Are your emails and attachments safe from prying eyes?
Unless you are using a secure email service that respects your privacy, the answer is probably no.
Most large email providers, such as Gmail and Yahoo, do not respect the privacy of your inbox. For example,
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
- Advertisers are allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo was also caught scanning emails in real-time for US surveillance agencies.
While Gmail does allow users to opt out of some invasive features, the basic business model of these services revolves around data collection.
Another concern is where your email service is located and how this may affect your data and privacy. Some jurisdictions have laws to protect data privacy (Switzerland), while others have laws in place to erode it (the US and Australia). We’ll cover this in more detail below.
On a positive note, there is a relatively simple solution for keeping your inbox more secure: switch to a secure email provider that respects your privacy.
What is the best secure email service?
With so many different types of users, there is no single “best secure email” service that will be the top choice for everyone.
While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.
Here are just a few factors to consider when switching to a secure email provider:
- Jurisdiction – Where is the service located and how does this affect user privacy? Where is your data physically stored?
- PGP support – Some secure email providers support PGP, while others do not use PGP due to its vulnerabilities and weaknesses.
- Import feature – Can you import your existing emails and contacts?
- Email apps – Due to encryption, many secure email services cannot be used with third-party email clients, but some also offer dedicated apps.
- Encryption – Are the emails end-to-end encrypted in transit? Are emails and attachments encrypted at rest?
- Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and support for DAV services.
- Security – What are the provider’s security standards and policies?
- Privacy – How does the email service protect your privacy? What data is being collected, for how long, and why?
- Threat model – How much privacy and security do you need and which service best fits those needs?
The goal of this guide is to help you find the best secure email solution for your unique needs.
This list is not in rank order. (Choose the best secure email service for you based on your own unique needs!)
Here are the most secure email providers that protect your privacy.
1. ProtonMail – Secure email in Switzerland
| Based in | Switzerland |
| Storage | 5 - 20 GB |
| Price | $4.00/mo. |
| Free Tier | Up to 500 MB |
| Website | ProtonMail.com |
ProtonMail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a team of academics working at MIT and CERN in 2014. Shortly thereafter, it was promoted in American media as “the only email system the NSA can’t access” – which was around the time Lavabit was shut down for not cooperating with the US government.
Looking at the service itself, ProtonMail does a lot of things right. It utilizes PGP encryption standards for email and stores all messages and attachments encrypted at rest on Swiss servers. ProtonMail has a unique feature for “self-destructing messages” and they have also added address verification and full PGP support.
Regarding encryption, however, it’s important to note that ProtonMail does not encrypt subject lines of emails, which is an inherent limitation with PGP (not ProtonMail). Additionally, the ProtonMail search function can only search subject lines within your inbox, but not the actual content of your emails. This is another functional limitation that comes from integrating more encryption and security into the service.
ProtonMail does offer some great apps for mobile devices (Android and iOS). You can also use ProtonMail with third-party apps through the ProtonMail Bridge feature (restricted to paid users).
Overall ProtonMail is a well-regarded email provider, and should be a great secure email option for most users. Switzerland remains a strong privacy jurisdiction that is not a member of any surveillance alliances. In addition to email, the same team also offers a VPN service, which we have tested for the ProtonVPN review.
+ Pros
- Can import contacts and emails through bridge feature
- Strips IP address from emails
- Emails are encrypted at rest and stored on Swiss servers
- Officially under Switzerland jurisdiction
- Apps for mobile devices
- Can be used with email clients through the ProtonMail Bridge feature
- Open source apps
– Cons
- Utilizes phone number verification
- Above-average prices
- Fewer features than other secure email services
https://ProtonMail.com/
See our ProtonMail review for more info.
2. Mailfence – Fully-featured secure email in Belgium
| Based in | Belgium |
| Storage | 5 - 50 GB |
| Price | €2.50/mo. |
| Free Tier | Up to 500 MB |
| Website | Mailfence.com |
Mailfence is a fully-featured secure email provider offering calendar and contacts functionality, file storage, and PGP encryption support. It is based in Belgium, which is a good privacy jurisdiction with strict data protection laws.
For those wanting full PGP control and interoperability, without plugins or add-ons, Mailfence is a solid choice. Whether you are a personal user or you need a secure email solution for your business or team, Mailfence likely has all the features and options you’d want.
While many secure email services sacrifice features and functionality for security, you can have it all with Mailfence. This makes Mailfence a great alternative to full email and productivity suites, such as G Suite or Office 365.
In testing everything out for the Mailfence review, I found it to work very well with an intuitive design, slick layout, and tons of features. Mailfence also offers email and phone support, in addition to cryptocurrency payment options.
One of the main drawbacks with Mailfence, which separates it from other secure email providers, is that there’s no built-in way to encrypt your entire inbox. Instead, your only option to do this is locally with a third party client. Fortunately, they are working to integrate a built-in encryption option in the coming months.
+ Pros
- Based in Belgium, with all data stored on Belgian servers
- Full OpenPGP encryption support and digital signatures
- Includes Messages, Documents, Calendar, Contacts, and Groups
- SMTP, POP, and IMAP support
- Can synchronize with other email clients
- Supports password-protected messages with expiration time
- Removes IP addresses from mail headers
- Two-Factor Authentication (2FA) support
- OpenPGP user keystore
- Great user interface (recently updated)
- Cryptocurrency payment options
– Cons
- Code is not open source
- Some basic connection logs are kept
- No built-in options for encrypting entire inbox (at rest)
https://Mailfence.com
See our Mailfence review for more info.
3. Tutanota – Private and secure email in Germany
| Based in | Germany |
| Storage | 1 - 1,000 GB |
| Price | €1.00/mo. |
| Free Tier | Up to 1 GB |
| Website | Tutanota.com |
Tutanota is a Germany-based secure email service run by a small team of privacy enthusiasts, with no outside investors or owners. While their service is focused on providing you with the highest levels of email security, it still remains user-friendly and intuitive.
