For most communications, sending an email is fine, but for sensitive information, you’re taking a risk if you just send a normal e-mail. In fact, it’s actually far more secure for you to give your credit card number to a representative over the phone, or, even better, by utilizing a properly secured and encrypted e-commerce site. If you really can’t avoid sending sensitive or financial information via email, then your best option is to encrypt your email.
How Does Encryption Work?
Email encryption works by scrambling the message so that it cannot be read without using the proper key. It requires the recipient to have a “private key” to decode the message. This key is matched with the public key used by the sender to encrypt the email. In theory, this means that the email is as safe as the private key.
There are two common methods used to encrypt email:
– Pretty Good Privacy (PGP): This method compresses the text, including a session key and then sends it. The recipient uses their private key to retrieve the session key, which then decrypts and decompresses the message. One advantage of PGP is that by compressing the email, it helps reduce storage and bandwidth use.
– Secure Multi-Purpose Internet Mail Extension (S/MIME): S/MIME uses a digital signature, which provides the identity of the person sending the email. The signatures have to match before the message can be read. This method is particularly useful for people who are concerned that their messages may be spoofed.
What Are the Limitations of Email Encryption?
email encryption is only as secure as the keys and digital signatures used to encrypt and decrypt it. If your PGP private key is stolen, you’ll have to change it quickly.
Some encryption services also require that the recipient have an account with the service or enter a password every time they need to read an email. For example, Gmail has built-in encryption, but it only works properly if you are sending to another Gmail user. Additionally, it doesn’t prevent the Gmail service from scanning your emails to target advertising.
Your log in credentials can still be intercepted, which may give somebody access to your keys or access to the service you are using. Because of this, you should use a VPN connection any time you send a secure email.
A VPN also helps block the EFAIL exploit. This works by using the active content.htm emails to obtain the plaintext, which means that if you send all of your emails in plain text, it should also block this exploit.
EFAIL can also be mitigated by using an email encryption client separate from your regular mail client. Most of the vulnerability is in your email client, not the encryption methods.
Email also needs to be encrypted when it is stored. Otherwise, hackers may still get into your archive and read your messages.
Finally, too many users fall to the temptation of encrypting only the most sensitive emails. This tells hackers exactly which emails they should be trying to get into and can actually make their lives easier.
How Do I Get Access to Email Encryption Tools?
While it is possible to code your email server to use encryption, most smaller businesses and individuals don’t have that luxury. The best option is to subscribe to a secure email service.
As mentioned above, Gmail offers some limited encryption capability, but it insufficient for most people who are truly concerned about the sensitivity of the emails they are sending. Here is an updated list that provides information on 11 of the best secure email services that you can get.
TOP 11 Encrypted Email Services
ProtonMail (Our choice)
Founded by the European Organization for Nuclear Research (CERN) and Massachusetts Institute of Technology (MIT) scientists and developers, ProtonMail is currently the world’s largest encrypted email service. Praised for its transparency and dedication to users’ privacy, the service works like an antidote to those tired of Google tracking their every move online.
ProtonMail is an end-to-end encrypted service, this means that data is encrypted when it’s transferred and stored on their servers. Thus, not even ProtonMail or any third-party snoopers can access the contents of your communication. In fact, this provider is so secure that if you lose your password, even they can’t retrieve your emails (You should set up recovery information). ProtonMail is a no-log email service, so your emails won’t be traced back to you. Also, it doesn’t keep your IP address information.
ProtonMail offers free and paid premium versions If you wish to enhance your privacy even further, you can sing up for a paid version and get extra features – such as associating your passwords with contacts.
- Free of charge (you can pay for more space and built-in VPN)
- Does not keep any IP address information
- Allows you to download your PGP keys
- Works from any device
- Does not support IMAP, SMTP, or POP3, which means you have to use the web interface if working from a desktop. Given the EFAIL vulnerability, this may be more secure, but it does not provide a 100 percent certainty of that.
