You’d think elite services like Gmail or Yahoo Mail protect users’ emails. But, nope, their email security leaves a lot to be desired.
If you send an email to someone who’s not using an encrypted service, you might as well be sending a postcard. But it doesn’t have to be that way. Lucky for you, we have narrowed down the top 10 encrypted email services for 2023.
Table of contents
What is email encryption and why does it matter?
Encryption makes sure your emails are protected when traversing the web. It scrambles the contents of a message so that they look like nonsense to anyone who doesn’t have the key needed to unscramble it. That way, even if it’s intercepted, it’s useless to the hacker – modern encryption can take a computer millions of years to crack.
Major email platforms now employ transport-level encryption. This means that the email is encrypted in transit from you to the server. It’s not the safest solution, as the contents of the email are accessible on the server for your Internet Service Provider (ISP) or any hackers snooping around.
On the other hand, end-to-end encryption is a lot safer. It ensures that the email is encrypted throughout the entire trip. And this is where encrypted mail services come in. Let’s take a look at some of the best ones out there!
Note: to understand standard abbreviations used throughout the comparison, refer to the “Other features to look for in your encrypted email service” section at the end of this article.
ProtonMail – the most reputable encrypted email provider
Created by the European Organization for Nuclear Research (CERN) and Massachusetts Institute of Technology (MIT) scientists and developers, ProtonMail is currently the world’s largest encrypted email service.
Praised for its transparency and dedication to privacy, ProtonMail is an end-to-end encrypted service. This means that data is encrypted when it’s transferred and stored on their servers. Thus, not even ProtonMail can access the contents of your letters. In fact, if you lose your password, they can’t even retrieve your emails. That’s why you should set up recovery information.
ProtonMail is a no-log email service, so your emails won’t be traced back to you. It doesn’t keep your IP (Internet Protocol) address information either.
Free of charge (you can pay for more space and a built-in VPN)
Does not support IMAP, SMTP, or POP3 data transfer protocols, so you can’t use it with email programs. Given the EFAIL vulnerability that made Gmail, Apple, and Outlook clients leak contents of encrypted emails, this may be more secure
Does not keep any IP address information
Allows you to download your PGP keys if you use the Pretty Great Privacy encryption software
Works on any device
Hushmail – best for business users
Hushmail has been around since 1999 and has an excellent reputation. It has both business and personal options, a modern web interface, and it keeps your email secure enough that even Hushmail can’t read it.
Hushmail offers many options for businesses and non-profits. It also allows you to create secure web forms with a drag-and-drop creator. It’s part of what makes it very attractive for health professionals that want a HIPAA-compliant email account.
Supports IMAP and POP, meaning it’s more compatible with email software
You have to hand over your phone number as well as an alternate email address to sign up
Offers two-step authentication
No free option outside of the 14-day trial
Includes a spam filter
Unlimited aliases (you can change your alias without creating a new account)
Mailfence – best for encrypted emails with any domain
Based in Belgium, Mailfence is an OpenPGP-based (most widely used email encryption standard) service that provides end-to-end encryption. And that’s on top of its integrated keystore (to store all of your encryption keys), focus on digital signatures, and 2-factor authentication (meaning there’s an extra step logging in). You can also use it with custom domains to get the @weedbong.com email you always wanted.
Belgium has strict data protection laws, which places this in good jurisdiction. However, Mailfence complies with user identification requests from Belgian courts. It serves the statistics of requests received and fulfilled and provides a warrant canary.
Supports digital signatures to prevent email spoofing
Limited free storage
Includes a spam filter
Requires an alternate email address
Stores the private keys on its servers
Includes a calendar
Can only send to people with an OpenPGP key
POPS, IMAPS, and SMTPS are available for secure connection
Does not allow others to inspect their code, so you can’t know if they have malicious processes inserted into their services
Can be used to send faxes and text messages, albeit not for free
Will identify users if Belgian courts submit a valid demand
Tutanota – most flexible pricing
Based in Germany, Tutanota is operated by a small team of developers who take privacy seriously. The services encrypt the entire mailbox, which includes both your address book and emails. The files are also stored in an end-to-end encrypted format while at rest (stored) at Tutanota.
Free at the basic level, Tutanota comes with flexible pricing options. For businesses, Tutanota offers excellent features like white labels and secure, shared calendars.
Automatically encrypts your entire mailbox
Does not support SMTP, IMAP, or POP3 – only accessible via web
Verification does not require a phone number
Somewhat barebones at the free level
Encrypted emails can be sent to users who don’t have the service (a pre-shared password is used)
Automatically encrypts email headers, subject lines, and body
High level of encryption and security
Provides support for custom domains, encrypted contact forms, and business emails
Runbox – best-protected server location
Based in Norway, Runbox is a secure email provider that protects your information under the jurisdiction of Norwegian privacy legislation. This is important to note as a court order is needed before any of your data is disclosed to another party.
Runbox’s data center operates out of a place that was built for the Norwegian government. It contains a lot of security and safety measures that ensure the integrity of servers. It’s also run on green energy.