Rather than using PGP and S/MIME, Tutanota utilizes their own encryption standard incorporating AES and RSA. This standard encrypts the subject line, supports forward secrecy, and can be updated/strengthened if necessary against quantum-computer attacks, as they explain here.
All messages in your inbox, contacts, and calendar are encrypted at rest on servers in Germany. For sending encrypted emails with Tutanota, you have two options:
- Emailing another Tutanota user, which encrypts everything automatically (asymmetric encryption)
- Emailing an external (non-Tutanota) user with a link to the message and sharing a password key for encrypting/decrypting messages (symmetric encryption).
While Tutanota uses high encryption standards and is arguably one of the most secure email providers anywhere, it also comes with some tradeoffs. This includes no support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tutanota inbox, but they’re currently working on adding a migration feature – see the roadmap.
To explain why Tutanota does not rely on PGP standards, Tutanota cofounder Matthias Pfau wrote this piece for Restore Privacy readers, Let PGP Die: Why We Need a New Standard for Email Encryption.
If you are looking for a transparent, high-security email provider run by a team of privacy enthusiasts, Tutanota is a solid choice.
Downtime Alert – One problem we have noticed in the past year is that Tutanota has suffered from lots of downtime. We have seen Tutanota blame DDOS attacks for these problems. Regardless of the reasons, the downtime has been a frustrating issue for many Tutanota users, especially those who need continuous access for business email. Keep this in mind when considering Tutanota.
+ Pros
- Messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
- Strips IP address from emails
- Open source code (including mobile apps)
- Great apps for mobile devices
- Free accounts with 1 GB of storage
- Encrypted calendar and contacts
- Discounts and additional support for non-profits
– Cons
- Issues with down time
- Does not support PGP
- Potentially delays with account approval
- No way to import existing emails
https://Tutanota.com
See our Tutanota review for more info.
4. Mailbox.org – Private email in Germany
| Based in | Germany |
| Storage | 2 - 100 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Mailbox.org |
Another Germany-based secure email provider worth considering is Mailbox.org. Unlike some of the other secure email services in this guide, Mailbox.org is fully-featured and can function as a full email and productivity suite, similar to Mailfence. It offers a huge lineup of features: Mail, Calendar, Address Book, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. The layout and design of Mailbox.org are also user-friendly, even with all the features and preferences.
When choosing a secure email provider, you often have to choose between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, Mailbox.org offers full PGP support and options to easily encrypt all your data at rest on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party email clients.
Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month and going up for more storage and features. You can pick up a free 30-day trial if you want to test-drive this privacy-focused email provider.
+ Pros
- PGP support (server-side or through third-party app)
- Company and server located in Germany with strong privacy protections
- HSTS and PFS for messages in transit
- Protected against man-in-the-middle attacks
- Message and spam filters
- Virus protection
- Full text search
- POP, IMAP, SMTP, ActiveSync support
- vCard, CardDAV, CalDav support
- Messages are encrypted at rest
- Supports custom domains
- Open source
– Cons
- No mobile clients (but can be used with third-party email clients)
- Some tracking during registration
https://Mailbox.org/
Check out our Mailbox.org review for more details.
5. Posteo – Privacy-focused email in Germany
| Based in | Germany |
| Storage | 2 - 20 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Posteo.de |
Posteo is (another) German email provider that offers a high level of privacy and security for its users. In some respects, it has much in common with Mailbox.org. Both are fully-featured email providers that utilize PGP encryption standards, with similar prices. But in a few key areas, Posteo is a bit different:
- Custom domains are not supported.
- There is no spam folder (all emails are either delivered to your inbox or rejected).
- There’s no trial or free tier (but still quite affordable).
In terms of privacy, Posteo really makes an effort to protect the privacy of their users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.
Posteo also supports completely anonymous registration and anonymous payments – even allowing you to send cash in the mail for no digital trail. (We see this trend with VPN services as well.) And if you pay with a credit card, PayPal, or some other digital method, they manually separate account details from payment info.
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
- Subject, headers, body, metadata, and attachments are encrypted
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong commitment to privacy, sustainable energy, and other social initiatives
- Self-financed; good track record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (cash) payments
- Supports SMTP, POP, and IMAP protocol + Two-Factor Authentication
– Cons
- Custom domains not supported; no “.com” options available
- No spam folder (spam emails are either rejected or delivered to regular inbox)
- No trial or free version
- Cryptocurrency payments not supported
https://Posteo.de/
See the Posteo review for more info.
6. Runbox – Private and sustainable email in Norway
| Based in | Norway |
| Storage | 1 - 25 GB |
| Price | $1.66/mo. |
| Free Tier | 30 day trial |
| Website | Runbox.com |
Runbox is a long-running private email service in Norway that has been operating for over 20 years. Norway is also a good jurisdiction with a strong legal framework for privacy. All Runbox servers are located in secure Norwegian data centers, running on clean, renewable, hydropower energy.
One unique feature of Runbox is that it gives you 100 aliases to use with your account. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, POP, and IMAP protocols and can be used with third-party email clients. This year they released Runbox 7, which is a webmail client, but they do not offer custom mobile or desktop clients.
Unlike some other secure email providers, Runbox does not have a built-in option for encrypting your entire mailbox. And while you can use PGP with Runbox, it is not yet built into the platform. Another drawback is that Runbox does not offer a built-in calendar, but this feature may be included in Version 7 (when released).
Runbox offers 30 day free trials and makes importing your existing emails simple with the guides on their site. They are currently offering a discount “2 years for the price of 1” on their website here.
+ Pros
- IP addresses stripped from messages
- Includes Webmail, Contacts, and Files
- Servers run on renewable energy
- Supports SMTP, POP, and IMAP protocols
- Synchronizes with other email clients
- GDPR compliant
- Norway has strong data protection laws
- 100 email aliases per mailbox
- Custom domain names on some paid accounts
- Numerous payment methods accepted (including cash and cryptocurrencies)
– Cons
- Browser-based; no desktop or mobile apps
- Not open source (but version 7 should have open source client)
- Data not encrypted within the Runbox system or at rest
- No business-specific features
https://Runbox.com
Check out our Runbox review here.
