The problem with securing email is that it needs to be encrypted end-to-end to avoid it being intercepted while traveling through intermediary networks and the recipient also needs to have the same encryption system. These systems, although free, are often hard to setup, and trying to convince the other party of the importance to do so may be futile. The way email protocols work, also facilitate data leakages, due to the nature of the email sitting on a server waiting to be retrieved. However, if you still need to use email communications for sensitive data, or simply want to keep your emails private, there’s a fair selection of privacy advocates offering encrypted secure email services free of cost.
Without a doubt, ProtonMail is a leading name in the world of encrypted email services. When the leaked documents by whistleblower Edward Snowden first surfaced, scientists at CERN, the European Organization for Nuclear Research, discussed their concerns over NSA surveillance and other similar programs. A group of physicists and engineers worked together to create a secure email service like no other.
ProtonMail was born and it quickly gained notoriety among the privacy community thanks to its bold stance against government surveillance. They keep full control of all their mail servers in Switzerland to avoid any forced shut downs or requirements to provide any server data to U.S. or other foreign surveillance organizations. Although nowadays, even Gmail offers some level of end-to-end encryption, Forbes has called ProtonMail “the only email system the NSA can’t access”.
ProtonMail stands apart thanks to their strong commitment to privacy. After a successful Beta launch, ProtonMail expanded and it currently offers plans for individual and business users. ProtonMail offers full end-to-end email encryption, from start to destination. The encryption happens at the user’s level, making it impossible for ProtonMail to see the original content. The email is already encrypted when it reaches their Switzerland-based servers and the recipient’s email password is the only key to that email.
Unlike most other secure email providers, ProtonMail does not require any kind of setup, allowing just about anyone to easily use the website on their browser on all devices thanks to a clean responsive design. ProtonMail does not have the keys to decrypt any of the emails sent across their network, unlike services like Gmail, who do have the power to decrypt email messages. If authorities would request keys, they would not even have the possibility to provide them as they only retain encrypted data on the servers.
Strategically based in Switzerland, ProtonMail will decline any third party requests from overseas organizations or governments. Local government values privacy and has a very low wiretapping and data seizure track record, used explicitly to prevent crime. ProtonMail has refused offers from various investors to keep their integrity intact. Instead, they have opted for crowd funding methods and affordable paid plans to keep them afloat, allowing their user base community to donate to the cause, while keeping conflict of interest investors at bay.
ProtonMail offers a free plan (with limited features), that allows you to discover the security advantages of the service. This plan gives you up to 500MB storage and 150 messages per day. However, if you want to enjoy priority support, higher storage capacity, more emails per day and additional features, the best option is to upgrade to a paid service. The prices start at $4 USD per month. The provider also launched a VPN service called ProtonVPN and if you opt for the Visionary plan, the VPN is included.
While ProtonMail offers an impressive list of features and it is one, if not the most popular service of its kind, there are other options that deserve recognition when it comes to security. Mailfence is one of them. For nearly two decades, this email service has been offering a reliable and secure way to manage email communications. Mailfence is based in Belgium, a country with strict privacy laws. Thanks to its location, Mailfence doesn’t have to comply with request from US agencies like the NSA. Mailfence doesn’t feature third-party ads and it doesn’t have marketing trackers in place. Mailfence’s SSL/TLS certificate doesn’t use any certification from US organizations in the certification chain. Since Mailfence’s code is open, it can be audited independently by security experts. In addition, the provider has implemented a transparency and warrant canary report that will alert you in case any data requests are received.
To secure your emails, Mailfence uses OpenPGP end-to-end encryption. Thanks to this, the information is encrypted on the sender’s system and it can only be decrypted by the intended recipient. No one else but the person you sent the message to, will be able to read it. While the private key is stored on Mailfence’s servers, they are not able to read it since it is protected with your passphrase through AES-256. Nobody else, not even Mailfence, will be able to decrypt your messages. It is also worth noting that Mailfence supports digital signatures. This is a feature that provides stronger security since it prevents forgery and impersonation. Digital features ensures the integrity and authenticity of your messages.
In addition, Mailfence features an integrated keystore, which lets you create, import, publish and manage OpenPGP keys easily. There is no installation needed and apart from generating a key pair, the keystore allows you to import pre-existent OpenPGP key pairs. You will have complete control to complete your tasks. The keystore also supports advanced key management operations. With Mailfence, you will be able to generate or import multiple key pairs, which is something that other email services don’t offer. Mailfence also uses two-factor authentication, Perfect Forward Secrecy and HTTP Strict Transport Security (HSTS), which is enabled on all web pages. In addition, Mailfence offers convenient functionality (such as calendars and groups) that will allow you to manage your email conversations without hassle. There is a free plan available, and the paid plans start from 2.50 EUR.
Tutanota strives to offer a simple solution that also provides a high level of security. All the emails sent and received using this service are encrypted throughout their entire journey from the sender to the receiver. Third-parties won’t be able to access the private encryption key and to send secure emails to other Tutanota users, you just need your email account. It is also possible to send messages to people who don’t have a Tutanota account. All you need to do is to provide a password to that person so that they can access the email. This provides strong protection for your email communications, but just make sure that you send the password information through a secure communication method. For instance, you can use Telegram or other encrypted messaging app.
