Are your emails and attachments safe from prying eyes?
Unless you are using a secure email service that respects your privacy, the answer is probably no. Most large email providers, such as Gmail and Yahoo, do not respect the privacy of your inbox. For example,
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
- Advertisers have been allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo has been caught scanning emails in real-time for US surveillance agencies.
While Gmail does allow users to opt out of some invasive features, the basic business model of these services revolves around data collection.
Big-name email services put lots of money into security, but they are also large targets and not invulnerable. In March, the big news was the ease with which hackers were able to compromise thousands of Microsoft Exchange email servers. You might well be safer using a smaller, less well-known email service.
Another concern is where your email service is located and how this may affect your data and privacy. Some jurisdictions have laws to protect data privacy (Switzerland), while others have laws in place to erode it (the US and Australia). We’ll cover this in more detail below.
On a positive note, there is a relatively simple solution for keeping your inbox more secure: switch to a secure email provider that respects your privacy.
What is the best secure email service?
With so many different types of users, there is no single “best secure email” service that will be the top choice for everyone.
While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.
Here are just a few factors to consider when switching to a secure email provider:
- Jurisdiction – Where is the service located and how does this affect user privacy? Where is your data physically stored?
- PGP support – Some secure email providers support PGP, while others do not use PGP due to its vulnerabilities and weaknesses.
- Import feature – Can you import your existing emails and contacts?
- Email apps – Due to encryption, many secure email services cannot be used with third-party email clients, but some also offer dedicated apps.
- Encryption – Are the emails end-to-end encrypted in transit? Are emails and attachments encrypted at rest?
- Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and support for DAV services.
- Security – What are the provider’s security standards and policies?
- Privacy – How does the email service protect your privacy? What data is being collected, for how long, and why?
- Threat model – How much privacy and security do you need and which service best fits those needs?
The goal of this guide is to help you find the best secure email solution for your unique needs.
This list is not in rank order. (Choose the best secure email service for you based on your own unique needs!)
Here are the most secure email providers that protect your privacy.
1. Mailfence – Fully-featured secure email in Belgium
| Based in | Belgium |
| Storage | 5-50 GB |
| Price | €3.25/mo. |
| Free Tier | Up to 500 MB |
| Website | Mailfence.com |
Mailfence is a fully-featured secure email provider offering calendar and contacts functionality, file storage, and PGP encryption support. It is based in Belgium, which is a good privacy jurisdiction with strict data protection laws.
For those wanting full PGP control and interoperability, without plugins or add-ons, Mailfence is a solid choice. Whether you are a personal user or you need a secure email solution for your business or team, Mailfence likely has all the features and options you’d want.
While many secure email services sacrifice features and functionality for security, you can have it all with Mailfence. This makes Mailfence a great alternative to full email and productivity suites, such as G Suite or Office 365.
In testing everything out for the Mailfence review, I found it to work very well with an intuitive design, slick layout, and tons of features. Mailfence also offers email and phone support, in addition to cryptocurrency payment options.
+ Pros
- Offers end-to-end encryption and digital signatures
- Mobile and web apps
- Data is stored on Belgian servers
- Offers OpenPGP encryption
- Messages, Documents, Calendar, Contacts, and Groups
- SMTP, POP, and IMAP support
- Can synchronize with other email clients
- Supports password-protected messages with expiration time
- Removes IP addresses from mail headers
- Two-Factor Authentication (2FA) support
- OpenPGP user keystore
- Great user interface (recently updated)
- Cryptocurrency payment options
– Cons
- Logging of IP address and some other data
- Code is not open source
- Risk of EU banning encryption
https://Mailfence.com
See our Mailfence review for more info.
2. Tutanota – Private and secure email in Germany
| Based in | Germany |
| Storage | 1 – 1,000 GB |
| Price | €1.00/mo. |
| Free Tier | Up to 1 GB |
| Website | Tutanota.com |
Tutanota is a Germany-based secure email service run by a small team of privacy enthusiasts, with no outside investors or owners. Although it is not as widely known as ProtonMail, Tutanota is a serious player among secure email providers. Its hybrid encryption system overcomes some of the drawbacks of PGP, and your privacy rights are protected by the GDPR and other pro-privacy EU regulations.
Note: Tutanota claims that their encryption can be updated/strengthened if necessary against quantum-computer attacks.
All messages in your inbox, contacts, and calendar are encrypted at rest on servers in Germany. For sending encrypted emails with Tutanota, you have two options:
- Emailing another Tutanota user, which encrypts everything automatically (asymmetric encryption)
- Emailing an external (non-Tutanota) user with a link to the message and sharing a password key for encrypting/decrypting messages (symmetric encryption).
While Tutanota uses high encryption standards and is arguably one of the most secure email providers anywhere, it also comes with some tradeoffs. This includes no support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tutanota inbox.
To explain why Tutanota does not rely on PGP standards, Tutanota cofounder Matthias Pfau wrote this piece for Restore Privacy readers, Let PGP Die: Why We Need a New Standard for Email Encryption.
If you are looking for a transparent, high-security email provider run by a team of privacy enthusiasts, Tutanota is a solid choice.
+ Pros
- Encrypted messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
- Can search body of encrypted messages
- Can send encrypted messages to non-users
- Strips IP address from emails
- Desktop, mobile, and web apps
- Open source code (including mobile apps)
- Great apps for mobile devices
- Free accounts with 1 GB of storage
- Encrypted calendar with iCard support
- Encrypted contacts
- Inbox rules with Spam filter
- Multiple email addresses (aliases)
- Support for custom domains and other price+ features
- Discounts and additional support for non-profits
- Two factor authentication (2FA) support
- Publishes regular Transparency Reports
– Cons
- Does not work with PGP
- Potential delays with account approval
- Currently no way to import existing emails
- Based in a 14 eyes country (Germany)
- Can be affected by EU’s schizophrenic stance on encryption
- Only accepts credit card or PayPal; no cryptocurrency payments
https://Tutanota.com
See our Tutanota review for more info.