7. CounterMail – Private and secure Swedish email service
| Based in | Sweden |
| Storage | 4 GB+ |
| Price | $4.83/mo. |
| Free Tier | 7 day free trial |
| Website | CounterMail.com |
Next up on our list is CounterMail, a secure email provider based in Sweden. CounterMail has been operating for over 10 years with a philosophy to “offer the most secure online email service on the Internet, with excellent free support.” CounterMail uses OpenPGPG encryption with 4,096-bit encryption keys along with no-logs, diskless servers to protect user privacy. Countermail anonymizes email headers and also strips the sender’s IP address. All emails and attachments are stored encrypted at rest using OpenPGP on servers in Sweden.
While CounterMail is a bit more expensive than some other secure email providers, they explain this price difference comes from using only high-quality servers and implementing strong security measures. CounterMail also protects users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL. It may not have all the frills, but CounterMail is a serious security-focused email provider with a 10+ year track record.
+ Pros
- Supports cryptocurrency payments
- Secure, built-in password manager
- All emails and attachments stored encrypted on no-logs, secure servers in Sweden
- Custom domain support
- Message filter and autoresponder features
- Uses RSA, AES-CBC, and SSL encryption to protect against leaks and MITM attacks
– Cons
- Design and UI feels outdated
- More expensive than other secure email options
https://CounterMail.com
8. CTemplar – An “armored email” service in Iceland
| Based in | Iceland |
| Storage | 1 - 50 GB |
| Price | $6.00/mo. |
| Free Tier | Up to 1 GB |
| Website | CTemplar.com |
CTemplar is a newer service in Iceland claiming to be the “The most secure & private email service in the world.” And as they correctly point out, Iceland has very strong privacy laws, perhaps the best in the world. This email provider offers some interesting security features, which you can read about here. All emails, attachments, and contacts are stored encrypted at rest on bare-metal servers in Iceland.
Although it is relatively new, CTemplar seems to be a strong contender in the secure email space. You can learn how they aim to raise the bar with security standards on their website. CTemplar offers free accounts with up to 1 GB of email storage, but to get access to all features you’ll need a paid plan.
+ Pros
- Strong encryption standards with built-in support for end-to-end encrypted emails (uses OpenPGP)
- 100% open source code
- Based in Iceland, with some of the strongest privacy laws in the world
- Zero logs; IP address stripped from emails
- Anonymous signup options (no phone verification)
- Support for Bitcoin, and Monero payments
- Self-destructing emails and Dead Man’s Timer
- Can send encrypted emails to non-CTemplar users
- 2FA support
– Cons
- Limited email clients
- Higher prices for paid plans (and all features)
- No support for IMAP/SMTP and third-party email clients
https://CTemplar.com
Check out the CTemplar review to see how this service did in our tests.
9. Kolab Now – Fully-featured Swiss email
| Based in | Switzerland |
| Storage | 2 GB+ |
| Price | $4.50/mo. |
| Free Tier | 30 day trial |
| Website | KolabNow.com |
Based in Switzerland, Kolab Now is a private email service offering lots of features and full email suite functionality. A Kolab Now subscription includes email, contacts, calendar, scheduling, collaboration/sharing tools, and cloud file storage. All of the features and options make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.
While Kolab now does offer numerous features and support for all major operating systems and devices, it also does not offer as much encryption for those who want the highest levels of security. End-to-end encryption for emails is not built-in and emails are not stored encrypted at rest.
The price is also on the higher end, especially if you want access to all features and more storage. However, for those wanting a feature-rich email suite hosted in Switzerland, Kolab Now may be a good fit.
+ Pros
- Accepts cryptocurrency payments
- Full support for POP, SMTP, and IMAP
- Switzerland jurisdiction with strong privacy protection
- Full email suite with numerous features to replace Gmail, Office365, etc.
- Support for custom domains, teams, and business users
– Cons
- End-to-end email encryption is not built-in
- Email not encrypted at rest (but stored in high-security Swiss data center)
- Higher price
https://KolabNow.com
10. StartMail – Private email hosted in The Netherlands
| Based in | The Netherlands |
| Storage | 10 - 20 GB |
| Price | $5.00/mo. |
| Free Tier | 30 day trial |
| Website | StartMail.com |
StartMail is a secure email service brought to you by the team behind Startpage, a private search engine based in the Netherlands. While there was surprising news about System1 investing in Startpage, StartMail is its own unique entity under StartMail B.V. – a company operating under Dutch law in The Netherlands.
The Netherlands is a good jurisdiction for privacy and StartMail aims to keep as little data as possible to run their operations (see privacy policy). Unlike most secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.
StartMail allows users to utilize PGP encryption with emails also being encrypted at rest on their Dutch servers. One cool feature with StartMail is they give you the ability to create temporary, disposable email addresses “on the fly” to use with different services. IMAP and SMTP are also supported if you want to use StartMail with third-party apps such as Thunderbird.
+ Pros
- Can create temporary, disposable email addresses
- Accepts cryptocurrency payment
- IMAP and SMTP support; can use custom domains
- Headers and IP address stripped from all emails
- Accounts come with 10 GB file storage
– Cons
- No custom mobile apps
- Not open source
- Interface feels a bit outdated
https://www.StartMail.com
11. Soverin – Basic private email in Netherlands
| Based in | The Netherlands |
| Storage | 25 GB |
| Price | €3.25/mo. |
| Free Tier | No |
| Website | Soverin.net |
Soverin provides a basic and private email service at a reasonable price. Plans come with 25 GB of storage and custom domains are supported. All data is stored on servers in Germany. Soverin strips IP addresses from headers while also using strong encryption standards, although email is not stored encrypted at rest by default.