Tutanota’s email interface is user-friendly and easy to get used to. You can decide if you want to send an email encrypted with a password, or if you don’t want to use password protection. For encryption, Tutanota uses AES and RSA. The service also offers the chance to create custom folders that allow you to organize your emails in an effective manner. Tutanota also allows you to attach files. The provider supports paid solutions, but it can also be sued for free. Tutanota offers end-to-end encryption as well. Just keep in mind that the servers are located in Germany and while this country has strong privacy laws, there are also concerns about the surveillance methods used by local agencies. In addition, Germany is part of a spying alliance known as the Fourteen Eyes.
Hushmail is a popular service, with nearly twenty years of experience. It is designed to keep your emails protected using advanced encryption methods. Not even Hushmail staff will be able to read your emails. Only the person who has the password can access them. It is possible to send encrypted messages, not only to other Hushmail users, but also to people who use other email services. Husmail’s interface is modern and easy to use, allowing you to send and receive encrypted emails without issues. The service supports two-step verification, as well as IMAP and POP. You can import contacts using a CSV file and the service features 10GB storage. Hushmail also offers spam filter and auto-responder.
One thing to keep in mind is that with Hushmail, you are required to provide an email address and phone during the registration. This may cause concerns among privacy conscious users. Hushmail supports email signatures and it allows unlimited email aliases that allow you to disguise your online identity. Hushmail offers a max attachment limit of 20MB per file and the premium service provides 10GB of storage. Hushmail has become the favorite choice for many people due to ite ease of use. However, since it is based in Canada (meaning that it is within the jurisdiction of the Five Eyes spying alliance) and the password strength is not enforced, it may not be the best choice if you want the highest level of privacy.
While CounterMail’s interface is not exactly modern and appealing, the main focus of the service is security so the appearance is not relevant at all. The system is updated in a regular basis to ensure the highest standard of security. CounterMail also supports end-to-end encryption between the sender and receiver. It uses OpenPGP to keep your emails protected and ensure that your account is not compromised. CounterMail uses diskless data servers to prevent others from interfering (reading or writing) with the data sent through the servers. CounterMail is also recognized thanks to its transparency and practical features. It offers IMAP support and it gives you the chance to modify multiple settings in your account.
CounterMail doesn’t keep logs of the IP address you use to access the service and it has a password manager included, as well as password protection. This provider also uses anonymous email headers and it supports email filters to help you get through your emails in a productive way. The service also provides cloud storage starting with 250mb and above. This Sweden-based provider offers affordable plans (one year of service costs $59, which means that one month of service costs only $4 USD. Although the interface and the website are outdated, CounterMail is a well-established solution that also supports physical security with a USB device.
Other Secure Email options
Riseup is focuses on providing secure communication options for activists. In order to use RiseUp’s services, you will need to request an email address or get an invitation from users you know. It is important to keep in mind that due to the nature of the service, during the signup process, you will be asked to answer questions about your political beliefs. No logs of your IP addresses are kept and there is an on-screen keyboard available to support secure login in case you are using a public computer or are concerned about keyloggers. RiseUP supports Perfect Forward Secrecy and POP/IMAP.
TorGuard is known for its VPN service, but this provider also offers an encrypted email that is designed to protect your email communications. It supports OpenPGP and it offers effective protection against Man in the Middle Attacks and other threats. Your emails won’t be accessible to others. Apart from its security features, TorGuard offers practical features such as easy key storage, notes, calendar and tasks. There are different plans available, including a free one. The yearly paid subscriptions costs $49 USD.
If you are feeling confident about your technical skill, you can try GnuPG, a free implementation of OpenPGP. It will allow you to encrypt and sign your email communications. GnuPG offers a flexible key management system and it supports S/MIME and Secure Shell (SSH). The set up is a bit complex, but it is a free and comprehensive solution to protect your data.
Bitmessage is another option that you can consider. This service allows you to use the Bitmessage network like you use your email, without having to use additional software. The service is free, but it won’t spam you with ads. There is no tracking with Google Analytics or other srervices and you can exchange emails without hassle. You can continue using your regular email client, but adding security and other convenient features
Based in Switzerland, NeoMailBox is a solution with over 15 years of experience. It provides a secure and fast email service with strong encryption and anti-virus protection. NeoMailBox supports unlimited aliases, SSL and OpenPGP encryption and it can also hide your IP address. NeoMailBox is easy to use and it supports unlimited disposable email addresses.
ShazzleMail was established in 2006, but it only completed Beta testing recently. The new version will be available in 2020. In the meantime, those who have already downloaded version 1.0 can continue using the service.
This provider offers a zero-knowledge solution that offers a high level of security, through its encrypted email. CryptoHeaven delivers end-to-end encryption and it gives users the chance to access their hosted online email and online storage account from any location.
Autistici/Inventati or A/I is an Italian service created by a team of activists, tech fans and experts committed to help users to enjoy a free and secure service to protect their data. Autistici/Inventati supports not only email, but also other anonymity services such as personal VPN, forums and chat. The service uses Roundcube webmail interface and there are about 25 domain names available. To sign up, you need to request an account and install their self-signed TLS certificate. The email supports POP/IMAP and PFS, as well as antivirus and spam filtering. While the service is free, since it is ran by volunteers, we encourage you to support them with a donation.
Remember to use email on extremely sensitive data only if necessary, but if we talk in more realistic terms, the majority of us don’t have anything to hide. It comes back to the simple principle that no one else should be reading your emails but you. Think of how creepy it would be if the mail man read your mail back when hand written letters prevailed and email was not even a term yet. The act of opening someone else’s mail is not only frowned upon, it is criminal. Why should it be any different with our emails? The safety issues are also very uncertain and complex, as collected data mining can allow for a collection of data to be used on a sparse time lime