Privacy & Data Protection

Secure Email Providers: Comparing 5 Services 2022

Author
Janis von Bleichert
Last update

Do you ever think twice about sending important or sensitive information via email? If you have any concerns about the safety of your email traffic, we recommend taking a closer look at your provider's commitment to user privacy. Apart from Yahoo, Gmail, and GMX, there are plenty of other services that take a more active approach to their user's privacy and digital security.

In this article, we'll let you know just what sets these apart from their competitors and which are the best.

What Are Secure Email Providers?

Secure email providers are messaging services that pay extra attention to their users' security and privacy. This doesn't mean that regular email services are "unsafe" in comparison, however, data privacy isn't their highest priority.

In order to enhance user-friendliness, guarantee improved performance, or just generate profits, services like Gmail or GMX make compromises, which can adversely impact their users' safety.

Secure email providers differ in terms of the following aspects:

Encryption of the sender's data
Secure email services encrypt emails on their users' devices, meaning that only the user has the encryption key for them. In this way, email services are unable to access your emails and thus, cannot share them with authorities. This type of encryption is referred to under a variety of names depending on the provider. With Proton Mail, for example, it's known as "Zero Access" encryption, whereas Tutanota calls it "end-to-end encryption".

End-to-end encryption
Classic email services also offer encryption. Gmail, for example, uses Transport Layer Security (TLS) encryption to secure emails between your computer and the server. However, when emails are routed to a third party, the encryption standard's security depends upon that utilized by the recipient. In addition, Google scans your emails automatically in order to integrate smart features.

In contrast, secure email services rely more heavily on end-to-end encryption (E2EE). This means that emails are encrypted by the sender and only then can they be decrypted by the recipient. Between their dispatch and receipt, no one can view their contents.

E2EE is particularly straightforward when both the sender and recipient use the same, secure email program, or if the recipient utilizes a different email solution which has PGP encryption. In such cases, emails from a wide variety of programs, such as Proton Mail, are automatically supplied with end-to-end encryption.

Things become somewhat more complicated when you use a secure email program and your intended recipient has a regular email solution that lacks PGP. However, even for such eventualities, many email providers are well-prepared: It's possible to send password-protected emails to recipients, which will, in turn, contain a link that forwards the recipient to an inbox operated by your provider that is only accessible with the password. In this way, those you communicate with can benefit from E2EE standards, even if their email service doesn't offer these, such as when sending an email from a Proton Mail account to a Gmail one.

For additional information on encryption standards and methods, be sure to check out our EXPERTE.com guide to email encryption.

Automatic encryption
Generally speaking, end-to-end encryption standards are not additional features buried in hidden configuration or settings menus, but activated by default and cannot be disabled. As such, you won't need much technical know-how in order to safely use such email services.

Open source and externally audited
Marketing departments are notorious for making promises that digital services are rarely able to actually fulfill. Only by committing to transparency is it possible for secure email services to show how serious their security actually is. For this reason, applications are often open source, allowing anyone to inspect them for weaknesses. To augment this, plenty of secure email services undergo audits conducted by independent third parties in order to identify potential security risks.

Protection from authorities
Not only criminals worry about prying eyes: Activists, government critics, and political opponents are all interesting targets for security services. For that reason, secure email services are often based in countries with some of the strictest data privacy laws and that are not parties to various intelligence-sharing agreements. Proton Mail is headquartered in neutral Switzerland, where the provider only has to answer official requests from Swiss authorities, but not those of foreign agencies.

Two-Factor Authentication (2FA)
Not only the content of your emails but also your account data needs to be secured. To facilitate this, secure email services support two-factor authentication. This means that in addition to your password, you'll need a second factor in order to access your email account, such as a code that is sent to your mobile phone. In this way, even criminals with access to your password will be unable to harm you or your account.

Protection against tracking
Secure email providers also protect against tracking, by automatically blocking tracking pixels and metadata which reveals information about you, your browser, and the network you're connected to.

Additional security features
Lots of secure email solutions offer additional features or add-ons. As an example, Proton Mail has an official Onion website for Tor users, providing an additional layer of security and anonymity. There are also plenty of other solutions that include things like cloud storage, a VPN, or a calendar in their packages.

Taking advantage of these and other features is possible through a variety of different email providers. But, which service is the best?

Secure Email Providers: Our Top 5

We examined several secure email solutions. These are our Top 5:

1.