For those wanting a basic private email with lots of storage that is protected by European privacy laws, Soverin may be a good choice. It can also be used with third-party email clients and importing old emails is relatively simple.
+ Pros
- 25 GB of data storage for all plans
- Data protected under Dutch privacy laws and GDPR
- Can be used with third-party email clients
– Cons
- No custom mobile apps
- Not open source
- No built-in encryption options
https://Soverin.net
12. Thexyz – A fully-featured private email service in Canada
| Based in | Canada |
| Storage | 25 - 100 GB |
| Price | $2.95/mo. |
| Free Tier | No |
| Website | www.Thexyz.com |
Another privacy-focused email service worth noting is Thexyz. It is a secure email and web hosting business based in Canada that offers solutions for businesses and private users. The email arm of Thexyz has been operating since 2009, as explained on the about page. While Canada may not be the best jurisdiction for privacy (Five Eyes), this may not be too concerning depending on your needs and threat model.
Thexyz does offer some great privacy and security features. Accounts come with encrypted cloud storage as well as contacts, calendar, and team collaboration tools. All emails are stored encrypted at rest using AES 256-bit encryption, with double geo-location redundancy. With a basic account, you get unlimited aliases and 25 GB of storage (upgradable to 100 GB). Even with all the perks and features, Thexyz is still very affordable at $2.49/mo with the premium webmail plan.
+ Pros
- Great applications and user interface
- Email encrypted at rest with 256-bit AES
- Subscriptions include calendar, contacts, chat, and encrypted cloud storage
- Unlimited aliases; emails can include up to 50 MB attachments
- Support for custom domains
- Autoresponder, spam filters, and incoming email filtering
- Apps for iOS and Android
- Accounts come with 25 GB of email storage (upgradable to 100 GB)
– Cons
- Based in Canada (not the best privacy jurisdiction)
- Support for end-to-end email encryption is not built-in
https://www.thexyz.com
Worth mentioning
Aside from the secure email services we discussed above, we are also keeping our eye out for new services emerging into this niche.
CyberFear Anonymous Email
CyberFear is an anonymous e-mail service in Poland that has caught our attention. It does not serve ads or log IP addresses, while also offering full encryption on par with our other recommendations. Here is an overview of CyberFear:
- End-to-end encryption of emails and metadata
- At rest, all of the following email elements are encrypted: email body, subject line, attachments, sender address, recipient address
- Anonymous registration with only username and password
- No IP logs
- Offshore servers (Poland)
- Cryptocurrency payments supported
- TOR support (Onion address is cyberfear4hlcsac.onion)
- Disaposable aliases
- Custom domains supported
- No external scripts nor captchas
- 2 factor authentication option
- PGP support
- Sending encrypted emails outside (will require password to decrypt)
- Option to host CyberFear frontend on your own computer
- Push notifications
- Open source frontend (and backend coming soon)
So far, CyberFear is looking good. You can learn more on their website here.
Email jurisdiction and data privacy
Where your email service is located (jurisdiction) can seriously impact the security of your data. Depending on your threat model, this could be a major consideration. For an overview on jurisdiction and privacy, you may want to read my article on the Five/9/14 Eyes surveillance alliances.
Here are some reasons to pay attention to jurisdiction.
United States (leading member of the Five Eyes)
Tech companies in the US can be forced to give government agencies direct access to their servers for “extensive, in-depth surveillance on live communications and stored information” – as explained in the PRISM surveillance program. Data requests can also be accompanied by gag orders, which forbids the company from disclosing what’s going on (see also National Security Letters).
There are a few known cases of US email providers being forced to give up data. In one prominent example, Lavabit decided to shut down the business rather than give up user data. Another US email provider, Riseup, was also forced to give up data to authorities.
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
Germany (member of the 14 Eyes)
While Germany has long been a rock-solid jurisdiction for privacy-focused tech companies, I’ve noticed some troubling trends recently:
- In January 2019, a German court ruled that Posteo must log IP addresses if required by a valid court order. Posteo explained they would not change their system to log all users’ IP addresses, but would comply for specific users, if ordered by a German court.
- In November 2019, a German court ruling forced Tutanota to provide real-time access to unencrypted emails for specific users targeted by a court order. As Tutanota explained, only unencrypted messages sent after the court order was received would be affected.
All email providers must comply with the law
While some of these cases may seem alarming, the truth is that all email providers must comply with legal requirements in the country they are operating in. For example, ProtonMail, a Switzerland email provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency report.
(Note: If you are concerned about your email service logging your IP address, then simply use a good VPN service.)
Considering everything, some jurisdictions are much better than others, so choose wisely. As a general rule, I’d still avoid email services in the US, and perhaps other Five Eyes jurisdictions.
Want secure email? Pay for it.
The unlimited “free” email business model is fundamentally flawed. It offers a free service, which is used to collect data and thereby monetize the user and make money on ads. With these privacy-abusing “free” services, you are actually paying for the product with your data.
In contrast, here we recommend privacy-friendly, secure, ad-free email services. While some of these private email services offer limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium business model).
Support good privacy businesses
Fortunately, you can “vote with your dollars” by supporting these privacy-respecting businesses and upgrade to paid accounts. This will help secure email providers to grow, improve, and serve more people with an ethical business model that does not rely on exploiting their users’ data.
Secure email shortcomings and PGP flaws
Most secure email solutions mentioned in this guide utilize PGP for end-to-end encrypted email. PGP, which stands for Pretty Good Privacy and was invented back in 1991 by Phil Zimmermann.
PGP flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently – see also the EFAIL vulnerabilities. While the news did attract lots of attention, the “flaws” were mainly limited to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.
Limited Use – Another fundamental problem with adopting secure email is that few people are willing to go through the hassle of PGP key management, encryption, decryption, etc. There are some solutions, to this, however, and by some measures encrypted email usage continues to grow.
Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses built-in AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They also provide a secure, two-way communication contact form called Secure Connect.