CounterMail is a Swedish company that offers a very high level of security and is designed for people who deal with financial information and other highly-sensitive information.
- Does not keep any IP address information
- Stores the cached emails on CD-ROMs, making it much harder for thieves to access them
- Uses USB drive authentication
- Supports IMAP and SMTP
- Includes a password manager
- Uses anonymous headers
- Free trial only lasts a week, which may not be enough time for proper evaluation
- The recipient also has to have an account for the email to be encrypted
- Limited storage space
- Some people may find the USB drive authentication a pain, especially when traveling
Hushmail has been around since 1999 and has an excellent reputation. It has both business and personal options, a modern web interface, and it keeps your email secure enough that even Hushmail can’t read it.
- Supports IMAP and POP
- Offers two-step authentication
- Includes a spam filter
- Imports contacts
- You have to hand over your phone number as well as an alternate email address to sign up
Based in Belgium, Mailfence is an OpenPGP based service that provides end-to-end encryption. Belgium has strict data protection laws, which places this in a good jurisdiction. You can also use this with custom domains, and it provides a complete email suite that offers all the usual amenities.
- Includes digital signatures, which prevent email spoofing
- Includes a spam filter
- Imports contacts
- Includes a calendar
- Supports IMPA and SMTP as long as you use a secure connection
- No ads
- Sends mail through the address you used to sign up (rather than through their address)
- Can be used to send faxes and text messages, albeit at a cost
- Limited storage unless you pay
- Requires an alternate email address
- Stores the private keys on its own servers
- Can only send to people with an OpenPGP key
- Does not allow others to inspect their code
Based in Germany, Tutanota is operated by a small team of developers who take privacy seriously. When utilizing their service, your entire mailbox is encrypted, which includes both your address book and emails. They are also stored in an end-to-end encrypted format while at rest at Tutanota.
- Automatically encrypts your entire mailbox
- Verification does not require a phone number
- Encrypted emails can be sent to users who don’t have the service (a pre-shared password is used)
- Automatically encrypts email headers, subject lines and body
- High level of encryption and security
- Provides support for custom domains, encrypted contact forms and business email
- Does not support SMTP, IMAP or POP3
- A cryptocurrency payment option is still in development
Based in Norway, Runbox is a secure email provider that protects your information under the jurisdiction of Norwegian privacy legislation. This is important to note as disclosure requires a court order before any of your data is disclosed to another party. Every server is maintained and run within the country.
This company also has a history of operating in the secure email space since 2000. This gives it a great dealsspace of experience. Initially, the data center for Runbox was designed and used for communications and computing by the Norwegian government. It is secure and reliable and equipped with the following:
– Fire suppression capability
– Electromagnetic protection
– Power supply contingencies
– Modules below and above ground
While the secure email service does place quite a bit of focus on security and privacy, it does have a user-friendly feel and plenty of features. Runbox will run via dedicated mobile apps as well as on third-party email clients. If you’d like to try using Runbox, they do have a 30-day free trial available and a guide to make it easy if you need to import any existing emails.
- Supports FTP, SMTP, POP, IMAP and DAV
- Physically stores all emails in its own high-security data center
- Features spam protection and advanced virus scanning capabilities
- Has a history of good uptime
- Accepts anonymous cash payments and cryptocurrency
- To ensure end-to-end encryption, you must utilize PGP or S/MINE encryption types
Kolab Now is a secure email provider that provides functionality for a full email suite and offers an abundance of features. A subscription to Kolab Now will provide you with service for email, scheduling, cloud file storage, collaboration tools, calendar and contacts. If you are a business owner or an individual who is concerned about your privacy, you’ll find the options and features of this email service quite handy.
However, while the service does provide support and features that work with multiple devices and operating systems, it’s level of security isn’t the highest on this list. It doesn’t have end-to-end encryption and does not store your emails in an encrypted form.
