Are your emails and attachments safe from prying eyes?
Unless you are using a secure email service that respects your privacy, the answer is probably no. Most large email providers, such as Gmail and Yahoo, do not respect the privacy of your inbox. For example:
- Google is adding ever more advertisements into your Gmail Promotions section. We’re also seeing reports that some people are finding ads interspersed between messages within their Gmail Inbox.
- Gmail was caught giving third parties full access to user emails and also tracking all of your purchases.
- Advertisers have been allowed to scan Yahoo and AOL accounts to “identify and segment potential customers by picking up on contextual buying signals, and past purchases.”
- Yahoo has been caught scanning emails in real time for US surveillance agencies.
In today’s digital age, securing your communications has become increasingly important as data breaches and privacy concerns are on the rise. With the average person spending more than five hours managing their work and personal emails daily, it’s essential to opt for the most secure email provider that prioritizes encryption and privacy. In this article, we present the top 10 secure email providers for 2024, along with essential factors to consider when choosing the best one for your needs.
Big-name email services put lots of money into security, but they are also large targets and not invulnerable. A while back, the big news was the ease with which hackers were able to compromise thousands of Microsoft Exchange email servers. You might well be safer using a smaller, less well-known email service.
On a positive note, there is a relatively simple solution for keeping your inbox more secure: switch to a secure email provider that respects your privacy.
Privacy Tip: When using email, be sure to also use a good VPN to hide your IP address and secure your internet traffic. We use and recommend NordVPN, one of the top services that has passed independent privacy and security audits. Get 74% off NordVPN here >
What is the best secure email service in 2024?
With so many different types of users, there is no single “best secure email” service that will be the top choice for everyone. While some may prioritize maximum security and strong encryption, others may want convenience and simplicity with user-friendly apps for all devices.
With that being said, here are our top recommendations:
- Proton Mail – Best all-around secure email service based in Switzerland [33% off coupon]
- StartMail – Private email hosted in The Netherlands with unlimited aliases [50% off coupon]
- Mailfence – Secure email for professionals and teams
- Tuta Mail – Secure Email for Any Device
- Mailbox.org – Affordable private German email service
- Posteo – Reliable anonymous email service
- Runbox – Private email in Norway
- CounterMail – Swedish email with strong security features
- Kolab Now: Swiss email, compliant with GDPR, HIPAA, and PCI
- Soverin – Basic private email service
We also have a guide on encrypted email services here.
Factors to consider when choosing the best secure email service for your needs
Here are just a few factors to consider when switching to a secure email provider:
- Jurisdiction – Where is the service located and how does this affect user privacy? Where is your data physically stored?
- PGP support – Some secure email providers support PGP, while others do not use PGP due to its vulnerabilities and weaknesses.
- Import feature – Can you import your existing emails and contacts?
- Email apps – Due to encryption, many secure email services cannot be used with third-party email clients, but some also offer dedicated apps.
- Encryption – Are the emails end-to-end encrypted in transit? Are emails and attachments encrypted at rest?
- Features – Some features you may want to consider are contacts, calendars, file storage, inbox search, collaboration tools, and support for DAV services.
- Security – What are the provider’s safety standards and policies?
- Privacy – In which ways does the email service protect your privacy? What data is being collected, for how long, and why?
- Threat model – How much privacy and security do you need and which service best fits those needs?
The goal of this guide is to help you find the best secure email solution for your unique needs.
Here are the most secure email providers in 2024 that will protect your privacy.
1. Proton Mail – Best all-around secure email service
Based in | Switzerland |
Storage | 15-500 GB |
Price | $3.49/mo. |
Free Tier | Up to 1 GB |
Website | Proton.me |
Proton Mail is a Switzerland-based email service that enjoys a great reputation in the privacy community. It was started by a team of academics working at MIT and CERN in 2014. Shortly thereafter, it was promoted in media as “the only email system the NSA can’t access” – which was around the time Lavabit was shut down for not cooperating with the US government.
Looking at the service itself, Proton Mail has a lot going for it. It uses PGP encryption standards for email and stores all messages and attachments encrypted at rest on Swiss servers. Proton Mail has a unique feature for “self-destructing messages”, address verification, and full PGP support. Recently, it introduced Tracking Links Protection feature which removes tracking pixels from email links.
It also offers end-to-end and zero-access encryption for messages, which means that even the service providers themselves cannot access your content. This is a crucial feature for anyone who values their privacy and wants to ensure their communications remain confidential.
Proton Mail also has some additional tools that you may expect from a paid service.
- Proton Mail Bridge – allows Proton Mail to connect to other email services.
- Proton Calendar – easily manage your meetings and personal appointments.
- Proton Drive – store and share your important files via secure links.
- Proton VPN – a solid VPN is available by subscribing to Proton Unlimited plan. If you are intrigued, you may want to take a look at our ProtonVPN review.
- iOS and Android apps
See all Proton Mail features here >>
Proton Mail Encryption
Regarding encryption, it’s important to note that Proton Mail does not encrypt the subject lines of emails or certain metadata. Unfortunately, these are the inherent limitations of the PGP standard. Most of the email services we discuss here use PGP, but I wouldn’t count on any of them to protect me from the NSA or their counterparts in other countries.
Additionally, the Proton Mail search function can only search subject lines within your inbox, not the actual content of your emails. This is another functional limitation that comes from integrating more encryption and security into the service.
Proton Mail does offer some great apps for mobile devices (Android and iOS). You can also use Proton Mail with third-party apps through the Proton Mail Bridge feature (restricted to paid users).
Overall Proton Mail is a well-regarded email provider and should be a great secure email option for most users. Switzerland remains a strong privacy jurisdiction that is not a member of any surveillance alliances.
Note: Proton Mail is now integrated into the Proton suite of services. The full suite includes Proton Mail, Proton Calendar, Proton Drive, and Proton VPN. You can learn more about these products in our full Proton Mail review.
+ Pros
- End-to-end (E2E) and zero-access encryption for Email, Calendar, and Contact information
- Operates under Swiss jurisdiction
- All data stored on servers in Switzerland
- Apps for Android and iOS mobile devices
- Web client, encryption algorithms, Android and iOS code are all open source
- Support for custom domains
- Strips IP address from emails
- Can be used with third-party email clients through the Proton Mail Bridge feature
- Can import contacts and emails
– Cons
- Subject lines not encrypted
- May require personal information for verification of new accounts
Proton Mail Black Friday Deal is live:
Get 60% Off Proton Mail with two-year plans using the coupon below:
(Coupon is applied automatically; 30-day money-back guarantee)
See our Proton Mail review for more info.
2. StartMail – Private email hosted in The Netherlands with unlimited aliases
Based in | The Netherlands |
Storage | 10-20 GB |
Price | $3.00/mo. |
Free Tier | 7 day trial |
Website | StartMail.com |
StartMail is a rising star in the secure email world. As an established email service founded in 2013, we can be confident that StartMail will be around for the long haul. Based in the Netherlands, StartMail’s servers are well-protected, and the service supports two-factor authentication for additional security.
One of the best features that StartMail offers is unlimited aliases here. This feature allows you to manage multiple email identities under a single account. You can easily create as many email aliases as you like, giving you maximum privacy over your main email address when signing up for services. You can also create time limits for your aliases, ranging from one-time use to forever.
This secure email provider is particularly suited for individuals and businesses that rely heavily on desktop computers for their daily operations. With its state-of-the-art PGP end-to-end encryption, StartMail ensures that your emails are secure from the moment you hit send until they reach the recipient. This level of encryption is particularly important in today’s digital age, where data breaches and cyberattacks are increasingly common.
StartMail can be easily used with other email clients like ThunderBird or mobile clients on iOS and Android. And unlike some other providers, such as Proton Mail, StartMail does not offer dedicated apps. You can use the webmail version or any email client with StartMail.
The Netherlands is a good jurisdiction for privacy and StartMail aims to keep as little data as possible to run their operations. Unlike most other secure email providers, StartMail handles encryption server-side, rather than in the browser – see their white paper explaining why.
StartMail allows users to utilize PGP encryption with emails also being encrypted at rest on their Dutch servers. The whole service is user friendly, and you can encrypt and sign your mail with just one click.
StartMail’s strong encryption features and unlimited email aliases make it a great option for those who primarily use desktop devices for their email communications. If you’re looking for a secure email provider that offers robust encryption and the convenience of managing multiple email identities, StartMail could be the perfect fit for you.
+ Pros
- Create unlimited email aliases
- PGP end-to-end encryption
- Easy contacts and email migration
- Organize your inbox with filters
- Minimalistic design
- No ads. No tracking. No spam.
- Flexible spam filter
- Anonymous cryptocurrency payments
- Use custom domain
- Compliant with GDPR
- 7 day free trial
– Cons
- No free version
- Lacks calendar, notes, and file storage
StartMail Exclusive Coupon:
Get 50% off ANY subscription plan with the coupon below along with a 7 day free trial:
(Coupon is applied automatically.)
See our StartMail review for more info.