3. ProtonMail – Secure email in Switzerland
| Based in | Switzerland |
| Storage | 5-20 GB |
| Price | $4.00/mo. |
| Free Tier | Up to 500 MB |
| Website | ProtonMail.com |
UPDATE: ProtonMail was forced by a Swiss court to log user IP addresses for a specific criminal complaint. Get more info in our article on the ProtonMail logging case here.
ProtonMail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a team of academics working at MIT and CERN in 2014. Shortly thereafter, it was promoted in American media as “the only email system the NSA can’t access” – which was around the time Lavabit was shut down for not cooperating with the US government.
Looking at the service itself, ProtonMail does a lot of things right. It utilizes PGP encryption standards for email and stores all messages and attachments encrypted at rest on Swiss servers. ProtonMail has a unique feature for “self-destructing messages” and they have also added address verification and full PGP support.
Regarding encryption, however, it’s important to note that ProtonMail does not encrypt subject lines of emails or certain metadata, inherent limitations of the PGP standard. Most of the email services we discuss here use PGP, but I wouldn’t count on any of them to keep me safe from the NSA or their counterparts in other major countries.
Additionally, the ProtonMail search function can only search subject lines within your inbox, but not the actual content of your emails. This is another functional limitation that comes from integrating more encryption and security into the service.
ProtonMail does offer some great apps for mobile devices (Android and iOS). You can also use ProtonMail with third-party apps through the ProtonMail Bridge feature (restricted to paid users).
Overall ProtonMail is a well-regarded email provider and should be a great secure email option for most users. Switzerland remains a strong privacy jurisdiction that is not a member of any surveillance alliances.
In addition to email, the same team also offers a VPN service, which we have tested for the ProtonVPN review.
+ Pros
- End-to-end (E2E) and zero-access encryption for Email, Calendar, and Contact information
- Operates under Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, Android and iOS code are all open source
- Support for custom domains
- Strips IP address from emails
- Can be used with third-party email clients through the ProtonMail Bridge feature
- Can import contacts and emails
– Cons
- ProtonMail does not encrypt email subject lines
- Sometimes requires personal information for verification of new accounts
- Above-average pricing
- Incredibly long beta test cycles
- Sometimes force to log user IP addresses by court order
https://ProtonMail.com/
See our ProtonMail review for more info.
4. Mailbox.org – Private email in Germany
| Based in | Germany |
| Storage | 2 – 100 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Mailbox.org |
Another Germany-based secure email provider worth considering is Mailbox.org. Not only does it protect your email with top-end security protocols, Mailbox.org is a full-featured email and productivity suite, similar to Office 365. It offers a huge lineup of features: Mail, Calendar, Address Book, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. Despite all the features, the layout and design of Mailbox.org still manages to be user-friendly.
When choosing a secure email provider, you often have to choose between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, Mailbox.org offers full PGP support and options to easily encrypt all your data at rest on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party email clients.
Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month and going up for more storage and features. You can pick up a free 30-day trial if you want to test-drive this privacy-focused email provider.
+ Pros
- PGP support (server-side or E2E through Mailvelope app)
- Company and servers located in Germany with strong privacy protections
- HSTS and PFS for messages in transit
- Protected against man-in-the-middle attacks
- Message and spam filters
- Virus protection
- Full text search
- POP, IMAP, SMTP, ActiveSync support
- vCard, CardDAV, CalDav support
- Messages are encrypted at rest
- Supports custom domains
- Mobile apps for some of the Office features
- Open source
– Cons
- No mobile email clients (but can be used with third-party email clients)
- Some tracking during registration
- PGP encryption leaves message subject and metadata exposed
https://Mailbox.org/
Check out our Mailbox.org review for more details.
5. Posteo – Privacy-focused email in Germany
| Based in | Germany |
| Storage | 2 – 20 GB |
| Price | €1.00/mo. |
| Free Tier | None |
| Website | Posteo.de |
Posteo is yet another German email provider that offers a high level of privacy and security for its users. In some respects, it has much in common with Mailbox.org. Both are fully-featured email providers that utilize PGP encryption standards, with similar prices. But in a few key areas, Posteo is a bit different:
- Custom domains are not supported.
- There is no spam folder (all emails are either delivered to your inbox or rejected).
- There’s no trial or free tier (but still quite affordable).
In terms of privacy, Posteo really makes an effort to protect the privacy of its users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.
Posteo also supports completely anonymous registration and anonymous payments – even allowing you to send cash in the mail for no digital trail. (We see this trend with VPN services as well.) And if you pay with a credit card, PayPal, or some other digital method, they manually separate account details from payment info.
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
- Configurable spam filter
- Migration service for moving from another email service to Posteo
- Subject, headers, body, metadata, and attachments are encrypted
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong commitment to privacy, sustainable energy, and other social initiatives
- Self-financed; good track record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (cash) payments
- Supports SMTP, POP, and IMAP protocol + Two-Factor Authentication
– Cons
- Custom domains not supported; no “.com” options available
- No spam folder (spam emails are either rejected or delivered to regular inbox)
- Germany is a 14 Eyes country
- No trial or free version
- Cryptocurrency payments not supported
https://Posteo.de/
See the Posteo review for more info.
6. Runbox – Private and sustainable email in Norway
| Based in | Norway |
| Storage | 1 – 25 GB |
| Price | $1.66/mo. |
| Free Tier | 30 day trial |
| Website | Runbox.com |
Runbox is a long-running private email service in Norway that has been operating for over 20 years. Norway is also a good jurisdiction with a strong legal framework for privacy. All Runbox servers are located in secure Norwegian data centers, running on clean, renewable, hydropower energy.
One unique feature of Runbox is that it gives you 100 aliases to use with your account. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, POP, and IMAP protocols and can be used with third-party email clients. This year they released Runbox 7, which is a webmail client, but they do not offer custom mobile or desktop clients.