Vulnerabilities – Even when using a secure browser, there are still vulnerabilities to consider with browser-based email clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:
“The browser is not a terribly safe place to run code. Browsers have a large attack surface,” he said.
Wherever encryption and decryption take place, though, it’s a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes it vulnerable.
“Email has an enormous attack surface,” Zimmermann said. “You’ve not only got cryptographic issues but you’ve got things like spam and phishing and loading images from a server somewhere that might have things embedded inside.”
On a positive note, however, there are many options for securing and hardening your browser – see the secure browser and Firefox privacy guides. Furthermore, most secure email providers offer protection against these attack vectors by blocking email images by default while also utilizing virus filters.
Keep in mind, however, that non-browser email clients can also be problematic – potentially revealing unique information about your operating system (user agent) as well as your IP address and location.
Regardless of these limitations, using a secure email provider will help keep large tech companies from harvesting your email data for third parties.
Secure email vs secure messaging apps
Depending on your threat model, you may also want to consider using secure messaging apps, which do not have all of the vulnerabilities discussed above with email.
We have tested many different encrypted and secure messaging apps and compiled a list of our favorites. Here are a few reviews of some of the best options we’ve tested:
Encrypted messaging apps generally offer a higher level of security over email, plus they are much easier to use than PGP email encryption.
Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more information, check out our roundup guide on the best secure messaging apps.
Always use a good VPN with email
One fundamental problem with email is that it can expose your IP address and location to third parties, by design.
While some secure email services strip IP addresses and conceal metadata, many others do not. Even the popular Enigmail encryption plugin, which is used with Thunderbird, was found to be leaking user IP addresses. Some email services may be forced to log user IP addresses by valid court orders, without disclosing any information to the user.
There have also been many cases where email services are compelled to log user IP addresses by court orders. We’ve seen this with email providers in the US, Germany, and even Switzerland.
Finally, there’s also the fact that many email services keep logs for security, which may include user IP addresses, connections times, and other metadata. Of course, whenever you have logs, this data could end up with third parties (for various reasons).
To effectively conceal your IP address and location, you can simply use a good VPN service.
A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. The VPN will encrypt and anonymize your internet traffic, while you carry on with business as usual. Some of the larger providers, such as NordVPN and Surfshark, offer apps for all major devices and large server networks around the world.
Due to the security and privacy benefits a VPN offers, it’s a smart idea to use one whenever you’re online. Internet providers in many countries are recording user browsing history (via DNS requests), which may be passed off to advertisers or government agencies (mandatory data retention laws). With a VPN, your DNS requests are encrypted and handled by the VPN server and unreadable to your ISP or other parties.
For more info, see these best VPN services.
Conclusion on secure and private email
Whatever your situation is, using a secure and private email provider is a smart step to protect your data. Gmail, Yahoo, Microsoft, and the other big email players do not place the highest priority on your privacy. Paying for a good email service that values privacy ensures you aren’t paying with your personal data.
As a brief recap, below is a table highlighting the best secure and private email providers. If you have a specific question about one of these services, you may want to reach out to them directly through their website.
See the main privacy tools guide for other privacy and security essentials.
We also have a guide on encrypting email.
Have you used one of these secure email providers? Feel free to leave your feedback/review of the service below.
This is a very useful and informative summary. Well done! But a table with details about each consideration would be more helpful. wiki page would be nice because people can edit and sources are recorded. I do see discrepancies about some facts above. For example, the article said “Belgium, which is a good privacy jurisdiction with strict data protection laws.” without explanation; while one comment said “In Europe, it’s only two or three countries that does not require IP-logging: Sweden (verified for 2021) Iceland (verified 2021)
-Germany (however I have not verified this for 2021).” It’s too much work to make this table by a person. Let the people do it. Does a wiki page already exist or is there a plan to do so? Just a thought.
Big warning about Tutanota!
First it’s hosted in 14 eyes country Germany
2/ Germany is not a democracy, its run as a dictatorship by ‘chancellor for lfe merkel’. Think about it; merkel has been in power longer than Hitler. She’s been spied on by the NSA (Ed Snowden), yet, she did nothing against it.
3/ Tutanota does read your emails. I have used the service for years before realizing that, depending on the subject, some emails were sent others weren’t. Try sending an email from Tutanota with ‘covid scam’ and see what happens.
4/ Tutanota does read your emails. Emails with ‘sensitive’ subjects (anything censored by the global fascist technocrats who think they can tell us what to think) are suddenly blocked. I have tested with friends, again depending on email subjects, some emails are ‘refused by server’ while reception from other providers is just fine.
5/ Tutanota has many technical flaws, bugs and issues. sometimes you can’t connect, sometimes it disconnects on its own, sometimes you can’t send emails (again, often depending on email subject).
Ps: i do not do spam or illegal activities but if you are a free minded perosn, an activist, a dissident, a journalist who want to keep under the radar, don’t use Tutanota. My guess is Tutanota is probably under control or heavily surveilled by some intel agency in germany + the admin are already censoring and blocking emails (alghoritms maybe like google does for web search).
Gmail is safer, more privacy respectful and anonymous than Tutanota…!
@Mike,
I have to respond here,
As far as your comment, no worries. I didn’t take anything negative away from our conversation.
I enjoy our discussions and other interactions as well.
I appreciate what you put down. Thanks.
Just a quick note:
To all who keep saying ProtonMail is controlled by outside services, or are concerned by this here is a very new update:
https://protonmail.com/blog/crv-investment-other-news/
So the Venture capitalist are out now.
I am impressed and encouraged by what I am reading here.
Hi;
This site has been very helpful, thanks. I’ve forwarded to a few friends as well.
I am looking to move my email hosting for my private.com domain. Current host has me set up an admin account, I manage/add/reset/etc. from that admin account. No host-provided email address needed. (Like in, say, Proton. Not picking on them, just as example.)