3. Mailfence – Secure email for professionals and teams
Based in | Belgium |
Storage | 11 – 225 GB |
Price | €2.50/mo. |
Free Tier | Up to 1 GB |
Website | Mailfence.com |
Mailfence is a fully-featured secure email provider offering calendar, contacts, file storage, and PGP encryption. It is based in Belgium, which is a solid privacy jurisdiction with strict data protection laws.
The core of Mailfence’s security is its powerful end-to-end encryption and digital signatures using OpenPGP. OpenPGP, or Open Pretty Good Privacy, is a non-proprietary protocol for encrypting email using public key cryptography. It is based on the original PGP (Pretty Good Privacy) software. This means that only you and the person you’re communicating with can read what is sent, and nobody else, not even Mailfence, can access your content. This is a crucial feature for anyone who values their privacy and wants to ensure their communications remain confidential.
Furthermore, Mailfence is based in Belgium, a country known for its strong data protection laws. The Belgian Data Protection Authority (DPA) is one of the most stringent in the European Union, which is known for its robust data protection framework. This geographical advantage provides an additional layer of security to Mailfence users. It’s like having a virtual safe for your emails, providing you with the peace of mind that your data is safe and secure.
While many secure email services sacrifice features and functionality for security, you can have it all with Mailfence. This makes Mailfence a great alternative to full email and productivity suites, such as G Suite or Office 365.
Mailfence supports all standard protocols like POP, IMAP, SMTP, WebDav. It also integrates a calendar, document storage, workspaces, and a chat which enable real time sharing of data and group collaboration, making it an ideal choice for professionals and teams.
While Mailfence does log IP addresses and some other data, it provides a user-friendly interface and accepts cryptocurrency payments for added privacy. The logging of IP addresses and some other data is part of Mailfence’s commitment to transparency. However, this information is only kept for a short period and is primarily used to maintain the quality and safety of the service.
The user-friendly interface of Mailfence ensures that even users who are not tech-savvy can navigate the platform with ease. The interface is clean, intuitive, and easy to use, making it easy to send, receive, and organize your emails. Moreover, Mailfence accepts cryptocurrency payments, which can provide an additional layer of privacy for users.
In order to further enhance the user experience, Mailfence has recently launched mobile apps for both iOS and Android platforms. This comes in addition to the Progressive Web App that was already available.
When I did an in-depth test for the Mailfence review, I found it to be very intuitive, sporting a slick interface with a tons of features. Its performance was smooth and I didn’t encounter any bugs. But, in case you experience any problems, you can always turn to their responsive email and phone support.
Note: Due to financial requirements imposed by Google, Mailfence has dropped support for POP/IMAP connections to Gmail servers.
+ Pros
- Offers end-to-end encryption and digital signatures
- Mobile app for iOS and Android
- Data is stored on Belgian servers
- Offers OpenPGP encryption
- Messages, Documents, Calendar, Contacts, and Groups
- Custom domains (paid plans)
- Password manager and 2FA
- SMTP, POP, and IMAP support
- Can synchronize with other email clients
- Supports password-protected messages with expiration time
- Removes IP addresses from mail headers
- OpenPGP user keystore
- Cryptocurrency payment options
– Cons
- Logging of IP address and some other data
- Code is not open source
See our Mailfence review for more info.
4. Tuta Email – Private and secure email in Germany
Based in | Germany |
Storage | 1 – 1,000 GB |
Price | €3.00/mo. |
Free Tier | Up to 1 GB |
Website | Tuta.com |
Tuta (formerly Tutanota) is a Germany-based secure email service run by a small team of privacy enthusiasts, with no outside investors or owners. Although it is not as well known as Proton Mail, Tuta is a serious player in the secure email space. Its hybrid encryption system overcomes some of the drawbacks of PGP, and your privacy rights are protected by the GDPR and other pro-privacy EU regulations.
Note: Tuta claims that their encryption can be updated and strengthened if necessary against quantum-computer attacks.
Tuta’s Encryption System
All messages in your inbox, contacts, and calendar are encrypted at rest on servers in Germany. For sending encrypted emails with Tuta, you have two options:
- When emailing another Tuta user, all of your emails are automatically encrypted (asymmetric encryption).
- When sending an email to someone with another email provider, the user receives a link to the message and a password key for encryption/decryption purposes (symmetric encryption).
Tuta establishes an external mailbox for that particular contact, where all the exchanged messages are securely encrypted. This proves to be quite useful, especially if you are using it for business.
While Tuta uses high-end encryption and is arguably one of the most secure email providers anywhere, there are also some downsides. This includes no support for PGP, IMAP, POP, or SMTP. Additionally, you cannot import existing emails into your encrypted Tuta inbox.
To make up for the lack of IMAP support, Tuta has built open source desktop clients for Windows, Linux, and macOS. They also have offline mode, so you can open your emails, calendars, and contacts even when not having access to the web.
All in all, Tuta is a transparent, high-security email provider that just may take your privacy to a whole other level.
+ Pros
- Encrypted messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
- Can search body of encrypted messages
- Can send encrypted messages to non-users
- Strips IP address from emails
- Desktop, mobile, and web apps
- Open source code (including mobile apps)
- Encrypted calendar with iCard support
- Encrypted contacts
- Inbox rules with Spam filter
- Multiple email addresses (aliases)
- Support for custom domains
– Cons
- Does not work with PGP
- Currently no way to import existing emails
- Will not work with 3rd-party email clients
Website: https://Tuta.com
See our Tuta review for more info.
5. Mailbox.org – Affordable private German email service
Based in | Germany |
Storage | 2 – 100 GB |
Price | €1.00/mo. |
Free Tier | None |
Website | Mailbox.org |
Mailbox.org is a german secure email service that you should definitely consider. It provides robust security for your email, but it also functions as an all-inclusive productivity suite, similar to Microsoft 365 (formerly known as Office 365). It offers a huge lineup of features, including Mail, Calendar, Address Book, Drive (cloud storage), Tasks, Portal, Text, Spreadsheet, Presentation, and Webchat. Impressively, Mailbox.org still has a user-friendly interface and sharp design.
When choosing a secure email provider, you often have to pick between features and security. With Mailbox.org, you can arguably get the best of both worlds. From the security and encryption side, it offers full PGP support and can easily encrypt all your data at rest on their secure servers in Germany. You can also use Mailbox.org with mobile apps and third-party email clients.
Lastly, Mailbox.org is very affordable, with basic plans starting at only €1 per month. You can pick up a free 30-day trial if you want to test-drive this privacy-focused email provider.
Note: Mailbox.org does receive requests for information from “public authorities.” In 2022, they received 55 requests for information, and ultimately rejected about 13% of them. They responded to the rest of them as required by law.
+ Pros
- PGP support (server-side or E2E through Mailvelope app)
- Company and servers located in Germany with strong privacy protections
- HSTS and PFS for messages in transit
- Protected against man-in-the-middle attacks
- Message and spam filters
- Virus protection
- Full text search
- POP, IMAP, SMTP, ActiveSync support
- vCard, CardDAV, CalDav support
- Messages are encrypted at rest
- Supports custom domains
- Mobile apps for some of the Office features
- Open source
– Cons
- No mobile email clients (but can be used with third-party email clients)
- Some tracking during registration
- PGP encryption leaves message subject and metadata exposed
Website: https://Mailbox.org/
Check out our Mailbox.org review for more details.
6. Posteo – Privacy-focused email in Germany
Based in | Germany |
Storage | 2 – 20 GB |
Price | €1.00/mo. |
Free Tier | None |
Website | Posteo.de |
Posteo is yet another German email service. It provides strong privacy and security to its users, and in many ways is similar to Mailbox.org. Both are comprehensive email providers that employ PGP encryption. They even charge similar prices. However, Posteo distinguishes itself in a few significant aspects:
- It does not support custom domains.
- There is no designated spam folder (emails are either sent to the inbox or not accepted).
- There are no trial or free versions, which is somewhat offset by its reasonable pricing.
Posteo really makes an effort to protect the privacy of its users. IP addresses are automatically stripped from emails, no logs are kept, and they offer strong encryption standards. In short, this email takes security and privacy very seriously.
Posteo also supports anonymous registration and anonymous payments – even allowing you to send cash in the mail for no digital trail. This is a trend we’ve seen with VPN services as well. And if you pay with a credit card, PayPal, or some other digital method, they manually separate account details from payment info.
In short, Posteo is an affordable, customizable, and secure service that’s a good option for users on a budget.
+ Pros
- Mail, Calendar, Contacts, and Notes are encrypted at rest with OpenPGP on secure servers in Germany
- Configurable spam filter
- Migration service for moving from another email service to Posteo
- Subject, headers, body, metadata, and attachments are encrypted
- Includes Messages, Calendar, Contacts (Address Book), and Notes
- Completely Open Source
- Strong commitment to privacy, sustainable energy, and other social initiatives
- Self-financed; good track record (operating since 2009)
- No logs, IP address stripping, secure email storage with daily backups
- Allows anonymous (cash) payments
- Supports SMTP, POP, and IMAP protocols
– Cons
- Custom domains not supported; no “.com” options available
- No spam folder (spam emails are either rejected or delivered to regular inbox)
- No trial or free version
- Cryptocurrency payments not supported
Website: https://Posteo.de/
See the Posteo review for more info.