Unlike some other secure email providers, Runbox does not have a built-in option for encrypting your entire mailbox. And while you can use PGP with Runbox, it is not yet built into the platform. Another drawback is that Runbox does not offer a built-in calendar, but this feature may be included in Version 7 (when released).
Runbox offers 30 day free trials and makes importing your existing emails simple with the guides on their site.
+ Pros
- IP addresses stripped from messages
- Includes Webmail, Contacts, and Files
- Servers run on renewable energy
- Supports SMTP, POP, and IMAP protocols
- Synchronizes with other email clients
- GDPR compliant
- Norway has strong data protection laws
- 100 email aliases per mailbox
- Custom domain names on some paid accounts
- Numerous payment methods accepted (including cash and cryptocurrencies)
– Cons
- Browser-based; no desktop or mobile apps
- Not open source (but version 7 should have open source client)
- Data not encrypted within the Runbox system or at rest
- No business-specific features
https://Runbox.com
Check out our Runbox review here.
7. CounterMail – Private and secure Swedish email service
| Based in | Sweden |
| Storage | 4 GB+ |
| Price | $4.83/mo. |
| Free Tier | 7 day free trial |
| Website | CounterMail.com |
Next up on our list is CounterMail, a secure email provider based in Sweden. CounterMail has been operating for over 10 years with a philosophy to “offer the most secure online email service on the Internet, with excellent free support.” CounterMail uses OpenPGP encryption with 4,096-bit encryption keys. CounterMail also protects users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL.
They also keep no logs and store your mail on diskless servers to protect user privacy. Countermail anonymizes email headers and also strips the sender’s IP address. All emails and attachments are stored encrypted at rest using OpenPGP on servers in Sweden.
While CounterMail is a bit more expensive than some other secure email providers, they explain this price difference comes from using only high-quality servers and implementing strong security measures. It may not have all the frills, but CounterMail is a serious security-focused email provider with a 10+ year track record.
+ Pros
- Supports cryptocurrency payments
- Secure, built-in password manager
- All emails and attachments stored encrypted on no-logs, secure servers in Sweden
- Custom domain support
- Message filter and autoresponder features
- Uses RSA, AES-CBC, and SSL encryption to protect against leaks and MITM attacks
– Cons
- Design and UI feels outdated
- More expensive than other secure email options
https://CounterMail.com
8. CTemplar – An “armored email” service in Iceland
| Based in | Iceland |
| Storage | 1-50 GB |
| Price | $6.00/mo. |
| Free Tier | Up to 1 GB |
| Website | CTemplar.com |
CTemplar is a secure email service based in Iceland, a country with excellent privacy laws. They are worth a test drive, particularly if you can find yourself a free version invitation code. That free version, with its 1 GB of storage, may be all you need. If not, a paid plan should get the job done.
Note that CTemplar is still a relatively young service, with some features still under development. In particular, they are still working on encrypting your metadata and don’t yet have IMAP/SMTP support for third-party clients working.
+ Pros
- Strong encryption standards (4096-bit RSA) with built-in support for end-to-end encrypted emails (using OpenPGPjs)
- 100% open source code
- Based in Iceland, with some of the strongest privacy laws in the world
- Passwords protected by “Zero Knowledge Password” technology
- Zero logs; IP address stripped from emails
- Anonymous signup options (no phone verification)
- Anonymous payment option using Monero
- Self-destructing emails and Dead Man’s Timer
- Can send encrypted emails to non-CTemplar users
- Custom email domains
- Desktop, mobile, and browser apps
- 2FA and anti-phishing support
- 14 day money-back guarantee
– Cons
- Email Subject line only encrypted in paid plans
- Above-average prices
- Metadata not encrypted (work in progress)
- No support for IMAP/SMTP and third-party email clients (work in progress)
https://CTemplar.com
Check out the CTemplar review to see how this service did in our tests.
9. Kolab Now – Fully-featured Swiss email
| Based in | Switzerland |
| Storage | 2 GB+ |
| Price | $4.50/mo. |
| Free Tier | 30 day trial |
| Website | KolabNow.com |
Based in Switzerland, Kolab Now is a private email service offering lots of features and full email suite functionality. A Kolab Now subscription includes email, contacts, calendar, scheduling, collaboration/sharing tools, and cloud file storage. Right now they are running a public beta of their voice and videoconferencing system. All of the features and options make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.
While Kolab now does offer numerous features and support for all major operating systems and devices, it also does not offer as much encryption for those who want the highest levels of security. End-to-end encryption for emails is not built-in and emails are not stored encrypted at rest.
The price is also on the higher end, especially if you want access to all features and more storage. However, for those wanting a feature-rich email suite hosted in Switzerland, Kolab Now may be a good fit.
+ Pros
- Accepts cryptocurrency payments
- Full support for POP, SMTP, and IMAP
- Switzerland jurisdiction with strong privacy protection
- Full email suite with numerous features to replace Gmail, Office365, etc.
- Support for custom domains, teams, and business users
- End-to-end (E2E) encryption is available, but not built in
– Cons
- Email not encrypted at rest (but stored in high-security Swiss data center)
- Higher price
https://KolabNow.com
10. StartMail – Private email hosted in The Netherlands
| Based in | The Netherlands |
| Storage | 10-20 GB |
| Price | $5.00/mo. |
| Free Tier | 30 day trial |
| Website | StartMail.com |
StartMail is a secure email service brought to you by the team behind Startpage, a private search engine based in the Netherlands. While there was surprising news about System1 investing in Startpage, StartMail is its own unique entity under StartMail B.V. – a company operating under Dutch law in The Netherlands.
The Netherlands is a good jurisdiction for privacy and StartMail aims to keep as little data as possible to run their operations (see privacy policy). Unlike most secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.
StartMail allows users to utilize PGP encryption with emails also being encrypted at rest on their Dutch servers. One cool feature with StartMail is they give you the ability to create temporary, disposable email addresses “on the fly” to use with different services. IMAP and SMTP are also supported if you want to use StartMail with third-party apps such as Thunderbird.