- Provides support for IMAP, SMTP and POP
- It’s located in Switzerland, which provides strong privacy protection
- Full email suite availability
- Accepts payment in cryptocurrency
- Does not provide end-to-end encryption as a built-in feature
- Physical equipment is located in a high-security data center
- Price is higher than most
Posteo is a secure email provider that’s been operating in Berlin, Germany since 2009. It provides strong encryption options and also supports IMAP, which is beneficial if you want to utilize the service on different devices or use different email clients.
The company has high standards when it comes to protecting your privacy. They do not keep any logs, offer strong encryption standards and automatically strip IP addresses from your email. In addition, you can sign up for the service anonymously by making an anonymous payment.
Users are provided with end-to-end encryption of individual emails. You also have the ability to encrypt your address book, calendar and saved emails. Access protection is provided in layers with a salted hash password, optional one-time password and hard disk encryption.
- Encryption of email subject, body, headers, metadata and attachments
- Emails are encrypted at rest using OpenPGP
- Supports anonymous payments utilizing cash or cryptocurrency
- Good track record and self-financed
- IP address stripping
- No logs and secure email storage
- No spam folder (emails are rejected or delivered to your inbox)
- No custom domains
This secure email service was created by the same developers who started Startpage, which is a private search engine that’s based in the Netherlands. Privacy is important in this jurisdiction.
A unique feature of StartMail is that they handle the encryption functions on the server-side, instead of in the browser. You can use PGP encryption and all emails are encrypted while at rest. Another feature unique to StartMail is the ability to quickly create disposable email addresses, which can be utilized with different services. The service also supports IMAP and SMTP if you would like to use with third-party apps.
- Cryptocurrency is accepted as a payment method
- Custom domains are supported
- Support for SMTP and IMAP
- The IP address is stripped from emails as well as headers
- Provides the ability to create temporary email addresses that are disposable
- The interface could be updated
Mailbox.org is another secure email provider that’s based in Germany. It has a development team with experience going back to the 1990s. Data transmission for their services utilizes SSL/TLS encryption. The company also utilizes EV security certificates
The service provides support for SMTP, IMAP, POP and DAV services and secure cloud storage. You also have access to features such as full PGP key management, groupware, calendar and contacts. In addition, their infrastructure is located at two separate locations for geo-redundancy.
- Availability of virus protection and advanced spam filters
- Provides support for anonymous payment and anonymous registration as well as cash payment by mail and cryptocurrency
- Cloud storage is provided for all accounts
- PGP is utilized to encrypt stored emails
- Provides full migration services, groupware, contacts and calendar
- Utilizes mechanisms like CSP, CAA, HSTS, X-XSS and MTA-STS to help prevent in transit attacks
- IP addresses are logged for security and then erased after four days
Based in Canada, Thexyz is a lesser-known web hosting and secure email provider. It started offering its email service in 2009. Depending on your criteria for keeping your email private, it is prudent to note that this service is located in the Five Eyes jurisdiction, which may make it a dealbreaker with some individuals.
Thexyz provides you with an account that is secure and encrypted in the cloud. You’ll also have access to team collaboration tools, calendar and contacts. When at rest, the service keeps all emails encrypted by using AES 256-bit encryption. The company also has two locations for geo-redundancy and provides an unlimited number of aliases as well as support for custom domains. Unfortunately, this service doesn’t have end-to-end encryption like some of the other services that are offered.
- Has a modern user interface
- Encrypts all emails at rest with 256-bit AES
- Provides cloud storage that’s encrypted as well as chat, contacts and calendar
- Custom domains are supported
- iOS and Android apps are supported
- Has capability for incoming email and spam filtering
- Located in the Five Eyes jurisdiction
- No built-in end-to-end encryption
Using one of these services will help you keep your email secure from prying eyes. Adding a VPN will keep the email from being as easily intercepted by hackers who might find a way to decrypt it.
Either way, make sure you are not sending sensitive information through an unsecured email. Again, it is a postcard, not a letter and almost anyone can read it.
What encrypted email service is your favorite?
Secure your digital life with Surfshark
Only $1.99/mo. 30-day money-back guarantee with every planBuy NOW