Problem there is that all email addresses/accounts that you set up for your domain with user@private.com addresses will push all the email to the master provider account. account@protonmail.com staying with this example. Obviously no privacy there if all your users’ email goes to the admin. Each account/email address expects some level of privacy, not automatic dumping of email to the master user. Each address just is then an alias
With some of these I know you can add ‘users’ and thus get privacy, but the requirement of adding a paid user for every discrete email address on my domain is pricey.
Is there an email hosting service that is secure like Proton/etc, but allows you to set up an admin account for oversight and allows users email privacy from the admin?
Thanks!!
Hi MD,
I’m the operator of nextlinemail. Our infrastructure supports what you’re asking about (subusers of an account with unique email addresses, but master account has no access to the subusers mailboxes). However, we do not currently expose a UI for this.
I’d be interested in having a discussion with you about what sort of functionality you’d need in a UI to make this most useful to you. Feel free to reach out to me via contact@nextlinemail.com.
Tutanota is NOTa safe or reliable alternative. It’s alos technically flawed. Any ‘safe’ email providers residing in Germany is not really safe: Germany is one of the worst dictatorship on earth since chancellor for life merkel transformed the country into the DDR number 2.0.
Tutanota records logs, blocks emails (did it to me everytime I wnated to send ‘sensitive’ emails0 and most likely sensitive information is intercepted. Avoid them.
C-templar looked good on paper. They pretend to defend privacy and anonymity… This isn’t true:
1/ as soon as you pay for a service, you’re not anonymous, unless you would send cash in an enveloppe and use a fake name!
2/ their so-called ‘free’ version is not working because, you need to receive an invitation from an existing member or send them an email to get this invitation: MEANING YOU ARE NOT ANONYMOUS ANYMORE!
3/ protonmail doesn’t only receive fundings from US dubious corporations, they are also linked with some israeli ones. Besides, I know shareholders of the company and they are corrupt and not the kind of fighting for human rights, privacy and anonymity.
Do you know Vivaldi? An icelandic email provider, that comes closer to all criteria for privacy, safety and anonymity. Quite good and free.
You mean the same Vivaldi that we are warned against?
https://restoreprivacy.com/browser/secure/
I know Germany is 14 eyes and Tutanota is not a service I would use (tried them before and ran away quickly).
But your other two? I am lost as to why.
I don’t see the warning about Vivaldi. But if you mean Vivaldi browser, this is something else. I am talking about their email service.
I never used their browser and don’t need to. However, their email service which was basic few years ago is now rivalling with the biggest ones.
And I have had no issues with it, or privacy/anonymity issues. Encryption works fine.
Much much better than tutanota…
I’d say Vivaldi and Protonmail are on par now (if you consider free services of course, nothing can replace paid ones and a VPN, but not everybody can afford that).
In terms of Germany, the country has decent data and online privacy laws. I have used Tutanota but it was a while ago. Like the saying goes: “If you don’t pay for the service, you’re the product.” Instead of using the free options, pay for the product. Tutanota’s is good and they have good privacy protection, though I think ProtonMail is the best.
I would like to see evidence to support your allegations about Tutanota and ProtonMail because I think you are misrepresenting or twisting facts or events. As to Vivaldi, in fact, it is one I give an honorable mention and is decent in terms of protecting user privacy, despite not being fully open source (please see review below). Best of all, it is pretty customizable and, unlike Opera, Vivaldi isn’t owned by a Chinese company.
https://www.cloudwards.net/vivaldi-review/
I don’t know what you mean by ‘decent’ privacy laws. In Germany, the police (like the Stasi and gestapo) used to ‘pay visits’ to citizens who posted about protests on their facebook pages to menace them if they continued.
Something that has become very comonn since one year in other places like Australia for example.
What kind of privacy is that? because there are the written ‘laws’ and the reality.
Merkel has changed Germany into a dictatorship, I know the country, I have lived there and I know many german people who fled to escape what has become exactly the same as the former DDR.
I can confirm the problems with tutanota, I have had the same. besides their constant technical issues (logging, disconnecting all the times, emails not sent, emails not received), they obviously block emails with subjects they seem not to like.
My guess is that they use algorithms to block particualr subjects like google does with its search engine and/or the people wroking there are yet again little dictators who think the can read, intercept and censor your emails.
Tutanota is neither safe nor technically reliable.
This website gives an general overview of the privacy laws of some countries, among them are Germany and Iceland. As you can see, Germany’s and Iceland’s are quite good. Even Sweden was the first country in Europe to enact a privacy statute during the early 1970’s.
In terms of the United States, the lack of formal privacy laws can work in people’s favor. For example, VPN’s or cloud services located here are not required to retain the logs of people using their services. Therefore if a U.S. VPN or cloud company gets a warrant for a criminal investigation, they would not have the information the police need since they’re not requited to keep records.
[https://gobestvpn.com/guide/countries-with-strictest-data-privacy-laws/amp/]
Mike,
I am not arguing per-se. However, I am going to be honest about my biases and Tutanota, for me, failed in a over the top glorious way. At least they didn’t do it subtly.
Now, they are changing the agreements made on paying customers by removing a service that was expected (all recorded under the Tutanota review) and this is a basic tool: Calendar invite.
Couple that with their inability to keep their servers up and running for more than two minutes ( slight sarcasm) and their inability to actually understand NPO documents, as well as their sub-par customer service, even if they were in a solid country like Switzerland, Iceland, or the BVI’s, I would still not use them. Then, they shut down their offices, go on marches and protests, and all the while customers are trying to access their email!
I ran and ran fast.
I do agree with you though. ProtonMail is a better service. Again, I am biased and perhaps jaded but from my experience, Tutanota is not safe, not worth the hassle. They should shut their doors until they can revamp themselves and get ahead of the issues plaguing them.
Instead I see them more like a truck stuck in the mud. The more they spin their wheels with new features, they deeper they sink behind the competition.
Mike, I am not angry or arguing. Just sharing.
I understand, J.M., and no argument intended on my part. I was ultimately seeking clarification on what you were saying. Thanks!