+ Pros
- Can create temporary, disposable email addresses
- Accepts cryptocurrency payment
- IMAP and SMTP support; can use custom domains
- Headers and IP address stripped from all emails
- Accounts come with 10 GB file storage
– Cons
- No custom mobile apps
- Not open source
- Interface feels a bit outdated
https://www.StartMail.com
11. Soverin – Basic private email in Netherlands
| Based in | The Netherlands |
| Storage | 25 GB |
| Price | €3.25/mo. |
| Free Tier | No |
| Website | Soverin.net |
Soverin provides a basic and private email service at a reasonable price. Plans come with 25 GB of storage and custom domains are supported. All data is stored on servers in Germany. Soverin strips IP addresses from headers while also using strong encryption standards, although email is not stored encrypted at rest by default.
For those wanting a basic private email with lots of storage that is protected by European privacy laws, Soverin may be a good choice. It can also be used with third-party email clients and importing old emails is relatively simple.
+ Pros
- 25 GB of data storage for all plans
- Data protected under Dutch privacy laws and GDPR
- Can be used with third-party email clients
– Cons
- No custom mobile apps
- Not open source
- No built-in encryption options
https://Soverin.net
12. Thexyz – A fully-featured private email service in Canada
| Based in | Canada |
| Storage | 25-100 GB |
| Price | $2.95/mo. |
| Free Tier | No |
| Website | www.Thexyz.com |
Another privacy-focused email service worth noting is Thexyz. It is a secure email and web hosting business based in Canada that offers solutions for businesses and private users. The email arm of Thexyz has been operating since 2009, as explained on the about page. While Canada may not be the best jurisdiction for privacy (Five Eyes), this may not be too concerning depending on your needs and threat model.
Thexyz does offer some great privacy and security features. Accounts come with encrypted cloud storage as well as contacts, calendar, and team collaboration tools. All emails are stored encrypted at rest using AES 256-bit encryption, with double geo-location redundancy. With a basic account, you get unlimited aliases and 25 GB of storage (upgradable to 100 GB). Even with all the perks and features, Thexyz is still very affordable at $2.49/mo with the premium webmail plan.
+ Pros
- Great applications and user interface
- Email encrypted at rest with 256-bit AES
- Subscriptions include calendar, contacts, chat, and encrypted cloud storage
- Unlimited aliases; emails can include up to 50 MB attachments
- Support for custom domains
- Autoresponder, spam filters, and incoming email filtering
- Apps for iOS and Android
- Accounts come with 25 GB of email storage (upgradable to 100 GB)
– Cons
- Based in Canada (not the best privacy jurisdiction)
- Support for end-to-end email encryption is not built-in
https://www.thexyz.com
Worth mentioning
Aside from the secure email services we discussed above, we are also keeping our eye out for new services emerging into this niche.
CyberFear Anonymous Email
CyberFear is an anonymous e-mail service in Poland that has caught our attention. It does not serve ads or log IP addresses, while also offering full encryption on par with our other recommendations. Here is an overview of CyberFear:
- End-to-end encryption of emails and metadata
- At rest, all of the following email elements are encrypted: email body, subject line, attachments, sender address, recipient address
- Anonymous registration with only username and password
- No IP logs
- Offshore servers (Poland)
- Cryptocurrency payments supported
- TOR support (Onion address is cyberfear4hlcsac.onion)
- Disposable aliases
- Custom domains supported
- No external scripts nor captchas
- 2 factor authentication option
- PGP support
- Sending encrypted emails outside (will require password to decrypt)
- Option to host CyberFear frontend on your own computer
- Push notifications
- Open source frontend (and backend coming soon)
So far, CyberFear is looking good. You can learn more on their website here.
Email jurisdiction and data privacy
Where your email service is located (jurisdiction) can seriously impact the security of your data. Depending on your threat model, this could be a major consideration. For an overview of jurisdiction and privacy, you may want to read our article on the Five/9/14 Eyes surveillance alliances.
Here are some reasons to pay attention to jurisdiction.
United States (leading member of the Five Eyes)
Tech companies in the US can be forced to give government agencies direct access to their servers for “extensive, in-depth surveillance on live communications and stored information” – as explained in the PRISM surveillance program. Data requests can also be accompanied by gag orders, which forbids the company from disclosing what’s going on (see also National Security Letters).
There are a few known cases of US email providers being forced to give up data. In one prominent example, Lavabit decided to shut down the business rather than give up user data. Another US email provider, Riseup, was also forced to give up data to authorities.
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
Germany (member of the 14 Eyes)
While Germany has long been a rock-solid jurisdiction for privacy-focused tech companies, I’ve noticed some troubling trends recently:
- In January 2019, a German court ruled that Posteo must log IP addresses if required by a valid court order. Posteo explained they would not change their system to log all users’ IP addresses, but would comply for specific users, if ordered by a German court.
- In November 2019, a German court ruling forced Tutanota to provide real-time access to unencrypted emails for specific users targeted by a court order. As Tutanota explained, only unencrypted messages sent after the court order was received would be affected.
Europe in General
Once again politicians in Europe are trying to find an excuse to limit or ban the use of encryption by their people. This time around, the argument is that encryption must be banned to fight child abuse. Once again it is up to tech companies including Tutanota and Mailfence to protect the privacy rights of the populace. In April, a group of companies sent an open letter to the European Parliament arguing against the mass surveillance that the elimination of encryption would be meant to enable.
How this will turn out is unclear, but the possibility of the EU banning encryption casts doubts on the viability of any secure email service based in the EU.
We’ll let you know what happens with this.
All email providers must comply with the law
While these examples may seem alarming, the truth is that all email providers must comply with legal requirements in the country they are operating in. For example, ProtonMail, a Switzerland email provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency report.
(Note: If you are concerned about your email service logging your IP address, then simply use a good VPN service.)