Proton Mail: Swiss Email Security

Proton Mail is perhaps the most well-known secure email solution on the market. The open-source service based in Switzerland offers end-to-end encryption of your messages based on the "Zero Access" principle. In a nutshell: Proton has no access to messages you send.

Proton Mail also offers several more practical features, such as:

  • Password-protected emails
    You can protect outgoing emails with a password, which comes in particularly handy when sending messages to non-Proton Mail addresses.
  • Self-deleting messages
    Proton Mail users can configure messages to automatically disappear from their recipients' inboxes after a specific amount of time has elapsed. This also works with emails that are sent to other Proton Mail accounts, as well as password-protected messages that are sent to the addresses of other email providers.
  • Encrypted contacts
    Owing to digital signatures and "Zero Access" encryption, Proton Mail shields your address book from prying eyes and manipulation.

Proton Mail is one of the most popular secure email providers.

Alongside its secure email service, Proton also offers a few additional solutions: With ProtonVPN, you'll be able to establish safe connections and get around country or region restrictions. ProtonDrive is the developer's secure cloud storage solution, while ProtonCalendar is a scheduling app that's built into Proton Mail.

Whistleblowers and activists should know that Proton Mail doesn't reject collaboration with authorities out of hand. In 2021, it became known that the provider shared the IP address of a climate activist owing to a request from Europol. Proton Mail justified its decision by arguing that the individual in question had transgressed Swiss laws.

Cooperating with authorities definitely shattered the positive image many privacy enthusiasts had of Proton Mail. However, owing to its top security standards, wealth of features, and the fact that it only shares data with authorities in exceptional cases (which, to be fair, Proton Mail makes clear on its website), the service is still our favorite.

Proton Mail Pricing:

  • $0 – Proton Free: 1 email address; 1 GB storage; 3 folders and categories; 150 messages per day
  • $3.99Mail Plus: 10 email addresses; 15 GB storage; 1 user-defined email domain; unlimited number of folders, categories, and filter lists; unlimited messages per day
  • $9.99 – Proton Unlimited: 15 email addresses; 500 GB storage; 3 user-defined email domains; additional extras
2.

mailbox.org: Secure Email Solution Including Calendar, Cloud Storage & Video Conferences

mailbox.org is a secure email provider owned by the Berlin-based Heinlein Support GmbH. Email encryption is achieved via PGP, a type of asymmetric encryption based on pairs of encryption and decryption keys. This means that users can send and access their emails via the mailbox.org user interface, even on unrecognized devices.

In addition, mailbox.org comes integrated with a number of office programs, making the service a secure alternative to business solutions such as Google Workspace. These include cloud storage, video conferences, calendars, and task lists.

mailbox.org positions itself as a secure alternative to common office solutions.

Particularly practical is that mailbox.org's user interface is comprised of different modules, which can be customized and modified to your preferences. In this way, it's possible to personalize your user experience. Still, the interface itself is somewhat dated-looking and shows its age when compared side-by-side to platforms like Google Workspace.

Pricing of mailbox.org:

  • 1 € (per user per month) – Light: 2 GB storage; 3 email addresses
  • 3 € (per user per month) – Standard: 10 GB storage; 25 email addresses; 5 GB cloud storage; regular support
  • 9 € (per user per month) – Premium: 25 GB storage; 25 email addresses; 50 GB cloud storage, priority support, additional extras

As mailbox.org is based in Germany, its prices are in Euros, which will be automatically converted from your local currency by your digital payment provider.

3.

Tutanota: More Security Thanks to Asymmetric Encryption

Tutanota is a secure, open-source email solution that offers end-to-end encryption. In contrast to mailbox.org, Tutanota doesn't utilize PGP, instead relying on a combination of AES (with 128-bit key length) and RSA (2048 bit).

As such, its encryption process consists of both hybrid symmetric and asymmetric algorithms, ensuring even greater security for emails sent to other Tutanota addresses. Those dispatched to external recipients are symmetrically encrypted with AES 128-bit encryption.

In order to register with Tutanota (free), you won't need to supply any personal information. However, it will take a little while before you can send your first emails as up to 48 hours can be needed for a new account to be enabled.

Tutanota offers a free version which includes 1 GB of storage.

Tutanota offers desktop, Android, and iOS apps, along with its web client. The service also has an encrypted calendar in its catalog, meaning that the software is well-suited for companies and businesses.