C-Templar works well, you need to be patient and fill some kind of ‘invitation form’ to get a code to be able to complete registration.
It’s a bit complicated and could put off people, but once you’ve got it it works really fine.
Emails are ancrypted by default, interface is good, logs are deleted or not logged, a bit slow sometimes maybe because of the encryption system.
No need of phone number or Id verification… Real freedom.
Much better than all the others so far.
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Hello,
I’ve started a new anon email service, nextlinemail.
Clearnet site is here: https://nextlinemail.com
Onion site is here: hxkhr3ppyob6wabodrsodyxq2pa72yjdnw3x5nlgka5pmqw6ct63orid.onion
We are following the OMG spec defined by dark.fail (https://dark.fail/spec/omg.txt). Keys, mirrors, canary, and related pages are all up.
I would like it very much if you could include Nextlinemail in any future posts detailing anon email providers.
Thank you
—–BEGIN PGP SIGNATURE—–
iQJOBAEBCAA4FiEEmIdHRKprB+FIXv3c3oJjvrBNgOAFAmBLwIAaHG9wZXJhdG9y
QG5leHRsaW5lbWFpbC5jb20ACgkQ3oJjvrBNgODCShAAnW8lBemA5yYtnl0jN3kJ
r81oUgv5K/vC7SBjZE84j3gZS/jsxYwaXivJSn0bOPlTNp/MDXf4QBFvbNgBCdwm
61M+cp1Isf1TcmDUCc9GAqt8NKE9yE0pVSkjx5YirTS79kzqlE4UWLjL6YAK1uxc
B8R3HHvQu7CDQgN7FMTy3ORWxWqkh6nqfZ+KrVDvMFKW/AcNRkt/Q7MDFnY8TiIb
bBaFAe/7y4ZbgNmL4+cGGMF7oNbiCenQhDxVbLp9LHwL0IsyQP7eJRaZPRafdmzM
DXJC7E17bFHGTy0N0SPmpemrMylEziqjwOnnkfV5310zkm+un5n1o1/pPtrOLq+9
S7gWp1oOpELYDNQ5Okr2ei3Gx8zX7FcE1BgaPBlsWNeFu9W736VLYdFL1RQUTY7P
utUX/Jp7/BK1bZAaL5Av6IR1HyychO+PB6vYGHOMjNyz7wHEAymBVEttYpR6Wtt1
Ic+RWVckcBvAXqiJ4lZJHOXtgTOd03J5JTXGcLigdffSPGVGx6VFXRNmirXfU8dU
XiadICQmRrvpqHdGkWAiIj0oiEMK/ffcS/Tsm4oArlkKqSYs7J9AQLXpuQ8z92ar
ZinNTqIVEIo4ssjKlFK32TDSuIl7HCMsTY3iw/b+u11CfYCZrmfOYIIGVXkQkzvb
tK6toHc/qV1h28NFCI/+gSw=
=CXIh
—–END PGP SIGNATURE—–
Hi, I tried your new anon email service, nextlinemail. It looked good until i tried to send an email…
Doesn’t work
Sorry for your inconvience. Feel free to try again. We have had several hundred signups over the last few weeks and have seen great deliveribility rates.
Hi Sven – this article is the most helpful I have found, Thank-you.
Which is the best ORDER of attacking these things:
VPN
Private email service
Private search engine
Domain Name Registration
Not sure on the order, I guess whatever is most important to you first. For private domain name registration, check out OrangeWebsite in Iceland.
Unfortunately, Posteo supports search only within the current folder.
Therefore if you have a lot of emails and lots of folders this turns into an issue.
I have just found out that Protonmail has a cloud storage service in beta called Proton Drive. Proton Inc. gave a Black Friday deal last year giving customers early access to it of 5MB of free cloud storage in exchange for 2 year paid subscriptions to Protonmail and ProtonVPN and even the latter 2 services were further discounted.
I am unable to determine if they are still offering access to it and ProtonVPN or Protonmail customers. This is a very interesting prospect since, as you know, Protonmail and ProtonVPN are both top notch.
https://medium.com/internxt/alternative-to-protondrive-8b753d5cde5e
Mike,
Just saw your comment.
It is still in Beta and it is not as feature rich as others, right now, but they now have PDF preview, easy drop to upload, and encrypted sharing. I am completely happy with it.
I would say to reach out to them, but if I am not mistaken, I believe that Visionary, at least, has access anyway but not sure what level you want to go with.
It is worth it, to me.
J.M.,
Yes it certainly does look like it is worth it and the cloud storage space is 17 MB and not 5 as I had originally thought. As near as I can tell, Proton Tech is still offering their bundle but it looks like it is only available to ProtonMail customers. Therefore, signing up for a free ProtonMail account or paid subscription is probably the way to get the deal.
Proton’s offer is discounted even more than if someone was just to buy their email and VPN bundle minus the cloud. I’ve been very satisfied with ProtonMail and may just splurge and grab this.
Mike,
Agree.
The size varies as I have 36 GB of storage for mail and cloud.
I do know that they said for every year you are a customer, they give you an extra GB.
I have been very happy with them as well.
I think you will be pleased as well, as long as the limits are recognized.
They are growing on features but it does take time.
Hi Sven,
Thanks for your incredible review. I’m new to all of this and was hoping you could advise me on the following questions regarding encryption and IP address removal features:
ENCRYPTION
For Cyberfear Anonymous email, you wrote: “At rest, all of the following email elements are encrypted: email body, subject line, attachments, sender address, recipient address.”
*Unless you specifically state that a company provides encryption for each specific email element (as you did for Cyberfear), is it correct to assume they do not provide encryption for that element?
*For example, you wrote regarding Tutanota: “Messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers.” Does that mean they do not encrypt sender/recipient address and attachments?
*Is this also the case for Ctemplar that sender/recipient address and attachments are not encrypted?
IP ADDRESS REMOVAL
You wrote that Tutanota “Strips IP address from emails” and Mailfence “Removes IP addresses from mail headers.”