Considering everything, some jurisdictions are much better than others, so choose wisely. As a general rule, I’d still avoid email services in the US, and perhaps other Five Eyes jurisdictions.
Want secure email? Pay for it.
The unlimited “free” email business model is fundamentally flawed. It offers a free service, which is used to collect data and thereby monetize the user and make money on ads. With these privacy-abusing “free” services, you are actually paying for the product with your data.
In contrast, here we recommend privacy-friendly, secure, ad-free email services. While some of these private email services offer limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium business model).
Support good privacy businesses
Fortunately, you can “vote with your dollars” by supporting these privacy-respecting businesses and upgrade to paid accounts. This will help secure email providers to grow, improve, and serve more people with an ethical business model that does not rely on exploiting their users’ data.
Secure email shortcomings and PGP flaws
Most secure email solutions mentioned in this guide utilize PGP for end-to-end encrypted email. PGP, which stands for Pretty Good Privacy and was invented back in 1991 by Phil Zimmermann.
PGP flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently – see also the EFAIL vulnerabilities.
While the news did attract lots of attention, the “flaws” were mainly limited to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.
Limited Use – Another fundamental problem with adopting secure email is that few people are willing to go through the hassle of PGP key management, encryption, decryption, etc. There are some solutions, to this, however, and by some measures encrypted email usage continues to grow.
Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses built-in AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They also provide a secure, two-way communication contact form called Secure Connect.
Vulnerabilities – Even when using a secure browser, there are still vulnerabilities to consider with browser-based email clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:
“The browser is not a terribly safe place to run code. Browsers have a large attack surface,” he said. Wherever encryption and decryption take place, though, it’s a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes it vulnerable.
“Email has an enormous attack surface,” Zimmermann said. “You’ve not only got cryptographic issues but you’ve got things like spam and phishing and loading images from a server somewhere that might have things embedded inside.”
On a positive note, however, there are many options for securing and hardening your browser – see the secure browser and Firefox privacy guides. Furthermore, most secure email providers offer protection against these attack vectors by blocking email images by default while also utilizing virus filters.
Keep in mind, however, that non-browser email clients can also be problematic – potentially revealing unique information about your operating system (user agent) as well as your IP address and location.
Regardless of these limitations, using a secure email provider will help keep large tech companies from harvesting your email data for third parties.
Secure email vs secure messaging apps
Depending on your threat model, you may also want to consider using secure messaging apps, which do not have all of the vulnerabilities discussed above with email.
We have tested many different encrypted and secure messaging apps and compiled a list of our favorites. Here are a few reviews of some of the best options we’ve tested:
Encrypted messaging apps generally offer a higher level of security over email, plus they are much easier to use than PGP email encryption.
Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more information, check out our roundup guide on the best secure messaging apps.
Always use a good VPN with email
One fundamental problem with email is that it can expose your IP address and location to third parties, by design.
While some secure email services strip IP addresses and conceal metadata, many others do not. Even the popular Enigmail encryption plugin, which is used with Thunderbird, was found to be leaking user IP addresses. Some email services may be forced to log user IP addresses by valid court orders, without disclosing any information to the user. We’ve seen this with email providers in the US, Germany, and even Switzerland.
Finally, there’s also the fact that many email services keep logs for security, which may include user IP addresses, connection times, and other metadata. Of course, whenever you have logs, this data could end up with third parties (for various reasons).
To effectively conceal your IP address and location, you can simply use a good VPN service.
A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. The VPN will encrypt and anonymize your internet traffic, while you carry on with business as usual. Some of the larger providers, such as NordVPN and Surfshark, offer apps for all major devices and large server networks around the world.
Due to the security and privacy benefits a VPN offers, it’s a smart idea to use one whenever you’re online. Internet providers in many countries are recording user browsing history by logging DNS requests. Depending on local laws, this information could then be sold to advertisers or handed to government agencies in countries with mandatory data retention laws. With a VPN, your DNS requests are encrypted and handled by the VPN server and unreadable to your ISP or other parties.
For more info, see these best VPN services.
Conclusion on secure and private email
Whatever your situation is, using a secure and private email provider is a smart step to protect your data. Gmail, Yahoo, Microsoft, and the other big email players do not place the highest priority on your privacy. Paying for a good email service that values privacy ensures you aren’t paying with your personal data.
Once you switch to one of these email services you will be much more secure. Then all you need to do is avoid non-technical attacks, like the Nigerian scams, or the resurgent Royal Mail scams.
See the main privacy tools guide for other privacy and security essentials.
We also have a guide on encrypting email.
And if you want more info on these secure email providers, you could check out the reviews below:
- ProtonMail Review
- Tutanota Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Posteo Review
- Fastmail Review
- Runbox Review
- CTemplar Review
Have you used one of these secure email providers? Feel free to leave your feedback/review of the service below.
Disroot is a nice option too.
Thanks for all this information. I would like to see some human rights criteria added as well. Just being forced to turn over records to government with a court order in the event of a real or suspected crime is not enough. Speaking out against human rights abuses is a crime now in too many countries. When we see the police beating people who are exercising their free human rights, that is not a country I want hosting my email. Germany for one. Which countries respect freedom of speech and freedom of expression? Which servers will not block my subscriptions? Which ones are not serving up censorship?
I’m still surprised how bottom CTemplar is on this list, abd compared to #1 Mailfence cons.
Great review !!
Could someone share a code to enroll with Countermail please ?
I would love to use Countermail !
Thanks a lot !
The ProtonMail logging policy can be summarized as follows:
“We won’t log your IP, unless the cops or some random government tells us to log your IP, then we’ll start logging your IP and you’ll get arrested.”
https://www.rt.com/news/534130-swiss-protonmail-french-climate/
ProtonMail is a giant scam.
“In this case, Proton received a legally binding order from Swiss authorities which we are obligated to comply with. There was no possibility to appeal this particular request,” Yen wrote.”: End quote.
