappe.info/tutanota-muss-polizei-e-mails-unverschluesselt-uebermitteln/ (german)

    Reply
  26. AvatarJ.M.

    September 9, 2020

    I just thought I would share this data.

    This is really interesting read and thought if anyone is wondering about Google, please read.

    https://protonmail.com/blog/searches-increase-for-email-privacy/

    Reply
    • Sven TaylorSven Taylor

      September 9, 2020

      Good read, thanks for sharing J.M.

      Reply
      • AvatarJ.M.

        September 9, 2020

        @Sven,

        You’re welcome. I am glad to help and share what I can.

        Reply
  27. AvatarJody

    September 9, 2020

    How about Criptext? They say all your emails are stored on your device only and automatically deleted from their servers after it’s delivered to you. Do you know if this is true or better?

    Reply
    • Sven TaylorSven Taylor

      September 9, 2020

      We will check it out with the next update.

      Reply
      • AvatarMatteo

        February 20, 2021

        Sven, did you do a deep dive on the strange back story of this company (Criptex). Everything screams 5 eyes/US vasalle states and CIA about this, including a bizarre and maybe artifically created backstory of the CEO. His further bio fits perfectly with typical CIA operatives in the tech field (fronts, backdoors, trap services to attract those who have something to hide or are system critics).

        Reply
        • Sven TaylorSven Taylor

          February 20, 2021

          No, I have not looked at this.

  28. AvatarJ.M.

    August 27, 2020

    @Sven,

    Two comments,

    Your con list for Tutanota should also have the following two:

    1) Potential and significant down time with no email access.
    2) Member of the 14 eye nations.

    Your last negative on ProtonMail should reflect their change. It should be removed and a new note under Pro as follows:

    1) All apps and software are now open sourced.

    Thanks Sven.

    Reply
    • Sven TaylorSven Taylor

      August 27, 2020

      Good points J.M.
      I removed the con with ProtonVPN about closed source apps, and noted the open source Android app under the Pros.
      With Tutanota, we’ll keep an eye on the downtime issue. Yes, it is in Germany, but my stance right now is 5 Eyes are a bigger issue to worry about, and Germany is pretty good in comparison. But we discuss this issue more in the Tutanota review.

      Reply
      • AvatarJ.M.

        August 27, 2020

        @Sven,

        Thanks. I do understand about the 5 vs 14 eyes.

        There was an article on the PIA blog (not that I would trust them for security) but they pointed out a bill that will change Germanys law and make ISPs spy as well.

        I appreciate the help on this and I will watch for your updates. Thanks again.

        Reply
  29. AvatarLiz

    August 25, 2020

    When we over at Coventry League wrote a blogentary about the Vivaldi browser, we mentioned ProtonVPN (ProtonMail). What’s interesting is that Vivaldi’s co-founder, ​Jon Stephenson von Tetzchner, is from Iceland. He has incorporated some decent privacy into the browser (native ad- and tracker-blocking, etc.). So, it’s refreshing to see that Iceland-based CTemplar made your list.

    By the way, we noticed you mentioned Lavabit but didn’t include it in the list. A quick search revealed that Lavabit is back in business. Apparently it offers consumers a plan at $2.50/month (free for limited period) and 5GB storage (end-to-end DIME encryption; one may use own domain name; access it via POP or IMAP, etc.). It also offers a free open source email client called Volcano, which supports Lavabit’s Dark Internet Mail Environment (“DIME”).

    Any thoughts about viability of setting-up encryption-at-rest on a NextCloud instance, since NC offers an email platform?

    Here’s the link to CL’s article (we need to update it since Vivaldi has new features since Feb. 2020!): [https://coventryleague.com/blogentary/vivaldi-artistic-beauty-and-technology/]

    Reply
    • AvatarAlex

      December 9, 2020

      Correct. Lavabit is in fact back in business. In addition, they released their server source code on github and you are able to run your own instance of a “lavabit” server.
      github[.]com/lavabit/magma

      Reply
  30. Avatarpanos

    August 23, 2020

    Sven, thanks a lot for all your informative reviews on the field. I found them extremely helpful!

    I have done quite a bit of reading on the matter and I’m leaning towards Mailbox.org, even though I like ProtonMail a lot more than Mailbox. It’s just this significant difference in price, however, that doesn’t really let me go with ProtonMail. Mailbox isn’t bad at all (at least for me), especially since all I want is to “simply” escape from gmail. But other than this, Protonmail has a better webmail, it has a mobile app, and as far as I saw from other comments here, a relatively good customer support (i.e. not too many complaints compared to other providers).

    So, as you can see, I’m torn between them two! I’m thinking that maybe the lower cost of Mailbox will cause me headaches down the road (with downtime, customer support, etc). Or is it just that ProtonMail being swiss, is consequently expensive, but otherwise offers the same features as e.g. German-based providers?

    Any insights are very welcome!

    Thanks a lot!
    Panos

    Reply
    • Sven TaylorSven Taylor

      August 24, 2020

      You can also test each out for a few weeks and request a refund if you don’t like it.

      Reply
« Older Comments
Newer Comments »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended Privacy Setup

  1. Private and secure browser: Modified Firefox or Brave
  2. VPN: NordVPN with [68% off coupon] or Surfshark with [81% off coupon]
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or ProtonMail
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Swisscows
  7. Password manager: NordPass or Bitwarden

Support this Project

Restore Privacy was created to provide you with honest, useful, and up-to-date information about online privacy and security topics. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others.

You can read our mission here.

Restore Privacy is also on Twitter

COPYRIGHT © 2021 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP