Best Secure & Encrypted Email Providers
When it comes to email, it is a very difficult communication medium to properly secure. In fact, if secure communication is your priority, you should avoid using email all together. With all recent revelations made by Edward Snowden, the issue has become much more apparent to the general public that was much less aware how easily email could be snooped on. Earlier this year, encrypted email services Lavabit and Silent Circle both shut down their servers over giving in to the demands of the NSA to infringe on their privacy policy. The story quickly circulated that Edward Snowden had an account with Lavabit and probably played an important role in the pressure put on them by the NSA.
The problem with securing email is that it needs to be encrypted end-to-end to avoid it being intercepted while traveling through intermediary networks, and the recipient also needs to have the same encryption system. These systems, although free, are often hard to setup, and trying to convince the other party of the importance to do so may be futile. The way email protocols work, also facilitate data leakages, due to the nature of the email sitting on a server waiting to be retrieved. However, if you still need to use email communications for sensitive data, or simply want to keep your emails private, there’s a fair selection of privacy advocates offering encrypted secure email services free of cost.
ProtonMail
The one that stuck out the most over all other secure email services is ProtonMail. When the leaked documents by whistleblower Edward Snowden first surfaced, scientists at CERN, the European Organization for Nuclear Research, discussed their concerned over NSA surveillance and other programs alike. A group of physicists and engineers collectively put their massive computing capabilities to work at creating and secure email service like no other.
ProtonMail was born and it quickly gained notoriety among the privacy community with its bold stance against government surveillance. They kept full control of all their mail servers in Switzerland to avoid any forced shut downs or requirements to provide any server data to U.S. or other foreign surveillance organizations. Forbes has called ProtonMail “the only email system the NSA can’t access” but what makes them better than most other encrypted email providers? Even Gmail now offers some level of end-to-end encryption.
ProtonMail had a huge response to their Beta launch and are currently at full server capacity and expansion is underway. You can still head to their website and reserve your own @protonmail.ch address and invitations will be sent out as soon as server capacity allows.
- ProtonMail offers full end-to-end email encryption, from start to destination. The encryption happens at the user’s level, making it impossible for ProtonMail to have ever seen the original content. The email is already encrypted when it reaches their Switzerland servers and the recipient’s email password is the only key to that email.
- Unlike most other secure email providers, ProtonMail does not require any kind of setup, allowing just about anyone to easily use the website on their browser on all devices thanks to a clean responsive design.
- ProtonMail does not have the keys to decrypt any of the emails sent across their network, unlike services like Gmail, who do have the power to decrypt email messages. If authorities would request keys, they would not even have that possibility, only retaining encrypted data on the servers.
- Strategically based in Switzerland, ProtonMail will decline any third party requests from overseas organizations or governments. Local government values privacy and has a very low wiretapping and data seizure track record, used explicitly to prevent crime.
- ProtonMail has refused offers from various investors to keep their integrity intact. Instead, they have opted for crowd funding methods to keep them afloat, allowing their user base community to donate to the cause, while keeping conflict of interest investors at bay. This decision has proven to be fruitful as they have recently surpassed 200% of their latest campaign goal amount.
- ProtonMail will be offered free of cost, but with limited storage. As an additional revenue stream, users will be able to pay $5 for 1Gig of inbox storage. The funds are essentially for expansion and maintenance of the infrastructure.
That’s a whole lot of support for one email service provider, what about everyone else? Well, there are many other encrypted email services available, but with recent revelations about XKeyscore, it is known that using these providers from any country, where privacy law enforcement is weak or strong, remains very risky. Many accusations stemming from as early as 2007 claim that some of the most popular providers such as HushMail failed to provide adequate protection against the NSA. We cannot confirm or deny these claims, but due to the nature of how emails work, it is hard to fully vouch for any secure email service. Instead, we have compiled a list of free and paid providers and tools available that you can have a look at.
ProtonMail – Recommended
TorGuard.net – High Encryption secure VPN service to match with encrypted email.
GnuPG – Implementation of OpenPGP for any email service, requires advanced setup.
Remember to use email on extremely sensitive data only if necessary, but if we talk in more realistic terms, the majority of us don’t have anything to hide. It comes back to the simple principal that no one else should be reading your emails but you. Think of how creepy it would be if the mail man read your mail back when hand written letters prevailed and email was not even a term yet. The act of opening someone else’s mail is not only frowned upon, it is criminal. Why should it be any different with our emails? The safety issues are also very uncertain and complex, as collected data mining can allow for a collection of data to be used on a sparse time lime.
PGP encrypted, SSL connected Secure E-mail from https://privatoria.net/. It is developed for really secure and anonymous communication. The history of communication is removed from the system every 24 hours. You can also change your IP to send anonymous e-mail and be sure no one could track you.
Another good service is Sub Rosa from https://novo-ordo.com. They use only encryptrd links for IMAP, POP, and webmail. Webmail can also be accessed through TOR. Anonymous and self-destructing email are availableto subscribers.
Its like privatoria doesnt allow any non-alphabet characters in the password field, which is hilariously bad in 2015.
Its like privatoria doesnt allow any non-alphabet characters in the password field, which is hilariously bad in 2015.
—
Maybe you mistaked? My https://privatoria.net/ password includes non-alphabet characters, there is no problem.
https://sigma.email operates HSE email services that are NSA Bullet Proof. with AES256 drive encryption and random unknown keys.
Ah, nope. This one has holes. PROTRON is the ONLY one, NSA safe.
CounterMail (based in Switzerland) offers diskless web servers. Now that is privacy for you.
only Protonmail!!!
Hi there!
I just read your blog and if it’s ok for you I would suggest you another website to add to the list.
I introduce myself . . . I’m Niko, nice to meet you!
I’m the owner of “https://digitalenvelopes.email”, I’m a geek guy, FLOSS fanatic and a linux system administrator. I made up this website to give a chance to my friends,
and actually to all the people that wanna try it, to use something different from big email providers.
We all know privacy is a big problem with big email providers 😉
It’s built 100% using open source software.
With digitalenvelopes.email you can choose between 3 different webmail interfaces
(Horde, Roundcube, Rainloop) and all of them come with the possibility to use pgp encryption,
although unencrypted messages can also be sent.
Horde, Roundcube, Rainloop are all at last version and keep updated.
There are six available domains.
An email is required to register, but registration is immediate so this can be a disposable one.
Although the service is technically ‘free’, digitalenvelopes.email is run just by me,
and therefore relies on donations.
Ads: no
Aliases: up to 5
Terminated if inactive for: 180 days
Encrypted by default: yes
Inbox size: 1GB but effectively unlimited (support for more)
POP/IMAP: yes
Based: Italy
Perfect Forward Secrecy: yes
Privacy policy (https://digitalenvelopes.email/blog/index.php/privacy-policy/)
JavaScript required: Yes
Antivirus/spam filtering: Clam AV, SpamAssasin
User IP in mail headers: No (webmail & SMTP)
Signup through Tor: No
Max attachment: 50MB (support for more)
Severs in: France, Canada
Connection Security: TLS 1.2, AES256 GCM and SHA384 with ECDHE RSA
Hi,
I read your review of ProtonMail and wanted to tell you about my company’s “ProtonMail killer”. We call our technology Envelope-Content Splitting (ECS) and when added to a mail client (we currently offer one mobile product, ChiaraMail for Android, available for free from Google Play, with more implementations coming), makes the mail content invisible to eavesdroppers, such as mail servers and the NSA. Rather than explaining in words how ECS works, here’s a short animation that shows ECS in action: https://www.youtube.com/watch?v=p6FqbYWFCCY
Here are some points to consider:
1. No encryption is needed to secure mail content in transit.
2. According to Qualys SSL Labs, the ChiaraMail content server is more secure than Google’s or ProtonMail’s (cf. https://www.ssllabs.com/ssltest/analyze.html?d=google.com&s=74.125.239.142, https://www.ssllabs.com/ssltest/analyze.html?d=protonmail.com&s=185.70.40.106 and https://www.ssllabs.com/ssltest/analyze.html?d=chiaramail.com)
2. Besides offering unbreakable in-transit security, ChiaraMail for Android provides 100% protection from spoofing and phishing attacks, gives senders the ability to change or delete their e-mail content after the message is sent, send large attachments directly to recipients, without requiring the use of kludgy third-party storage services, such as Dropbox or Google Drive.
3. Unlike ProtonMail, ECS works seamlessly with any e-mail address.
I welcome your review of our product and look forward to speaking with you soon.
Regards,
Robert Uomini
CEO, ChiaraMail Corp.
Robert Uomini
CEO, ChiaraMail Corp.
Ok, Robert tell me who I am and where I’m at and I will try your product.
Rob…. Really like the concept but you need to explain your business far better than the website does. On the face of it, your business model has some very critical issues which are not clearly explained or addressed.
1. Amazon Web servers… Seriously. I liken this thought process akin to allowing the fox in to the chicken coop. Why do you think that Protonmail set up in Switzerland? I needn’t provide the countless links discussing the closure of various organisations due to USA issues.
2. Server encryption. Very little is explained on your site:
“Your original content is automatically encrypted at the source using Advanced Encryption Standard 256-bit, a symmetric key encryption methodology widely recognized as one of the strongest in the world.
Once encrypted, your content is securely delivered to a content server using Hypertext Transfer Protocol Secure (HTTPS), the same secure protocol used by financial institutions and e-commerce sites
Can the government order ChiaraMail to give them my stored e-mail content?
Yes. However since the message content is encrypted by default and only the sender and recipients have the key to decrypt the message, neither ChiaraMail nor the government would be able to decrypt and read the content stored on the content server without access to the original e-mail message.”
All this opens up many questions but perhaps the basic one is the encryption methods used, are they based on “Open Source”? What Types? It is very short on detail. It suggests client side encryption but the process and details is non-existent. To be credible, you need to address the obvious shortcomings….
This could be a really rock solid and perhaps as bullet proof as you could get…… but you need to explain yourself much better than at present. Perhaps a greater focus on disclosure?
Rob
You have some issues on this front too. Run a test and see what you get:
https://www.ssllabs.com/index.html
The “A+” you claim in your link is out of date. I suggest you refresh and re-run the test. It clearly shows “B”. You may wish to upgrade on a few fronts including the misleading info on your website.
Tutanota seems to work..
Yes, it is second to PROTRON
Hey Robb,
Just a random question since you appear knowledgeable and I am one:)
Have you heard of startmail?
It was created by the people who made smartpage and ixquick,which I believe are suppose to be safe search engines. Very new to this, just started looking into it and at extreme beginning of learning curve with this stuff,but I do feel having our emails read, no matter how boring,mundane and non important they may be, is un-constitutional. This was referred to me but I don’t see anything on it.
Oops, that was to say,,,I am NOT, not I am one. Sorry:)
Definitely https://tutanota.de
It’s open source and the only one fully encrypted. Proton does not encrypt contacts, which I found out after a password reset – contacts were still readable with the new password. That made me switch because it’s a total no-go.
FORBES picked PROTRON. We use it and it has been tested by….well, it is the ONLY safe one against NSA.
Which browser are you using with protonmail?
Protonmail is based in Switzerland and does not have to follow/fall under USA law and jurisdiction, HOWEVER, Protonmail has now teamed up with Facebook and facebook falls under USA law and jurisdiction and P.R.I.S.M (PRISM) , , , go figure if protonmail is 100% safe or not when they have teamed up with FaceBook….. I’m still looking for a safe email provider, NOT based in the US and who does not have any involvement with USA since NO USA based storage or email provider are safe from NSA peeping and Snowden is a living proof of that NSA leaks… If you want safe data and email do not use storage and email companies based in USA. my 2 cents
For Daniel. Proton has not “teamed up” with Facebook, they simply have a Facebook page, they use to advertise. Please cite your source that Protonmail emails are accessible to Facebook.
Check shazzlemail.com It was developed for really secure communication. You mobile device is your email server. Content will go from one device to another directly without passing any servers. They have solution for medical business shazzlemd.com
For robb – you are a bit retarded ain’t you ? It’s called PROTON, not PROTRON, you moron!
Maybe he wants to hide from the liteal search algos which will exclude his site/posts based on inkowrekt spelleeng. Geneyus , isn’t he ?
I would like to add http://www.ghostmail.com to the list. Using the Zero-Knowledge concept we now have encrypted E-mail, Chat and Storage.
Hufu is server less. It only means that users of this app should not be worry about Hufu recording their personal information
I found Invmail to be more secure when i compared against Protonmail etc its also they use 4096 bit RSA’s. they are in open beta, they also offer private solutions as well as Video/Voice Calls, and Messaging over encryption channels.
You forgot about tutanota.com
Not sure why one would be rocking about ProtonMail so much. It is not any better than tutanota.com which comes free with 1G of space.
ProtonMail seems to be just a good business oriented email provider with bunch of folks coming from elite universities claiming that switzerland is the safest country for encrypted email provider. I don’t see a reason why it has to be in Switzerland, since it should be encrypted in a way that there is no possibility for decryption. Tutanota does it that way and then it doesnt matter anymore where the servers are, except of the USA where such email provider company cannot even start to operate.