No matter who you use, they are REQUIRED to obey their national law.
Had the Swiss rejected the French request, PM would have ignored it as well.
What’s the point of “secure” Swiss email then? You can get the same from any random US email service, which at least does not make false promises about “no logs” — only to quietly scrub it’s website of this after they were caught logging their own users. Seriously, what’s the point of bothering with Proton products, email, storage, VPN or anything else?
They have proven they will break their own policies and comply when governments or cops come knocking and asking for user data. I could get the same from Yahoo, without the overpriced subscription and false promises about privacy, security, and their other lies.
And you should compare this to VPNs that give these requests the middle finger and say “sorry we do not and cannot log users”. This has happened to PIA twice, in a US court for cryin’ out loud! Look into it. Same thing’s happened to Express.
I repeat. Protonmail is a scam.
I make no pretence that there is privacy online.
I have said it before, everything I do online is as though I am sending a postcard.
The privacy comes in when I don’t have a company digging through my emails and selling my info.
From what I see, the email content was still not readable. The IP address was given.
As far as VPN’S go, I have always said that if PM decided to log an IP I would admit it and look elsewhere.
Well, I am still working this out but I am looking at options. However, any VPN can log IP addresses I think. The question for me is who do I go to? That I will search out.
However, I have and can admit when what I have been defending is off. So I am willing to eat humble pie as well.
But for email, it is a post card. Always has been, always will be. No matter who you use.
@H.S. if they don’t comply, the company can get in serious legal trouble. Back in 2016, Rise Up! had to comply with a subpoena and handed over metadata to police as part of a criminal investigation. In this case, it is the perpetrator’s fault for putting ProtonMail in this position.
I have no sympathy for people who use services, like ProtonMail, in order to conduct illegal activities. The rest of us law-abiding people have to suffer because of idiots like the one under investigation.
Of course they have to abide by the law. I think the more egregious fact is that ProtonMail started monitoring the climate activist back in January, when the injuction was ordered. Had the user been informed he was being monitored? If not, was it because of a gag order?
You realise that this whole thing escalated to monitor a group of school kids that formed a climate crisis association and planned to skip school? I’d say the French government raising this to Europol in order to force Switzerland, was uncalled for to say the least.
I suppose drug/human trafficking e-mails were light that day.
I am not going to say why they were targeted and neither should anyone.
We don’t know why. Maybe they were trying to save a tree but what was the methods? If it involed violence and destruction then they need to be arrested.
If it was because they formed a club to ask for money so they can go on a speaking tour, then no.
But knowing how some enviromental groups can and do become very millitant, I will wait to see what the full report says.
@BiffyBus when a criminal investigation is undertaken, the suspects are not notified since to do so would warn them and undermine the police catching them engaged in crime(s). Those kids you speak of could have been involved in eco-terrorism or some other serious criminal activities. Drug dealers, for example. routinely recruit minors to sell drugs so they can avoid time in jail.
ProtonMail found to be lying about “no logs” and provided IP address data of their users to government authorities:
https://thehackernews.com/2021/09/protonmail-shares-activists-ip-address.html?m=1
Yep, that’s why I’m here trying to find an alternative. But it doesn’t seem like there is one. I’m even willing to pay for a service that will stand up to tyranical governments.
@thegrinchdwarf do you think it is “tyranical” when people use services, like ProtonMail, to hide their engaging in potential criminal behavior? ProtonMail’s change in policy is the accused person’s fault, not theirs.
Maybe Countermail ?
They seem pretty strict with privacy.
The problem is to find a code to enroll …
@Brian Have you contacted their customer service to help you with that? If they cannot, I suggest you try another service, like ProtonMail or Tutanota.
https://support.countermail.com/open.php
No matter who you use, they will abide by the law.
Tutanota will, CTemplar will, etc.
Do I like it? No, but all this article shows is that Proton obeys the law.
@Jens actually this is a case of declarations running up against reality. Otherwise, ProtonMail’s guarantee of user content privacy were not violated.
How do you access mailfence emails on ios and notifications . Looks like they dont have the dedicated apps.
Hi Peter
You can create the Mailfence app in ios out of their webpage, using Safari.
I’ve just received this message on the Tutanota platform. For context I am the administrator.
“Sorry you are currently not allowed to send emails. Please contact your administrator”
Not sure if it’s Australian or NZ government (I tried to order some ivermectin from India) or Tutanota, but I would state that you should definitely not use this platform anymore.
was the email encryption turned on? Tutanota only encrypts to other Tutanota users, i believe, as well as to users of other email services only if you use a pre-shared password.
also could it be that any of the governments you mentioned restrict all encrypted emails, or at least emails from Tutanota? IOW, that it’s a blanket block, not that they saw the contents of your email.
Here’s a cautionary firsthand account of what I’ve just recently experienced after using ProtonMail a few years:
I just lost control of my ProtonMail account somehow and the support is horrific — very slow and completely unhelpful. Over four days have passed with no sign of anyone attempting to resolve my issue. All I know is that when I attempt to log in with my previous password (also stored in my browser), a message says that the password is incorrect.
ProtonMail has offered no information regarding whether someone else changed the password, whether the account has been blocked on their side, nothing. When I asked for this, they simply replied that it’s against their policy.
So, all the online account for which I used my ProtonMail address are impacted, as is my business and personal communication. I was apparently a fool to trust this company. I’ve never experienced this with any other web email.
I suppose that my best recourse is to file for losses in small claims court, requiring them to hire representation in my district.
It is very unfortunate you went through this and in many ways I agree. ProtonMail is a great service but their customer support needs a lot of work.
So far, I have not had many major issues and the responses I have gotten from customer service when I have had problems have been pretty good. But ProtonMail should have something in place to talk to a representative in real time, similar to IVPN which is located in Gibraltar.
I am green what how do you download the VPN and put it injunction with your email.
Depends with your email, browser, vpn.
What I do is log on to my VPN first, then open my browser, finally I access my email.