Tutanota Pricing:

  • 0 € – Free: 1 user; 1 GB storage; 1 calendar; only Tutanota domains
  • 1 € – Premium: multiple users (1 € per person); 1 GB storage; 1 unique domain, multiple calendars; 5 alias addresses
  • 4 € – Teams: multiple users (2 € per person); 10 GB storage; 1 unique domain, multiple calendars; 5 alias addresses; share complete calendars; additional extras

More subscription combinations can be found on Tutanota's website.

As Tutanota is based in Germany, its prices are in Euros, which will be automatically converted from your local currency by your digital payment provider

4.

Posteo: Security Meets Sustainability

Posteo doesn't only advertise its security, but also its sustainability: The Berlin-based provider's servers and offices are run entirely on Green Planet Energy, sourced renewably from German and Austrian wind and water mills.

While that's nice, this is a guide to secure email, and Posteo's focus is squarely on security and privacy. New users can register without supplying any personal information. When sending emails, Posteo encrypts your communications with TLS. End-to-end encryption (with PGP) is also possible, however, you'll have to configure it on your own.

Posteo offers extensive guides to the encryption standards it offers in its Encryption Overview.

You can anonymously purchase a subscription to Posteo.

It's possible to anonymously pay for Posteo: Simply load your inbox with credit before your monthly payment is due.

Posteo pricing:

  • 1 €: Posteo mailbox; 2 GB storage; 2 alias addresses; 3 calendars
  • Additional storage: 0,25 € per GB per month
  • Additional alias addresses: 0,10 € per month
  • Additional calendars: 0,10 € per month

    As Posteo is based in Germany, its prices are in Euros, which will be automatically converted from your local currency by your digital payment provider
5.

StartMail: Secure Email From the Creators of Startpage

Perhaps you've heard of a search engine called Startpage, which we introduced in our guide to anonymous search engines. The same provider brings you our #5, StartMail.

StartMail offers end-to-end encryption with PGP. In case you want to send an email to a recipient who doesn't use encryption, you can password-protect the message. In addition, it's possible to sign your email in order to assure the recipients of its authenticity.

StartMail is a secure email program developed by the team behind Startpage.

In addition, StartMail will also protect you against email tracking: External images found in incoming messages are blocked by default. Similarly, your IP address is obscured in the headers of emails you send.

StartMail pricing:

  • $3.00 – Personal: 1 StartMail email address; 10 GB email storage; unlimited alias addresses
  • $3.50 – Custom Domain: Email address with your domain; 10 GB email storage; unlimited alias addresses; additional extras

StartMail doesn't offer a free version of its service. You can, however, test the software out for a week at no cost, however, you'll need to input payment information.

Conclusion

Supposing that you particularly value the security and privacy of your email correspondence, you should definitely take a closer look at secure email providers like Proton Mail, mailbox.org, or Tutanota. Thanks to their adherence to the zero-access principle and provision of end-to-end encryption, these services ensure that only you and your recipients are privy to the contents of your digital messages.

In addition, email services like those we've listed here typically offer extra features, such as calendars, cloud storage, or video conferencing tools. The extent and number of these depend on which service and subscription package you select. In terms of cost, expect to pay between $1-10 per month. Some services, such as Proton Mail and Tutanota, make the basic versions of their platforms available at no charge.

FAQs

What sets secure email providers apart from regular ones?
Secure email services place greater emphasis on the security and privacy of their users than regular email providers do. For example, they offer end-to-end encryption, which guarantees that only you and your intended recipient can access the content of your message. Typically, they're also open source, meaning that their source code can be viewed and probed by anyone for weaknesses.

Do I need a secure email provider?
This depends on how private you want your email correspondence to be. Regular email services are also safe, however, they have several weaknesses which secure providers don't suffer from. For example, regular email services can run into trouble when sending an email to someone who doesn't have as robust security as you do. Secure email is a great option for journalists, activists, whistleblowers, and others who wish to protect themselves and those whom they communicate with.

Can I use my domain?
Lots of providers, including Proton Mail and mailbox.org, make it possible to use your own domain. However, you'll usually need to pay something extra for this capability.

Are free email services safe?
This depends on the provider. A number of the secure email services from our Top 5 offer free versions and are recommended, such as Proton Mail and Tutanota. These lack several features which their paid counterparts include, but don't compromise security in any way.

Author: Janis von Bleichert
Janis von Bleichert studied business informatics at the TU Munich and computer science at the TU Berlin, Germany. He has been self-employed since 2006 and is the founder of EXPERTE.com. He writes about hosting, software and IT security.
Other languages:
Deutsch