*Are IP addresses associated with metadata in different parts of the email (ie mail header, body of email, attachments, etc)?
*So for example — even though Mailfence removes the IP address from mail headers, is the IP address still linked to the body of the email and/or attachments?
Thanks so much
Hi.
Does anyone have counteremail. Want to join but need a referral code.
Thanks.
Sorry for the late reply. You need a referral code to join their service??? That doesn’t sound right. I suggest you contact them and ask them for help.
https://countermail.com/?p=contact
I use riseup.net, and some friends use autistici.org for mail.
Any review?
Thenks.
Arnon, please explain this to me. You posted a good comment on CTemplar here back in December, and suddenly they are horrible? What happened? Did their android app suddenly become buggy or did you just tolerate it for two months?
c-templar, basically don’t do anonymity anymore since they demand you to receive an invitation in order to be able to sign up for their (free) email service…
And, as they ask to receive an email for that, it is not anonymous.
the alternative is a paid account, which is even less anonymous (unless you pay them cash by postal service or by hand)..
The excuse they use is the same excuse the NSA/CIA and recently big pharma, the CDC, corrupt governments and all other criminals out there always use to violate our rights: “it’s for your safety”!
Vivaldi
https://login.vivaldi.net/ is not too bad (Iceland, a country outside of the EUSSR dictatorship, they jail banksters ten years ago and have better privacy laws).
Protonmail is ok for day to day emails, not for sensitive material and activism though…. Switzerland is not that safe either in term of privacy.
Tutanota is a total fake (and full of bugs), like most providers in merkel Stasi Germany.
Is mailbox.org the only secure email provider that supports CardDAV and CalDAV?
Mailfence also does.
Sven, have you ever considered making a review on secure (if any) non-native email clients? Ej. Thunderbird, K-9 Mail, etc.
I would love to read it.
Hi Will, I like Thunderbird because it is open source and customizable, but I haven’t had time to look at other options.
Is there any known bad record for Zoho?
There are some comments that are incorrect.
For example about Protonmail, they can track their users IP-address, which they admit by themself:
https://protonmail.com/blog/transparency-report/
Some other facts and rumors about Protonmail (some ARE facts some are rumors):
https://privacy-watchdog.io/protonmail-devs-do-not-use-protonmail/
https://privacy-watchdog.io/protonmails-creation-with-cia-nsa/
In Europe, it’s only two or three countries that does not require IP-logging:
-Sweden (verified for 2021)
-Iceland (verified 2021)
-Germany (however I have not verified this for 2021)
England, France and USA have horrible privacy laws, they can force the email provider to provide the decryption keys, otherwise the company can be shut down very fast.
There are a
I have been using different secure email providers for more than 10 years, and I had to change several times because of new laws that happens in many countries.
Best e-mail provider is clearly CRIPTEXT since
– they immediately delete all (encrypted) e-mails after downloading – so nothing is stored online! Comparable with a POP3 e-mail client when you auto-delete on server after downloading
– its completely free
Another alternative is setting up your own e-mail server – its really not that difficult in Linux or Windows…
As I seek a gmail replacement, the two features I am routinely looking for are (1) conversation view / threaded view including outgoing messages and (2) search on message body text. Possibly your summary would be more helpful if it highlighted those features. Still, this page is a great resource; thank you for your work here.
What are your opinions of Yandex email and Zoho email regarding security, features and usability?
I just wanted to point out that ctemplar.com honors their refund policy. I upgraded, changed my mind, and got a prompt refund in less than 24 hours. Their service is great, but I had to stick with an email service I had already paid for.
CTEMPLAR ARE HORRIBLE, ignored all my requests to refund+ a lots of bugs on Adroid, a lot!
dear all at restoreprivacy; thank you for so many excellent guides!
sorry if this has been answered elsewhere… If I am concerned about email privacy, what about hosting my own email server?
as far as I understand, there are 2 options:
(1) use a VPS , but then you have to trust the company running it with your emails, the advantage is that you should get a static IP, but even that might not guarantee email delivery; or
(2) you run it from home, apparently you can even use a Raspberry Pi! but then you’re unlikely to have a static IP, you may need SMTP forwarding, esp if port 25 is blocked etc.
there are a number ‘ready made’ programs such as iRedmail, Mailinabox, Mobodoa and Mailcow. I am not that technical; I found iRedmail fairly straightforward to install on a VPS; I couldn’t get Mobodoa or Mailinabox installed; haven’t tried Mailcow, which is supposed to be very good but I think requires Docker which I haven’t tried yet…
My impression is that it’s not a problem receiving emails (haha) but sending emails as your IP may be on some spam list etc; the way round this could be setting up an SMTP relay (haven’t tried that one yet)
sorry for going on.. basically the point is that it’s not that straightforward to set up your own email server… hence the question to Sven: is this worthwhile from a privacy and security point of view to set up your own mail server say at home? rather than use one of the recommended privacy oriented email services mentioned? or, unless you’re very technical… is it perhaps even more secure to use one of the above mentioned services rather than your own email server?
Setting up your own mail server can be fine, but a lot can go wrong. So for most people, a secure mail service would probably be your best bet.
gmail will block any encrypted document.
But You can send secure documents with gmail.
1.encrypt the document
2.rename extension to .bmp or similar
3.zip without password
4.send the zip
gmail, the service from google gestapo, the fascist corp?
It’s a joke right?
You’re on the wrong page georgy porgy, this is an article about privacy, about providers respecting our rights, not about some nazis like google…
Sven,
Have you guys looked into the Helm Email Server? Its not end-to-end encrypted, but might be an interesting alternative for privacy that is hosted wherever you want.
Thanks for the tip.
I want to get away from google. Yahoo locked me out of my account to force me to pay to retrieve access. I don’t trust any of these companies or my government. Trump was just a symptom. So who has a business suite that I can use without downloading countless applications which are inherently driven by user data theft.
Hey Dean. Check out our Google alternatives guide, which has solutions for many products.