If you have your email and vpn from the same company then sometimes your email and password work on both.
In that instance set up 2FA as to give you better security.
If you want to give more detail explaining what you want, I may be able to anawer better.
Sven, Startmail only encrypts at rest if you are logged out.
Also, two-column interfaces are not outdated. They are so necessary. Three columns, in my view, are barely functional. I hate that many of these services all offer the same layout with no two-column option.
Mailfence is really overthought. I just got sucked into a six month sub and I don’t even like it.
They cannot import email either. Not ready for prime time.
I did like my Hushmail service which has the best layout and functionality, but is just basic email. But that is fine. They are just basically fascists however and do not honor GDPR. They will terminate your data without your knowledge. Never use them. But how I love their interface. All the rest except Startmail are crap compared to it in my view.
This space is not yet ready for prime time.
One further criterion I consider: Is the pronunciation and spelling of the service intuitive in multiple languages? Will I have to repeatedly spell my email address phonetically when talking to customer service reps over the telephone? This could not only become very annoying but also result in misunderstood (and mistyped) contact information.
Give me a simple company name! (Looking at you, Tutanota.)
DuckDuckGo’s email protection service is in Beta but you can sign up for it. This Verge article shows you how and what the service is all about.
https://www.theverge.com/2021/7/20/22576352/duckduckgo-email-protection-privacy-trackers-apple-alternative
Some very promising news about DuckDuckGo’s upcoming privacy email service.
https://www.bleepingcomputer.com/news/security/duckduckgos-new-email-privacy-service-forwards-tracker-free-messages/
Hey ! that looks good !
Did someone test @duck.com email services ?
My main issue with switching to new email accounts is that I have been using Gmail for 10 years now and would have to go through each and every account I have made and switch them over. And this is ignoring the price of a lot of them. Free email services may generally be bad for privacy but when you’re a teenager in an area without suitable jobs they’re your only choice.
Google is evil, arrogant, and a bully. I can’t understand why anybody would use anything ‘Google,’ YouTube excepted. Google can, and should, go straight to Hell. I would think anybody should be able to afford $50-60 a year for a paid service. Advice: When you CAN switch to a different service, choose one that allows you to set up a virtual email address (admittedly, you’ll have to pay for this as well), so if you ever switch again you won’t have to notify anybody of a new email address because you won’t have one; you can continue using the virtual address (assuming you switch to a service with that capability). Gets a little complicated, I guess, but it’s worth doing, and it’s not going to bankrupt anybody. Good luck!
Jacob,
“Free email services may generally be bad for privacy but when you’re a teenager in an area without suitable jobs they’re your only choice.”
True, but as an lonely teenager your influenced by your piers the most – not the parents your from. I would say as your leaning towards adulthood, start filtering your life by using a few different secure and private encrypted email services for the different rolls in your coming life’s endeavor (related to web business, your job(s), and finances-banking). Know what’s out there and what of it is going to work for you. I’ve never seen a marriage of an kind that’s 100% truthful to the other half involved – and that’s the truth with man/woman or person/business relationships.
Most every mainstream valued encrypted email service offers a free tier of their service, that means some can ride free (limited). While others on the service paid for more than the free tier accounts has offered to them. If your inbox is encrypted that’s a good foundation to start building on. Don’t worry about sending & receipt of any encrypted message and others getting and decrypting them as well you too.
1st thing is to get an encrypted secure inbox (mailbox service). As you can still send and receive clear-texts messages there just the same as you do in gmail general now. An encrypted inbox (mailbox) means unlike google and it’s partners as the email service you move from for another and will pick. Meant as they can’t and will have no access to your inbox and then your family/friends information as well as their thoughts of anything.
Because there mainly lock up by your paraphrase/PW on this encrypted mail server’s end of this service you’d pick.
An important base step right now is to secure with an email service that encrypts your inbox at lease. Better would be if your attachments and contacts list are under lock and key also. To mean your digital threads of life (messages) to others and their info. as well as everyone’s thoughts on a subject aren’t kept in any clear-texts storage on the account (your/everyone’s) server. Then only you would have the key to decrypt and read from your end. Because generally messages are being stored on someone’s else server that you have no way of knowing how secure and encrypted the bugger is, or remembering that nothing is 100% digital secure even from your end as well.
Your but one side of a message – think about the sender or receiver side half.
Mike’s last mention of Criptext eliminates the server problem mainly.
While Vanp suggests using an virtual email address (cloaking of sorts) where a service is used to forward messages on to your main email address.
While some may like the aline’s Blur product which let’s you decide who gets your private information, and who doesn’t. The Free Blur account offers encrypted passwords, masked emails, tracker blocking, and auto-fill. While a Paid Blur account gets everything on the Free side & goes farther yet in helping you by masking your credit cards (with virtual cards), masked phone #s, then with backup and sync features.
The foundation you lay will be up to you and then remember everything is changing to fast to be 100% secure tomorrow if even a few hours from now in the digital realm. Though, do start by placing one foot in front of the other in your digital journey and with helping the others as you in it…with what you learn – good luck! Friend and be safe.
was to read – abine’s Blur product
typo as corrected to read – abine’s Blur product
@Stylin very interesting essay. I appreciate you sharing your thoughts, including about Albine Blur. In many ways I agree with a lot of your sentiments and I like a lot of the intent and features Blur has.
But you still have to entrust the company with a lot of your data. Cloudwards also reviewed Blur and says the company still has some work to do. I also am hesitant to use them due to the fact that they aren’t open source.
https://www.cloudwards.net/blur-review/
Hi Mike
I’m not a Blur fan (don’t use much of it) but paid the 100 yearly subscription for web purchases mainly. Where I just wasn’t comfortable with filling out of the order with my own info. except the delivery address. These stores or specially sites are where I couldn’t find the product or my price I’d give for it elsewhere. I figured a hundred is cheaper up front (on a year basics) than my financial rebound should anything go afoul being a one time mistake with one purchase.