7. Runbox – Private and sustainable email in Norway
Based in | Norway |
Storage | 2 – 50 GB |
Price | $1.66/mo. |
Free Tier | 30 day trial |
Website | Runbox.com |
Runbox is a Norwegian company that has been in the email business for over 20 years. Norway is a good secure-email jurisdiction, with a strong legal framework for privacy. All Runbox servers are located in secure data centers, running on clean, renewable, hydropower energy.
One unique feature of Runbox is that it gives you 100 aliases to use with your account. Secure file storage is also included, with different pricing tiers. Runbox fully supports SMTP, POP, and IMAP protocols and can be used with third-party email clients. They released Runbox 7 (still in beta) over a year ago, and are improving it all the time, with a massive number of updates taking place so far this year. So far, this is only a webmail service, so you won’t find any mobile or desktop clients.
Unlike some other secure email services, Runbox doesn’t have a built-in option for encrypting your entire mailbox. And while you can use PGP with Runbox, it is not yet fully integrated into the platform. Another drawback is that Runbox does not offer a built-in calendar, but this feature may be included when Version 7 gets released.
Runbox offers a 30-day free trial and makes importing your existing emails simple with the guides on their site. They also go the extra mile by giving you a 60-day money-back guarantee, so you can really get a sense of whether this service suits you before getting locked into a subscription.
+ Pros
- IP addresses stripped from messages
- Includes Webmail, Contacts, and Files
- Servers run on renewable energy
- Supports SMTP, POP, and IMAP protocols
- Synchronizes with other email clients
- GDPR compliant
- Norway has strong data protection laws
- 100 email aliases per mailbox
- Custom domain names on some paid accounts
- Numerous payment methods accepted (including cash and cryptocurrencies)
– Cons
- Browser-based; no desktop or mobile apps
- Not open source
- Data not encrypted within the Runbox system or at rest
- No business-specific features
Website: https://Runbox.com
Check out our Runbox review here.
8. CounterMail – Private and secure Swedish email service
Based in | Sweden |
Storage | 4 GB+ |
Price | $4.83/mo. |
Free Tier | 7 day free trial |
Website | CounterMail.com |
Next up on our list is CounterMail, a secure email provider based in Sweden. CounterMail has been operating for over 15 years with a goal to “offer the most secure online email service on the Internet, with excellent free support.”
Note: Before we go any further, you should know that registering for CounterMail currently requires an invitation from a premium CounterMail user. If you don’t know someone who already uses this service, you are not welcome right now.
CounterMail uses OpenPGP encryption with 4,096-bit encryption keys. They protect their users from identity leaks and Man-In-The-Middle attacks with RSA and AES-CBC encryption on top of SSL. Unfortunately, they do not have their own mobile or desktop apps.
In order to ensure your privacy, they keep no logs and they store your mail on diskless servers. Countermail anonymizes email headers and also strips the sender’s IP address. All emails and attachments are stored encrypted at rest using OpenPGP on servers in Sweden. Although the base storage is relatively small (4GB), you can permanently upgrade this via one-time payment.
While CounterMail is a bit more expensive than some other secure email providers, they explain this price difference comes from using only high-quality servers and implementing strong security measures. It may not have all the frills, but CounterMail is a serious security-focused email provider with a 15+ year track record.
+ Pros
- Supports cryptocurrency payments
- Secure, built-in password manager
- All emails and attachments stored encrypted on no-logs, secure servers in Sweden
- Custom domain support
- Message filter and autoresponder features
- Uses RSA, AES-CBC, and SSL encryption to protect against leaks and MITM attacks
– Cons
- Design and UI feels outdated
- More expensive than other secure email options
- Now requires an invite to register
https://CounterMail.com
9. Kolab Now – Fully-featured Swiss email
Based in | Switzerland |
Storage | 5 GB+ |
Price | $5.47/mo. |
Free Tier | 30 day trial |
Website | KolabNow.com |
Based in Switzerland, Kolab Now is a private email service offering lots of features and full email suite functionality. A Kolab Now subscription includes email, contacts, calendars, scheduling, collaboration/sharing tools, and cloud file storage. Right now they are also running a public beta of their voice and video conferencing system. All of these features make Kolab Now an excellent choice for business users, teams, and privacy-focused individuals.
The service does have a stylish and intuitive interface that makes it easy to organize yourself. There’s also a strong cross-platform support, so you can use Kolab Now on your computers, tablets, and smartphones. It can work in tandem with other email services, like Apple mail, Outlook, and Thunderbird.
While Kolab Now does offer numerous features and support for all major operating systems and devices, it does not provide the highest levels of security. End-to-end encryption for emails is available via Perfect Forward Secrecy and they are stored encrypted at rest.
The price is also on the higher end, especially if you want access to all features and unlock more storage. However, for those wanting a feature-rich email suite hosted in Switzerland, Kolab Now may be a good fit.
+ Pros
- Accepts cryptocurrency payments
- Full support for POP, SMTP, and IMAP
- Switzerland jurisdiction with strong privacy protection
- Full email suite with numerous features to replace Gmail, Office365, etc.
- Support for custom domains, teams, and business users
- End-to-end (E2E) encryption is available, but not built in
– Cons
- Email not encrypted at rest (but stored in high-security Swiss data center)
- Expensive
Website: https://KolabNow.com
10. Soverin – Basic private email in the Netherlands
Based in | The Netherlands |
Storage | 25 GB |
Price | €3.25/mo. |
Free Tier | No |
Website | Soverin.net |
Focusing on user privacy and data protection, Soverin offers a straightforward private email service. With end-to-end encryption and a user-friendly interface, Soverin is an excellent choice for users who want a simple and secure email service. As a user, you get to enjoy the peace of mind that comes with knowing your emails are shielded from prying eyes. Moreover, Soverin’s user interface is designed to be intuitive, making it easy for both tech-savvy users and those less familiar with digital technologies to navigate their email accounts with ease.
While Soverin may not offer numerous advanced features compared to some competitors, its focus on privacy and simplicity make it a top choice for users seeking a basic private email service. This means that while you might not get all the bells and whistles that come with some other email services, you get a no-nonsense, secure platform that prioritizes your privacy and makes email management a breeze. For those who value simplicity and security over a plethora of features, Soverin is a solid choice.
+ Pros
- 25 GB of data storage for all plans
- Data protected under Dutch privacy laws and GDPR
- Can be used with third-party email clients
– Cons
- No custom mobile apps
- Not open source
- No built-in encryption options
Website: https://Soverin.net
Email jurisdiction and data privacy
Did you know that the jurisdiction in which your email service is located can seriously impact the security of your data? Depending on your threat model, this could be a major consideration. For an in-depth overview of jurisdiction and privacy, you may want to read our article on the Five/9/14 Eyes surveillance alliances.
Here are some reasons why you should pay attention to jurisdiction.
Surveilance in the United States (leading member of the Five Eyes)
Tech companies in the US can be forced to give government agencies direct access to their servers for “extensive, in-depth surveillance on live communications and stored information” – as explained in the PRISM surveillance program. Data requests can also be accompanied by gag orders, which forbid the company from disclosing what’s going on (see also National Security Letters).
Several instances have been reported where American email service providers were compelled to surrender information. In a notable case, Lavabit chose to shut down the business instead of disclosing user data. Riseup, another email service provider in the US, was forced to hand over data to law enforcement agencies.
After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization).
There was a “gag order” that prevented us from disclosing even the existence of these warrants until now. This was also the reason why we could not update our “Canary” [warrant canary that warns users about these events].
State of privacy in Europe
Politicians in Europe are frequently trying to find an excuse to limit or ban the use of encryption by their people. This time, the argument is that encryption must be banned to fight child abuse. Once again it is up to email services like Tutanota and Mailfence to protect the privacy rights of their users. In April, a group of tech companies sent an open letter to the European Parliament arguing against the mass surveillance that the elimination of encryption would be meant to enable.
How this will turn out is unclear, but the possibility of the EU banning encryption casts doubts on the viability of any secure email service based in the EU.
We’ll let you know what happens with this.
All email providers must comply with the law
While these examples may seem alarming, the truth is that all email providers must comply with legal requirements in the country they are operating in. For example, Proton Mail, a Switzerland email provider, has also been forced to log IP addresses and disable accounts by valid court orders, as they disclose in their transparency report.
All in all, some jurisdictions are much better than others, so choose wisely. As a general rule, I’d still avoid email services in the US, and other Five Eyes jurisdictions.
Want secure email? Pay for it.
The unlimited “free” email business model is fundamentally flawed. It offers a free service, which is used to collect data and thereby monetize the user and make money on ads. With these privacy-abusing “free” services, you are actually paying for the product with your data.
In contrast, here we recommend privacy-friendly, secure, ad-free email services. While some of these email services offer limited free subscriptions, you will need to upgrade to a paid plan for more storage and premium features (the freemium business model).
Fortunately, you can “vote with your dollars” by supporting these privacy-respecting businesses and upgrade to paid accounts. This will help email providers to grow, improve, and serve more people with an ethical business model that does not rely on exploiting their users’ data.
Secure email shortcomings and PGP flaws
Most secure email services mentioned in this guide use PGP for end-to-end encryption. PGP, which stands for Pretty Good Privacy was invented back in 1991 by Phil Zimmermann.
PGP Flaws – While PGP is considered a trustworthy, secure encryption method, there have been some flaws in implementing PGP that have made headlines recently. And lets not forget about EFAIL vulnerabilities.
While the news did attract lots of attention, the “flaws” were mainly tied to the incorrect implementation of PGP by third parties. To my knowledge, this did not affect the secure email providers mentioned in this guide.
Limited Use – Another fundamental problem with adopting secure email is that few people are willing to go through the hassle of PGP key management, encryption, decryption, etc. However, there are some solutions to this, and by some measures encrypted email usage continues to grow.
Many providers address this issue by making encryption automatic and seamless. Tutanota, for example, uses built-in AES encryption that automatically encrypts emails between Tutanota users, including headers, subject line, body, and attachments. They also provide a secure, two-way communication contact form called Secure Connect.
Vulnerabilities – Even when using a secure browser, there are still weak points to consider with using browser-based email clients. Phil Zimmermann gave an interview highlighting some of these shortcomings:
“The browser is not a terribly safe place to run code. Browsers have a large attack surface,” he said. Wherever encryption and decryption take place, though, it’s a vast improvement on no encryption. But even encrypting messages may not be enough, depending on the threat model. The very nature of email makes it vulnerable.
“Email has an enormous attack surface,” Zimmermann said. “You’ve not only got cryptographic issues but you’ve got things like spam and phishing and loading images from a server somewhere that might have things embedded inside.”
On a positive note, there are many options for securing your browser – see the secure browser and Firefox privacy guides. Furthermore, most secure email providers offer protection against these attack vectors by blocking email images by default and utilizing virus filters.
However, you should keep in mind that desktop email clients can also be problematic. They can potentially reveal unique information about your operating system, your IP address, and location.
Regardless of these limitations, using a secure email provider will help you keep large tech companies from extracting your email data for third parties.
Secure email vs secure messaging apps
Depending on your threat model, you may also want to consider using secure messaging apps, which do not have all of the vulnerabilities discussed above.
We have tested many different services and compiled a list of our favorites. Here are a few reviews of some of the best apps we’ve tested:
Encrypted messaging apps generally offer a higher level of security than email services. Plus, they are much easier to use than PGP email encryption.
Finally, encrypted messaging apps are also convenient for back-and-forth conversations, document sharing, and collaboration with others. For more information, check out our roundup guide on the best secure messaging apps.
Use a premium VPN with email
One fundamental problem with email is that it can expose your IP address and location to third parties, by design.
While some secure email services strip IP addresses and conceal metadata, many others do not. And as we saw with the Proton Mail logging case, email services may be forced to log user IP addresses by valid court orders, without disclosing any information to the user. We’ve seen this with email providers in the US, Germany, and even Switzerland.
Finally, there’s also the fact that many email services keep logs for security. This may include user IP addresses, connection times, and other metadata. Of course, whenever you have logs, there’s a risk that this data could end up with third parties, for various reasons.
To effectively conceal your IP address and location, you will need to use a good VPN (Virtual Private Network). Popular VPN services, such as ExpressVPN and NordVPN, offer VPN clients (apps) for all major operating systems and devices.
A VPN creates a secure tunnel between your device and a VPN server, encrypting your traffic and concealing your real IP address and location. This will improve your privacy and security, all the while you carry on with business as usual. Larger providers, such as NordVPN and Surfshark, have huge server networks all around the world, so you can use them everywhere.
Because a VPN offers significant privacy and security benefits, it’s a smart idea to use one whenever you’re online. Internet providers in many countries are recording user browsing history by logging DNS requests. Depending on local laws, this information could then be sold to advertisers or handed to government agencies in countries with mandatory data retention laws. With a VPN, your DNS requests are encrypted and handled by the VPN server and unreadable to your ISP or other parties.
At the time of publication, our top VPN recommendations right now are NordVPN, which also comes with a 74% off coupon here. For the latest VPN rankings and tips, see our guide on the best VPN services.
Benefits of Open Source in Secure Email Providers
When considering secure email providers, open source software offers a multitude of benefits. By allowing users and developers to access and review the source code, open source software ensures transparency and enables the verification of its security and trustworthiness. This public scrutiny helps identify any potential security vulnerabilities and ensures that the software is regularly updated and improved.
Another advantage of open source software is community-driven development, a collaborative approach that allows a community of developers to work together to improve the software. This leads to faster development and more reliable and secure software, as potential issues are identified and resolved more quickly.
In summary, choosing a secure email provider that utilizes open source software is advantageous in terms of security and reliability, as it allows for public review and verification of its encryption protocols and privacy protections.
Conclusion on secure and private email services in 2024
Regardless of your circumstances, switching to a secure and private email service will improve your privacy. Major email providers like Gmail, Yahoo, and Microsoft don’t always prioritize user privacy, so you have to look after it yourself. Paying for one of these secure email services means you won’t be paying with your privacy by using “freebies”.
Once you switch to one of these email services your private communications will be much more secure. Then, all you need to do is avoid non-technical attacks, like classic email scams that never seem to go away.
See the main privacy tools guide for other privacy and security essentials.
We also have a guide on encrypting email.
If you want more info on these secure email providers, you could check out our in-depth reviews below:
- Proton Mail Review
- Tuta Review
- Mailfence Review
- Mailbox.org Review
- Hushmail Review
- Posteo Review
- Fastmail Review
- Runbox Review
- StartMail Review
Have you used one of these secure email providers? Feel free to leave your feedback/review of the service below.
This secure email guide was last updated on June 13, 2024.
TROUDUKU
Best and safest is SNAIL MAIL or smoke signals
Winston Smith IV
Very disheartened to see this is an old article. Comments go back to January 5, 2022. Additionally, your referenced article on Five Eyes, Nine Eyes, 14 Eyes (What to Avoid in 2024), renders all but Proton & Kolab useless for privacy and seizure as they are based in Switzerland. The other eight are in 14 Eyes countries. Even with that, you say you trust none of the PGP based can stand up to the US’s NSA. That leaves just Kolab as the logical choice, if they are not PGP? We are, and have been living in 1984 since at least September 11, 2001.
lelow
You think – WS IV?
Email is an electric postcard and used with PGP the image we get, AI / QC has cracked post-quantum cryptography (PQP) encryption!
(Development of quantum algorithms is in its early stages, and the infrastructure for designing, testing, and running these algorithms is still evolving). https://medium.com/@nirvana_nss/2024-edition-an-overview-of-quantum-computing-and-the-realistic-path-to-implementation-550b699240a8
https://en.m.wikipedia.org/wiki/Post-quantum_cryptography
Yes, pre-1984-1993 before the use of electronic or computer-based systems to represent and manipulate information, was a grand anolog time…
Quantum-Resistant Encryption::: Organizations are urged to migrate to quantum-resistant encryption algorithms to safeguard sensitive information, as quantum computing threatens existing encryption standards.
Dana
My email was being forwarded from Skiff to another account I set up, until a few days ago. It was supposed to end around Feb 9, 2025, but now that has ended without notice.
Andre
It blows my mind that people still support companies like Notion. I actually liked Skiff—10 GB of FREE email storage was amazing! Notion seems incredibly shady to me. They still have the Skiff Mail main page up, promoting Skiff Mail.
lelow
@Dana-Andre,
Zoho still lists a ‘Forever Free Plan’ scroll down to it!
https://www.zoho.com/mail/zohomail-pricing.html
Don’t know what you require for mail but, this is good for general mail and free! Has a lot I don’t need geared for business needs.
Skiff and before it, Ctemplar as both saw the sun set on my accounts!
Posteo is good for general mail as well, if you can pay something for it…
Tuta is a top of the chain contender for a transparent, high-security email provider that out of the box is ready to go.
FUDBuster
The problem with this is that none of these services do anything for you if the people you are emailing back and forth are using one of those terrible email services (Google, Outlook, etc). And I’d venture to bet that is most of the email traffic for most people.
DrWho
Above note that, 1 on the list does>
When sending an email to someone with another email provider, the user receives a link to the message and a password key for encryption/decryption purposes (symmetric encryption).
Tuta establishes an external mailbox for that particular contact, where all the exchanged messages are securely encrypted. This proves to be quite useful, especially if you are using it for business. – – or <emailing back and forth to people using one of those terrible email services (Google, Outlook, etc).
Question
@DrWho? Huh?
WhoDr
Dang @Question, try research, you’d be suprized by your discovery just reading my words and relating to the article of the same info. . .
It to me, shows your not worth the salt of labor.
All in all, Tuta is a transparent, high-security email provider that just may take your privacy to a whole other level.
+ Pros . . . .
Encrypted messages (including Subject lines) Address Book, Inbox Rules and Filters, Search Index, encrypted at rest and stored on German servers
+
Can search body of encrypted messages
+
☆☆☆☆☆ Can send encrypted messages to non-users ☆☆☆☆☆
+
Strips IP address from emails
+
Desktop, mobile, and web apps
+
Open source code (including mobile apps)
+
Encrypted calendar with iCard support
+
Encrypted contacts
+
Inbox rules with Spam filter
+
Multiple email addresses (aliases)
+
Support for custom domains
Please try working on asking a question with a proper sentence to what you want!
Scully
@FUDBuster, these secure email clients serve one purpose: provide a false sense of security to anyone who sends or receives mail from someone who doesn’t use a secure email provider. As studies show again and again, people love being misled. That’s why TikTok and YouTube are so incredibly popular.
DrWho
@Scully, your reply is mostly right!
Thinking of the concept of cults in the context of digital technology; meant as the fervent devotion and loyalty exhibited by individuals towards specific technology companies, platforms, or digital ideologies.
This human phenomenon is not limited to a particular time era or region, but has evolved over time, and of late particularly with the digital medium of tech supplied by Silicon Valley since the WWW.
My trouble is all these niche mail services, (or grassroot) types do hype up what they do, by saying secure and encrypted in their sales pitch.
Throwing customers in a glent as that they are more than you need. Really being nothing more than a roll your own experiment they want to be paid for. Maybe the only encryption they offer is that of Transport Layer Security (TLS). A widely adopted protocol for email encryption, ensuring secure connections between email servers.
Fine, if that’s true of their email encryption basics. But this mode can only be a company outline, and since there is no set blueprint for the classification of any secure and encrypted digital mail service.
Alex’s resource here is valuable to those who like to drill down in the facts of each company he’s covered. That these mentions are kept updated over time and draws much of Alex – thanks sir!
Email encryption is crucial to protect sensitive information during transit. While TLS and any addition of PGP provide robust encryption, limitations exist, such as key management and email provider access. By following best practices, you can enhance email security and minimize your vulnerabilities.
However, for the highest level of security, consider using end-to-end encryption and implementing robust key management practices.
Aways verify the service’s claims about end-to-end encryption and ensure that it meets your specific security and privacy needs.
Tuta’s automatic end-to-end encryption email service is ready to go, offering a secure and reliable solution for users seeking to protect their private communications. Tuta encrypts all data, including email headers and metadata, end-to-end, ensuring that only the intended recipient can read the content.
BITR
@Gerhard Kreuzer july 21,2024, sorry I missed your query.
Basically, a Google account is necessary for Android devices though…as you explained – some google account was needed – – this be the google account you setup or linked while setting up your android device understand?
– Brave Browser on Android No Google –
Follow these steps, you can enjoy a fast, private, and secure browsing experience with Brave on your Android device without relying on a Google account.
You can install and use Brave Browser on Android without a Google account as necessary.
Here are the steps:
Download the Brave APK: Visit the Brave website and navigate to the “Mobile” section. Click on “Download APK” and select the Android version that you’re using (ARM or x86). Save the APK file to your device.
– Install the APK: Go to your device’s “Downloads” folder and find the Brave APK file. Tap on it to initiate the installation process. You may need to enable “Unknown sources” in your device’s settings (Settings > Security > Unknown sources) if you haven’t done so already.
– Launch Brave: Once installed, find the Brave icon in your app drawer and tap on it to launch the browser.
– Configure Brave: You won’t need a Google account to use Brave, but you may want to customize some settings. Tap the three horizontal lines (menu icon) in the top-right corner, then select “Settings” and adjust your preferences as needed.
Note: Since you’re not using a Google account, you won’t have access to Google Play Services or Google Play Store. This means you won’t be able to update Brave automatically, but you can still manually update the browser by downloading the latest APK from the Brave website.
Additional Tips
Brave is available on F-Droid, a popular alternative app store that doesn’t require a Google account. You can find Brave on F-Droid if you prefer to use a non-Google app store.
If you’re using a custom ROM or a device with a non-standard Android version, you may need to check compatibility before installing Brave.
Hope to help sir
glix
As a Linux user, I’m tired of being treated as a second class citizen by Proton Mail 🙁👎
BITR
If this helps, here are some secure encrypted email services or other options suitable for Linux.
1- Tutanota: A open-source email service that provides end-to-end encryption, zero-knowledge policy, and secure calendar and file storage. It’s also compatible with Linux and has a simple, intuitive interface.
https://tuta.com/
2- Private-Mail: A secure email service that offers PGP encryption, secure calendar, and file storage.
It’s compatible with Linux and has a user-friendly interface. Private-Mail is your total email and cloud storage privacy solution for any device.
https://privatemail.com/downloads.php
3- Mailpile: An open-source email client that works with other email services to encrypt communication using OpenPGP. It’s compatible with Linux and can run on a Raspberry Pi.
https://www.mailpile.is/blog/2023-05-01_A_Mail_Client_in_Six_Steps.html
4- The Mutt slogan is “All mail clients suck. This one just sucks less.”
Mutt is a text-based email client for Unix-like systems. Initial release 1995, Stable release 2.2.13 / 9 March 2024.
https://en.m.wikipedia.org/wiki/Mutt_(email_client)
5- GroupWise is a messaging and collaboration platform from OpenText that supports email, calendaring, personal information management, instant messaging, and document management. The GroupWise platform consists of desktop client software, which is available for Windows, (formerly Mac OS X, and Linux), and the server software, which is supported on Windows Server and Linux.
https://en.m.wikipedia.org/wiki/GroupWise
6- Alpine is based on pine, a text-based E-mail and newsclient that was originally released by the University of Washington in 1991. It is an easier to use alternative to mutt, a more lightweight approach to the mail reader concept.
https://wiki.archlinux.org/title/Alpine
7- An Xbox with Linux can be a full desktop computer with mouse and keyboard, a web/email box connected to TV, a server or router or a node in a cluster. You can either dual-boot or use Linux only; in the latter case, you can replace both IDE devices. And yes, you can connect the Xbox to a VGA monitor.
https://en.m.wikipedia.org/wiki/Xbox_Linux
Sorry I don’t use linux but, I can get in experimental moods sometimes. But tech right now is not inspiring me with AI’s addition. If Linux stays clear of AI, which both seem to be not for amateurs, who would settle for a fast dipping of their toes into shallow waters to decide.
– – Compared to a deep black plunge that is attempting to define any fuller understanding, path, history and future maps paths in elevoution, as all is up for your rational of a determination!
Someday soon, maybe all of us will have to make a decision.
If you chose not to decide in either case, you still have made a decision.
Greetings = ) friend
googleaked
i wonder
About advertising thousands of aliases …
If you use a provider, for example, like Startmail to create aliases using your custom domain.
aren’t you stuck with that provider forever or can you transfer these created aliases to a new hosting provider ?
BITR
I can’t wrap my thoughts around why you’d want to keep your created aliases, and then top that with having a custom domain for the twist?
You do understand each ones single purpose, and why or what purpose in combining the both serves your email use?
Aliases can disguise your primary email address, protecting it from unwanted parties or spam, to keep their primary email address private.
Management to easily add or remove aliases as needed without affecting your primary email address.
Your primary email address remains unchanged, and all incoming emails are consolidated into a single inbox.
Custom domains are also known as personalized domains or vanity URLs.
Custom domains differ from generic domains.
Instead of generic email addresses like user@example.com. Custom domains typically consist of random words or phrases.
With a custom domain, you can change your mailbox service provider as well to move your custom domain to a new hosting provider without affecting the domain name.
googleaked
Thanks for your detailed explanation with educational links.
What a short question can bring about 🙂
The domain is from a random registrar where I NOT host the mail.
I did this to test how it works with the various mailbox services
After my post I have also done some practical research at startmail,protonmail,vimexx.
My experience so far is that most mail providers do bundle sales against generally higher prices for a domain or a free extra domain in which the renewal price is not immediately visible.
My advice = read twice
I do not use aliases with “+” because your actual email address is simply visible in them.
Experience shows that the aliases with OWN DOMAIN can simply be transferred from startmail to protonmail.
I leave the records and created aliases and messages at proton or stratmail as they are and switch the records at the registrar. ( btw. 1 day later proton detects this )
The aliases can also be used as normal email addresses (with password) at a regular hoster as tested at vimexx.
The aliases that you create via startmail or protonmail on their domain names can, as far as I can tell, of course only be used at the provider in question.
With that last line of text I think you can conclude that if you subscribe purely for the creation of aliases at Startmail or Protonmail (only 2 examples) you are stuck with that provider forever.
BITR
Hey googleaked thanks for your update. Its all an aid for RP people’s sake.
More tidbits, your said email mailbox account will only host the email handling of the (MX-record) mail exchanger for your own domain.
Look for TLD domains from quality Registrar sites which the renewal price are immediately visible. Sales happen all the time mostly for 1st yr, but renewals can cost more so research. Ceck a registrars site for a discount code section.
For Domains you own specifically you can mask your information from the public records but, it can’t be anonymously entered into the ICANN record, where you’ve (bought and registered). As at some point you may have to prove that you indeed own the Domain in question.
https://en.m.wikipedia.org/wiki/Domain_privacy
MASKING:
A whois-proxy server is one option, there are more probably but, one of the simplest solutions is going with a domain registrar with their own whois privacy offered for qualified TLD’s and it’s free of charge as such in registrar Namecheap does.
Once you have custom domain set up, you can test sending email with https://www.mail-tester.com. Send an email using your custom domain email address to the unique address on mail-tester.com and check your spammy-ness score. If you have both SPF and DKIM set properly, you should be able to score 10/10!
Final NOTE: Using a catch-all address is never good, because you will receive much more spam emails.
Greetings hope this helps.
BITR
Swisscows.email is now subject to a fee !
How about that for the basic 2 gb account I had.
Swisscows offers security, protection and is committed to your privacy. This incurs costs that need to be covered. To protect our email service and provide more security for our users, we have decided to introduce a small fee. This helps to combat misuse of Swisscows.email and users contribute to its further development.
Is the security of your e-mail worth CHF 1.99 / month to you? Then please purchase your @swisscows.email address in your Swisscows Basic account by September 30, 2024.
Branecrypt
Request for review here
I am the head developer that worked on a new closed loop email system called Branecrypt.
We are more of a business oriented encrypted email system that we are opening to the public that truely cares about your privacy and protection. We charge a monthly fee of 4.99 for 20 Gigs of storage. (we do offer promocodes for free months)
BITR
New blood, interesting to hear about you. Comparing your yearly prices, can we see a bottom tier costing less with 5-7 GB storage say, maybe only support by email for a cost break?
[https://www.branesystems.com/legal/securemail/faq.php]
ABOUT:
As a compact software company, we focus on developing pioneering technologies that guarantee the safety, privacy, and resilience of our clients’ most valuable data and assets.
Hey as you are, please consider developing custom solutions in some contract analysis tools. Creating a tailored, fortified entry to the digital landscape system for our use of tracking and sorting softwares, firmwares, apps and websites.
Related to the acceptance or regection for a companies TOS and PP agreements. **This could involve natural language processing (NLP) and machine learning (ML) techniques to analyze and categorize agreements for red flags, partnerships and associates use of your data and assets.
Branecrypt
We are currently playing with our prices to stay competitive. We are looking into a lower tier right now and possibly a free tier (the only free tier currently is the recipient who can only reply to the email they received). What would be a good entry price in your opinion for a 5 gig plan? I would love for you to try it out and give feedback! PROMOCODE: FREEMONTH
[https://www.branecrypt.com/]
We have a few other products in the pipeline like a “smart” file drive to go with our encrypted email system and working with clinics around the US to provide AI assisted imaging.
We have a lot of plans for ML and AI to help with writing and such but every part of our system from the front end code to the back end code to the AI is developed in-house in Texas. We have strong concerns about using chatgpt and co pilot as we do not know what they are doing with the data when it is sent and we can not guarantee your data’s safety if it does not stay in house.
BITR
Branecrypt, how about your cost + 15% for the 5 gig plan for a year. Its hard to go down after a set price, but costs rise time and time again on things.
Leave it open a years time to build up a user base. Then adjust this tier as needed.
Personally, any free plan tier offered should be only accepted after its been associated or granted, after an active annual paid plans activation. Mostly for family members under 18 yoa.
Free tier storage limit of 1 GB with options to add storage. To manage that hole for a redline.
A real good service that its prices kept their use base low, might be helpful to understand features to price points don’t add up to long term sustainability.
[https://ctemplar.com/pricing/]
Good luck and I might give it a trial run, thank you.
BITR
Branecrypt, About: Developing a legal contract analysis tool – request…
Anyone forging a trip to a software developers or any web business TOS and PP pages are left imaged to the understanding of the ground up view to what happens to your data.
Ex: take a tree, trunk the main software package – limbs and branches where your privacy is shared.
Below the ground view will be the foundational roots where your privacy is lost. . .through, partnerships and sub-companies needed to support the trunk. Guised in the legalise there.
Anyone changing services, software applications and mobile apps to any e-commerence websites are your future customers. Last option like this was – [https://web.archive.org/web/20190701104730/http://www.brightfort.com/eulalyzer.html#Overview]
Just think where big data and AI could take this concept…
How many people actually read a ‘EULA’ license agreement of the software they install?
Or for that matter of a Website’s Privacy Policy to make sense of the nonsensical?
Don’t just write off the ‘EULA’ license agreements and Privacy Policies as too long and verbose to read…your welcome = )
BITR
“Branecrypt enforces secure password practices, requiring users to update passwords every three months to enhance security.”
Question, I use 18-20 characters for my passwords – can I turn this requirement off or have it happen annually 12mos?
“encryption of emails both in transit and at rest, and secure storage of encryption keys.”
Question, are message attachments and contacts encrypted at rest?
A-Branecrypt handles attachments by encrypting in a separate location than with the original email message, ensuring that they remain secure during transmission and storage.
Question, Is the message metadata encrypted in transit with Branecrypt?
A-Branecrypt minimizes the collection and storage of metadata associated with your emails/so no metadata encryption?
“Branecrypt will work on various platforms, including Windows and macOS as well as iOS and Android mobile phones and tablets.”
Question, any plans for mobile apps?
Or will you stay a web-based mail platform.
Note:
The total of all of the email bodies and attachment count toward your inbox size that varies based on your subscription plan. Storage of encrypted files will be slightly larger than the original attachment file sizes due to encryption overhead.
It’s important to note that the extent of the size increase depends on the encryption algorithm, key size, padding requirements, and other factors specific to the encryption implementation.
marquitos
i need Invitation code for conter mail
Free version?
What free version besides Proton do you recommend?
The blog is quite convoluted and readers are forced to sift through all the individual reviews of the service to obtain if there is a free tier available or to ask a simple question like I have now.
Alex Lekander
Mailfence and Tuta are good options.
Bradley
Hi Alex. I’ve been a paying customer of Protonmail for quite a while now and I’ve not had a good/positive experience with their customer service. I would absolutely not recommend them to anyone.
BITR
Free tier’s were available from Mailfence, Protonmail, Tutanota, and Kolab Now. Encryption email services usually have payment tiers, and the Free Tier, if offered, was paid by those payment tiers. Fastforeward as of today, smaller email services have increased overhead as all of us. Eliminating their free tiers in lue of raising prices on their paying customers, could be why you dont probably see a List of Free here. Or found easily on the email service own sites, themselves.
Yet tons of other relevant information from RP in the Private and Secure Email Services topic.
Additionally, a free tier email service fit for this service lost, may have limitations on storage space and email sending limits. Zoho still lists a ‘Forever Free Plan’ scroll down to it!
[https://www.zoho.com/mail/zohomail-pricing.html]
Brandt
I have to agree. I was prepared to go with a paid version of Start Mail based on your recommendations and it’s not available in the Playstore. I need an easy to use, mobile app where I can respond to emails, for an Android. A lot of the lingo is over my head, so I don’t know how to add extensions, etc. I just need something basic & easy to use. I can’t tolerate giving my money to ProtonMail anymore.
vanp
I don’t know anything about Playstore, but StartMail of course can be downloaded from it’s website (www.startmail.com). The FAQs say it can be used with a mobile phone (and why shouldn’t it be usable?). Also, you can get a 7-day free trial. Maybe I’m missing something here.
BITR
@Brandt maybe Beverley and to update vanp question – of maybe missed something.
Startmail has no mobile native-apps!
The scattered reviews suggest that configuring StartMail on a mobile device involves a tedious process of filling in IMAP and SMTP server details, along with a device-specific password generated by StartMail. This may require some technical expertise and may not be as seamless as using a native app. Not all is lost though, keep reading.
It’s worth noting that StartMail’s focus seems to be on providing a secure and private email service through its web portal and IMAP support, rather than developing native mobile apps. If you’re looking for a mobile app experience, StartMail may not be the best fit for you. However, if you prioritize email security and privacy, StartMail’s IMAP support can still provide a secure way to access your emails on-the-go. Yes web-mail works.
Only added these for options seperate from this RP articles list, some maybe covered ok? Check out very carefully if interested……
Not everything email is free, nor have native device apps, and I regret that I can’t see why you wouldn’t pay something, if you could. Please use RP links to purchase if you care about RP !
So here we go friends,
Zoho offers a mail service targeting professionals and users who take their privacy seriously, and there are also Zoho applications for things like chatting, notes, and calendar, which you can integrate with your email account. * IMAP/ POP/ Active Sync are not included in the free plan. *
[https://www.zoho.com/mail/ios-android-apps.html]
Tutanota is a private email service with options for both private and business users, and the free plan provides more than enough features for most individuals. You’ll be limited to a Tutanota domain name, a single user, and 1 GB of email storage.
Like Zoho Mail, Tutanota also offers notes and calendar tools, both of which are just as encrypted as its email service. Tutanota is completely open source and offers applications for both Android and iOS devices. See RP link please.
Neo has curated a robust business email hosting suite specifically designed to empower small businesses, freelancers, and creators with a secure & private communication platform for their sensitive business exchanges. Packed with potent features, Neo assures users of a protection level akin to enterprise-grade security, which acts as a sturdy shield for all accounts against potential threats. High-quality apps for web, Android, and iOS, providing a perfect blend of security and speed.
[https://www.neo.space/business-email-pricing-and-plan]
All emails are automatically protected with end-to-end encryption, which ensures that even MsgSafe.io staff can’t read your email messages, let alone a third party. If you have your own domain name, you can bring it with you to MsgSafe.io and set it up with ease. Just like all MsgSafe.io users, you will instantly benefit from advanced email analysis and filtering, whose purpose is to keep unwanted emails at bay. The free version of MsgSafe.io includes 1 GB of email storage space, and you can upgrade at any time if you need more. All plans include unlimited incoming emails, GPG and S/MIME support, secure 1:1 audio and video chat, and multiple other useful features. Site down –
More than a week ago!
Since ContactOffice Group launched Mailfence in November 2013, this encrypted email service has managed to earn excellent reputation with users and security experts alike. For starters, its servers are based in Belgium, a country that requires all surveillance requests to go through a court. The web-based client works great on screens large and small, but Mailfence is also working on a dedicated mobile app, and it should be out fairly soon – – as that’s been the story for quite awhile. See RP review here and the link.
Like Tutanota, Yandex automatically filters emails so that you only see content from real senders. Other messages are moved to separate folders. You can also thoroughly personalize the interface and access up to 10 GB of storage, more than is available with the free plans for either Zoho Mail or Tutanota.
Yandex offers a polished app for Android and iOS. It also includes built-in antivirus features, a customizable interface, and a timer tool allowing you to set up messages to send in advance. Yandex is a great free option for private users. Based in Russia, a country that’s known for spying on its citizens and requesting sensitive information from internet service providers. Hunt it up yourself please!
GMX may not be as well-known as some of the other items on my good or risky list, but its features match and in some cases exceed those of its competitors. In addition to strong filters for viruses and spam content, GMX provides up to 65 GB of storage for emails for free users, more than any other free service on my list here. GMX offers mobile applications optimized for both iOS and Android, making managing your inbox just as easy on a smartphone as it is on a computer. You’ll have access to the full set of GMX tools no matter what device you’re using.
Now your short list research and examination needs your footwork.
Best to RP and friend of Alex here!
Sergi
StartMail is all about EMAIL service, the absence of calendar, notes, and file storage features is not a downside.
Questionable
Why are services provided by 9/14 eyes countries advertised?
Alex Lekander
Because 9/14 Eyes is not a deal-breaker for most people, nor is it a major drawback in my opinion. It all depends on your threat model. And if you are really concerned, you shouldn’t even be using email for communications.
kevin
That’s cool. It has improved a lot compared to before. It’s been a while since I came here and I’m glad you wrote the pros and cons well. but countermail is weird. It’s expensive and it’s strange and unpleasant to have to sign up by invitation.
there is no need for an expensive email. It is a disposable email and is used only when necessary. unnecessary expenses are a waste 🙂
Neo
Why not review DISROOT.ORG Free-Email Service which includes the option of using a Tor .onion service!
Honestly, I’m shocked there is no review for them here!
Der Gluh Klown
You endorse Startmail but you took Startpage out?
Is this a mistake…? or do you recommend Startmail for email but not Startpage as a search engine?
(because they pretend its an all Dutch company but they were taken over by a US investor and using the face of the fmr Dutch CEO to get more souls…)
Alex Lekander
“or do you recommend Startmail for email but not Startpage as a search engine”
Correct. StartMail remained completely independent. It was StartPage that is now “majority owned” by an ad-tech company. This never happened with StartMail.
Der Gluh Klown
Disroot are a bunch of pirates, hiding behind aliases. They could be a bunch of 19 year olds for all we know. No faces, no company, no names, no real accountability.
BITR-aka-bumpintheroad
For the record – I’m only a customer of MEMAIL.
NOT AN AFFILIATE – But as a customer who isn’t enrolled in, nor associated with MEMAIL’s referral commission it offers, of networking the MEMAIL service to it’s customers – friends, family, companies and business partners. In any kind of self profit or gain. Is that clear? Simply a user looking at the cheapest buck per value of a usable email service.
(Though, MEMAIL offers,
“At MeMail, we value our clients! We want you to know that you can get money when you recommend us to your friends, family, companies and business partners.”
* commission and discounts do not apply to free MeMail plans or storage units.
Once the person you referred places an order with MeMail, you will get a 15% lifetime cash commission. Plus, your friends and colleagues will receive a 15% lifetime discount! You can refer as many clients as you want and as often as you want!)
[https://www.memail.com/affiliates]
What I find helpful about MEMAIL,
-Access MeMail Webmail (powered by MS Outlook®) from any web browser—a simple and easy to use interface, focusing on the email in your inbox.
-MeMail is easy to use with your favorite online, desktop and mobile apps, like Gmail, Apple Mail, Samsung Mail and others.
-Consolidate all of your inboxes into one well-managed account where you can sync and access multiple email addresses at once.
-MeMail has all the features to help you stay organized and on schedule—inbox, calendars, contact manager, task manager and more!
-MeMail is easy to use with your favorite online, desktop and mobile apps, like Gmail, Apple Mail, Samsung Mail and others.
-Automatically sort and prioritize messages into separate folders, keeping your inbox organized and under control.
OMG thats sounds like an ad, but its only information! To any value here you are to understand.
MEMAIL team, headquartered in Germany, New York, and beyond with a global group of entrepreneurs, developers, programmers, engineers and designers, worked together to make this vision a reality. With over 20 years of experience.
[https://www.memail.com/about]
Yes it took 11 days to get a response reply from the Memail customer service team.
That answer – you can create additional folders via [webmail.memail.com] in addition to using the Outlook app. With the steps and images for both paths explained.
Hope this helps and its my last mention, but I will answer questions of the Memail service for others interested in the bang for the $ ! Especially during the limited time Promo thats running.
*You have a physical mailbox with MEMAIL for storage, so its not an App that connects mail accounts like preveil Ive looked at. But with MEMAIL having a Unified Inbox where your able to access multiple email addresses at once.
Alex Lekander
Thanks for sharing BITR
BITR
🫡
Beverley
what best email
Beverley
what best free email
Just Me
I’m still looking, since my Proton email got hacked. I just noticed that Swisscows has email. I may try the free one first. Any thought on them?
BITR
My advice is try them out to see if their a usable fit. The service is with a web base mail app accessed through your browser.
(The email is encrypted at the highest security level when it is sent!)
This encryption they mention, as a free account user Ive never seen being applied.
Meant the service can be used without encryption, as say a Posteo account Ive had and did prove out to be. Again, meant that any encryption of those two services had to be user motivated/stimulated in the secure encryption of the account.
(Compared to Tuta)
So ask yourself exactly what is encrypted, where that encryption nexus flows and how? If encryption even matters to you or if a secured account will do and at what cost to you.
Ive had trouble loging in with some error that a secure connection can’t be made. That happens almost at every login but just keep trying and the window will load.
Then the email address say (newuser@swisscows.email) importantly from the part of @swisscows.email has been refused by web forms as an address being valid that it would accept. Many times this has happened to me.
[https://support.swisscows.com/swisscows-email/what-is-pgp/]
6. With Swisscows.email you have the possibility to work in the mailbox not only through the web interface, but also in other email programs such as Outlook, Thunderbird, TheBat, etc. that use the standard imap/smtp protocols.
The openPGP standard used ensures full compatibility of Swisscows.email with these programs. If a third-party email program is used, PGP key maintenance is performed in the program. Both Swisscows.email and the mentioned email programs have import/export functions for PGP keys.
bumpintheroad
Possibly a typo – here is the adjacent texts and part that trips up to not make sence.
Conclusion on secure and private email services in 2024
Regardless of your circumstances, switching to a secure and private email service[ is a will ]improve your privacy.
= )
Sven Taylor
Yes, definitely a typo. Thanks for pointing that out! Fixed 🙂
bumpintheroad
Request for review here!
1st its $99 per year
-Try HEY free for 30-days
HEY for You includes:
A @HEY.com address
-Every account includes a @hey.com address of your choosing
The HEY Calendar
-Our all-new incredible calendar is included in your account.
Built-in workflows
-The core email-redefining features in HEY are yours to use
Apps for every platform
-Use HEY on the Web, Mac, Windows, Linux, iOS, and Android
Spy pixel blocking
-HEY stops people from snooping on your activity
100GB storage space
-Plenty of room for all your emails and attachments
A HEY World personal blog
-Email the web with HEY World
Privacy, guaranteed
-We won’t use personal data to sell ads or any other purpose
[https://www.hey.com/features/]
[https://www.hey.com/security/]
Email was never designed to be end-to-end encrypted, because with email you don’t get to control what app or service the recipient uses. That’s both the curse and the magic of email. It would take changing thousands of email apps, millions of email servers, and nearly fifty years of inertia and established protocols to support end-to-end encryption in an easy, consistent, and guaranteed manner. As you can imagine, that’s not likely to happen.
You could just trust us, which would be nice, but you’d be more than forgiven if you didn’t! That’s why we engaged two separate, external security firms to review our application security. We hired Trail of Bits to review our encryption approach, and Doyensec to perform a broad application review. You can check their reports below and the actions we took:
[https://www.hey.com/security/external-audits/trail-of-bits-june-2020.pdf]
[https://www.hey.com/security/external-audits/trail-of-bits-june-2020-actions-taken.pdf]
–
[https://www.hey.com/security/external-audits/doyensec-Q3-2020.pdf]
[https://www.hey.com/security/external-audits/doyensec-Q3-2020-actions-taken.pdf]
Thank you
bumpintheroad
Another service that I found that for $99. would pay for 10 years, if you could lock in more than a 5 year term. But 5 years is the most I see. There is a limited time offer where on the 2gb .99/mo premium plan, automatic adds the promo and drops the $11.88/year to $9.99/year instead. Which has a drop-down for the term to increase that upto a 5 years term.
[https://www.memail.com/pricing#search-now]
MeMail owns and controls all email domains for security.
MeMail is fully independent and self-funded.
MeMail is an experienced provider of secure and reliable online solutions.
Furthermore, MeMail partners with the best and most reliable service providers in the industry to provide secure, trustworthy service with the best user experience.
Sven Taylor
Why are you posting so many comments about MeMail?
Are you associated or affiliated with MeMail? I may need to delete all of these promotional comments.
bumpintheroad
No way!
Just for myself as Im looking because skiff is going away. Page here, it was a comparison against spending the $99 on Hey account for a year.
Page back, because I got slag and thought by the poster a priviaged party, because I had asked what $30 on a year was anymore?
Because anywhere from a dollar a month to $3. a month for anyone paying for a secure and private email service seems the average doable expense due. Memail was just my lastest find. Look into it as I hoped others would.
I just true to the talk and stand to gain nothing in passing along knowledge I come across = )
Sven Taylor
Right on, sounds good.
bumpintheroad
Memail has no customer support as far as I can tell. I’ve contacted them with no responce on my question of how to add folders to the mailbox directory?
Now I’m one day past the “If you aren’t satisfied with our service, cancel your subscription within 14 days and we will refund your purchase amount in full.”
SEEN HERE
[https://www.memail.com/privacy]
IT’S CHEAP BUT USABLE and works for very basic email in my point of view. (Promo used so I was looking @ 9.99 yearly on 2gb storage.)
THOUGH, being my first experience with…
MeMail keeps your information safe using the highest levels of reliability, security and privacy available through our Microsoft Exchange based private cloud infrastructure. MeMail helps protect your information with advanced capabilities, including anti-malware and anti-spam filtering for all your mailboxes. MeMail utilizes Microsoft’s globally redundant servers, premier disaster recovery capabilities, and a team of security experts who monitor around the clock to safeguard your data. Your MeMail inbox comes fully protected with SSL/TLS encryption.
YOU MAKE THE CALL.
bumpintheroad
Everything could be totally private on your end, but your friend’s, or an business email service (server copy) could read the contents of your (sent-recieved) email messages pretty easily. To many times Ive seen a gmail or ymail responce from family, friends and online contacts with small local businesses. Like my trash service for instance.
What threat model would you need to adapt for general emails that contains personal information or thoughts? Coming in and going to services which makes money by selling your data to advertisers.
In 2024 do we need to create multiple email accounts on different providers for different purposes? e.g. one account for business services, one for work, one for personal use?
You’ll have to pay real money to use a privacy-focused email provider. At most only securing your end for the general mail catagory with that being the bulk of anybody’s email traffic in 2024.
But, it’s hard to be on the internet and avoid Google entirely, and at some point you’re going to need a Google Account. From setting up most Android phones to accessing a shared Google Doc, Gmail serves a wide range of audiences pretty well.
Answers and any Thoughts, Welcome
watchful
“But, it’s hard to be on the internet and avoid Google entirely, and at some point you’re going to need a Google Account.”
Totally disagree. It is quite possible to be on the internet without Google – and there are a number of things you can do to improve your privacy and security at the same time! Any of the following can be actioned separately.
Before getting to the “without Google” stuff, first remove permissions from apps on your phone that don’t need them. To start, look at the permission list for “Location”, “Camera”, “Microphone” and “File access”. Have a think about why these apps would need access to these permissions. If you think that access is unreasonable or really not justified, then remove it. (eg: Why does your bank or shopping app need to know everywhere you go? Why would non-communication apps need access to camera or microphone?) I would encourage you to decide “no access” if in doubt. If removal of any permission really does cause a problem, then you can re-enable it. However you will likely find that nothing stops working, and you benefit by the apps stop watching everywhere you go and everything you do, and reducing file access by apps that don’t need it. This improves your overall device security. Do the same with other permissions, or alternatively go through permissions for each individual app.
Use an android app store that provides open source and well-checked apps (eg: f-droid) that will supply all basic app needs, and does not contain trackers as those from the Google Play Store uses. Sometimes the same apps are available as on Play Store, but the trackers are not present. Use an anonymous access app store to access other apps that are not available on f-droid – such as Aurora Store. Alternatively you can download apps (apk’s) directly from the app vendors – but limit to trusted vendors only.
Remove apps that you no longer use, which helps remove potential risks, should improve device responsiveness, and free up space on your device’s internal storage. Sign completely out of services that you really do not need running, but will need in the future.
Ultimately, load an alternate privacy-focused OS on your Android phone (eg: LineageOS, /e/os, GrapheneOS, CalyxOS, CopperheadOS, etc) rather than using the Google stock android.
If you choose to use an iPhone rather than android, you can’t do much about being watched and monitored.
For your computer, try using Brave Browser as your default web browser, and DuckDuckGo as your search engine. (Brave also available for mobile devices.) Using a search engine such as DuckDuckGo also avoids most censorship and deliberate information steering that is standard practice with Google search results. You can also add a couple of good AdBlocker extensions onto Brave to avoid most advertising, which improves page load times as the ad rubbish is not downloaded.
Stop using dominant vendor cloud storage such as Google Drive, OneDrive, iCloud, which have open access to your files. Instead use a secure cloud storage that has End-to-End encryption and versioned storage such as sync.com , or another cloud storage with your own encryption added (eg: using open-source Cryptomator) that results in E2E encrypted storage. There are some good cloud storage providers that will provide 5 to 10GB of storage for free, though you will have to pay for more.
If someone wants to pass you some files securely and privately, or you need to receive some, then check out cloud platforms such as sync.com, pcloud, box.com, NordLocker, etc. These provide a small amount of storage for free, and provide easy sharing of folders/files.
Is email privacy important to you? If you don’t like the idea of big tech and government having access to your email storage, then stop using Gmail, Windows Mail, Outlook, Safari, Yahoo, etc. Search for a private email provider. There are numerous choices, depending whether you want a free or paid email service, whether you need IMAP or POP access, need PGP/etc, need to send documents securely to a non-secure recipient, or are happy (or not) being limited to vendor-only apps and web-based email access.
Use Linux rather than Windows or MacOS, and choose more private apps that have the equivalent function to those usually pre-installed on Windows and Mac computers. Use well-known and commonly used open source apps wherever possible, as these have been checked and poked and prodded by multiple independent developers and security experts, and problems ironed out – plus are free. Many good open source and free apps are available for Windows, Mac and Linux – so it’s possible you won’t even have to change some of your currently-used apps.
There are other techniques that can be used to provide much higher levels of privacy and security, and a few points above contain some concerns if used incorrectly, but is a place to start. Hope this helps some readers.
Gerhard Kreuzer
Hi,
want to get the Brave browser for Android, it’s not in the f-droid app store and to get it from the site directly I have to log in with some Goggle account.
This is safty?
Aha.
BITR
@Gerhard Kreuzer, sorry I missed your query.
Basically, a Google account is necessary for Android devices to access the majority of apps, sync data, and utilize integrated Google services. While alternative options exist, they may require additional setup and may not provide the same level of functionality as a Google account lends for the privacy you surrendered…may try the Amazon App Store or the brand of device you own for their own brands app store.
In case you have moved on from looking back for an answer here to your query. I’ll post something here in Sept of 2024 for you.
BITR
I could be mean, but why do you take my words out of contexts, deliberately? Your paths of discourse, that surround my passage as merit to throw light on my meaning only ! Not yours, that takes near expert skills and point-blank must be spot-on or a waste of time, then worry everytime an OS or device brand needs to update?
Choosen the name ‘watchful’ have you,,,will news-flash WATCHFUL!
https://restoreprivacy.com/google-alternatives/
bumpintheroad
Question – last May of 2022
You had a 11. count with Thexyz – A fully-featured private email service in Canada, listed here. Why not now?
Sven Taylor
Since the article was a “top 10” it just didn’t make the cut. But it may be added in a “worth mentioning” category with the next update.
bumpintheroad
Hey thanks.
I was checking into it, but if I understand it. Signing up makes two seperate places you get. The client area contains services, domains, support tickets, invoices. Seperate from the mailbox itself holding cloud storage, contacts, calendar, and team collaboration tools.
Would that be a correct understanding? Would the same login credentials be used for both areas?
Thanks = )
bumpintheroad
Thexyz staff answered my question with.
(Yes, we require an email address to sign up. It could be the same email address as your mailbox with us if you wish.)
That is not made clear or that they want first & last name and an address. The latter, I suppose is for billing purposes with cards.
bumpintheroad
You could call this article a top 10+ just stop numbering after 10.
After looking at Cyberfear mailbox size 1GB, $1.50 month $18. for year.
Fastmail mailbox size 2GB, $2.50 month $30. for a year.
And, Thexyz mailbox size 25GB, $2.95 month $29.95 for a year.
Thexyz seems a value before measuring the security offered.
At that value it’s .08 a day basically!