The part about entrusting a company (Abine) is a two way street. They don’t know me and have their gov rules to follow to wart off money laundering. Then I’ll have some recourse thru the US court system besides the states attorney general’s remedies in which Abine is located. Then also with the CPA, FTC on the govs side beings Abine Blur – DeleteMe resides in the US.
If you trust PayPal getting set up with Blur is basically the same finical route. Deposits made and pulled back and you report what they were. Just like you have to prove yourself in the rest of your info with other privileged services you entrust. Then your open for business.
If want to say Abline Blur is like PayPay you’d be wrong in that it’s only close on some parts.
PayPal has a better resolve channel and not much privacy, and Blur offers more departments of privacy (Masked) of your identity it covers. But I don’t believe they (Abine) can do anything more than a bank or credit union in a contested charge or any charge back.
I’m only trying to protect myself from personal loss and infringements here, not to hide or be anonymous.
Thanks Friend
There are great, privacy focused, secure emails. You don’t have to be locked in to Google.
Protonmail is one that I recommend.
With Ctemplar ? U might want to rethink that position.
I was and my account is screwed now.
Via a question I asked their support,
(answer) – As you are probably aware, yesterday we had a catastrophic technical failure that caused partial data loss, in one way or another, to most customers.
We are doing our best to restore the normal service. For now, it is confirmed the data loss has affected most customers to a higher or lower degree. We are making sure nothing similar to this will happen again in the future by reviewing our backup policy.
We apologize once again. From the affected accounts, some have been totally lost, and some like yours could be restored thanks to a disk snapshot we took at the last internal security audit.
We are making sure nothing similar to this will happen again in the future by reviewing our backup policy and making it less aggressive to bring our customers with the balance between privacy and data security.
…So it’s a hell of a place to be, promised privacy but to loose everything in your account that wasn’t in a snapshot backup. NOTHING IS 100% anything – take the air, it’s not 100% yours is it? Consider the internet like the air touching everything digital and like covid U need a vaccination in backups to live the digital life.
Shame Ctemplar wasn’t forth coming in this news and I had to ask, besides the 4-wall armor hype they need disclaimers – we are able to shoot our own foot and you will suffer.
Criptext is a free, open source, and secure email service I have located that is available on iOS and Android. Unfortunately, their email client is not available on F-Droid. Hopefully, that will change.
https://criptext.com/
https://github.com/Criptext
Sadly, they seem to be abandonware. Just check their subreddit.
In what way? Could you elaborate on that?
Hi Sven. I just ran into this webpage. Very good. Can you recommend any US private email servers? If I have to sue for privacy, I’d like it to be under American law. Suggestions?
The only private email server I am aware of is Helm which is based out of Seattle, Washington.
https://thehelm.com/
Protonmail has just released their security audit.
https://protonmail.com/blog/security-audit/
Hi Mr. Taylor,
I have been honored to provide information on digital privacy for a fairly substantial audience in a volunteer capacity. It is my way of giving back after a substantial privacy infiltration in my own life. I have a keen eye for inspiring & informative individuals. Your passion could supplement the audience served by a particular niche of a newsletter audience. Please email me to discuss further. I would like to cite your expertise within my newsletter contributions, and discuss topics of interest for both teens and adults. (I’ll be writing two columns.) I’m not an expert in this arena, but a doctoral student on hiatus from academics due to COVID & the impact on my professional obligations once it “hit.” The more expertise the better to provide best information to an audience of vulnerable individuals. Please delete my comment once received—I did not see a way to directly email you here, or on LinkedIn.
Hi Kathy, here’s our contact page, feel free to drop us a line!
Hi Sven,
Again really great website, I have learnt a lot.
I see that besides Protonmail, ll others are in countries that part of the “14 eyes”, how much that important to you as privacy professional in your decision?
Regards
I think it is one factor (among many factors) to consider. It really depends on your own unique needs. And you can also have numerous email accounts, with varying privacy and security requirements for each one.
What about SafeSwiss Email?
Hi, it’s Secure Messenger, not an e-mail service.
This is a big blow for Protonmail services. Certainly, they will lose trust and customers. However, it would be naive to believe there are many companies that’d resist such asks from the authorities. Anywhere. The only possible way is that you make an “impenetrable” software, with no backdoor. And don’t lie to your customers, of course. But we can see there are not many companies with such reputation. The reality will be that one have to switch apps frequently to at least partially save the privacy in the internet world…
Hi,
Regards Tutanota:
I’m from Israel and can’t send/receive to/from any government office or subsidiaries, only to private or companies it works well;
The answer from Tutanota: “We currently don’t now why this happens. The receiving email server is responding with a message that the tutanota.com domain cannot be resolved. Our DNS entries are all correctly configured, if that would not be the case nobody is able to send or receive messages.
I think the error message is wrong and they are just blocking us. Can you please try to get in contact with them and ask for the reason. Here is the detailed error message”
So I tried with Mailfence to the same addresses, they received! Unfortunately I used only Tutanota till now……so to update everything to new email addsress, lte’s see.
BTW, I asked Tutanota regards cloud service, was answered:” Our development team is currently working on finishing the offline mode for the mail clients, we may introduce an encrypted cloud storage feature at a future date but it there is no fixed release plan.”
Thank you very much for you rational reply. Your are a prince among men!
I will give them a try.
Pegar
Sven,
At the end of your 12 Best.. review, you added as “Worth Mentioning” a service I hadn’t heard of: CyberFear Anonymous Email, which is located in Poland. I looked at their web site and it looks quite interesting. My one concern is the proximity of Poland to Russian and the LONG history of conflict between those 2 nations. Given Russia’s “state sponsored” hacking around the globe, and their animosity towards Poland, would CyberFear be a prime target for Russian interference?
Any thoughts or comments would be most appreciated.
Pegar
Hi Pegar, I would not worry about it. Poland remains an independent country. I’d be more concerned about email services in the US.