While the secure email service places quite a bit of focus on security and privacy, it does have a user-friendly feel and plenty of features. Runbox will run via dedicated mobile apps as well as on third-party email clients.
Supports various means of access
To ensure end-to-end encryption, you must utilize PGP or S/MINE encryption types, which is a bit involved for regular users
Physically stores all emails in its own high-security data center
No business features
Features spam protection and advanced virus scanning capabilities
Data not encrypted while it’s stored in the Runbox system
Has a history of excellent uptime
Accepts anonymous cash payments and cryptocurrency
Posteo – best anonymous sign-up
Posteo is a secure email provider with robust encryption options and IMAP support – great for using the service on different devices or different email clients.
The company does not keep any logs and automatically strips IP addresses from your email. You can even sign up anonymously by making an anonymous payment.
Users are provided with end-to-end encryption of individual emails, so nobody is intercepting them. You also have the ability to encrypt your address book, calendar, and saved emails. Access protection is provided in layers with a salted hash password, optional one-time password, and hard disk encryption.
Encryption of email subject, body, headers, metadata, and attachments
No spam folder (emails are either rejected or delivered to your inbox)
Emails are encrypted in storage by using OpenPGP
No custom domains
Supports anonymous payments utilizing cash or cryptocurrency
Good track record and self-financed
IP address stripping
No logs and secure email storage
StartMail – best for disposable temporary emails
StartMail is a secure email service by the developers of Startpage, a private search engine based in the Netherlands. Privacy is important in this country.
A unique feature of StartMail is that they handle the encryption functions on the server-side, instead of in the browser. You can use PGP encryption, and all emails are encrypted while at rest.
Another feature unique to StartMail is the ability to quickly create disposable email addresses, which can be utilized with different services. The service also supports IMAP and SMTP if you want to use third-party apps.
You can pay with cryptocurrency
No plug-ins for email software
Supports custom domains
Support for SMTP and IMAP for those desktop app users
The IP address is stripped from emails as well as headers
Allows creating temporary, disposable addresses
Mailbox.org – best all-around service
Mailbox.org is another secure email provider that’s based in Germany. Its development team has experience going back to the 1990s. Their services utilize transport-level encryption, and the company also uses Extended Validation Certificates for added security.
The service provides support for SMTP, IMAP, POP, and DAV services and secure cloud storage. You also have access to features such as full PGP key management, groupware, calendar, and contacts. Additionally, their infrastructure is located at two separate locations for geo-redundancy.
Virus protection and advanced spam filters
IP addresses are logged for security and then erased after four days
Provides support for anonymous payment and anonymous registration
Accepts cash payments (by mail) and cryptocurrency
Cloud storage for all accounts
PGP encryption on stored emails
Provides full migration services, groupware, contacts, and calendar
Utilizes security processes like CSP, CAA, HSTS, X-XSS, and MTA-STS to prevent in-transit attacks
Zoho Mail – best for ease of use
Zoho Mail is an email provider usually preferred by business entities. That said, it also provides a free version for individuals and gets excellent feedback on its user-friendly interface.
The service uses S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption for its users’ emails. It prevents emails from data breaches, phishing attacks, email spoofing, and other email threats.
Zoho Mail also employs an SSL (Secure Socket Layer) connection to ensure that your data is secure while in transit from POP/IMAP/SMTP clients to their servers.
Supports POP and IMAP for a secure connection
The focus is on business clients
Works best when combined with their other products
Malware & spam protection
Data centers are distributed across the US, Europe, China, and India
Provides 2FA for an extra layer of security
Some premium plans add very little value
HIPAA compliant: no collecting, using, storing, or maintaining health information
CounterMail – best for a four-layered encryption
With servers in Sweden, CounterMail is one of the leading secure email providers using a robust encryption protocol called OpenPGP with 4096bit encryption keys to protect your data.
Although the company’s website might look like it’s clinging to the days of yore, they’re serious about security and openly provide all the information about their protection methods.
The service also offers protection against MITM (Man-In-The-Middle) attacks. Most providers use SSL for this, but CounterMail claim it’s not secure enough. Because of this, they added RSA and AES-CBC encryption underneath the standard SSL protocol. With it, they now have four protection layers: SSL encryption → Session encryption → OpenPGP encryption → Server-side disk encryption.
No free plan
OpenPGP data encryption
Lets you communicate only with other OpenPGP-compatible email users
Diskless web servers based in Sweden
USB key option for 2FA
Provides password manager
Other features to look for in your encrypted email service
Encryption is the key feature of secure email services, but not the only one. Here’s what you can also consider:
Pretty Good Privacy is an encryption program that was developed in the 1990s. It uses a pair of public and private keys to encrypt your email messages.
Two-factor authentication (2FA)
2FA is a commonly used security measure that introduces an additional step when you log in. It asks you to confirm your identity in a different way (usually through a mobile app). This way, you can protect your email even if your credentials get stolen!
Commercial software usually doesn’t demonstrate its ins and outs to customers. Open-source software can be easily looked into. It makes it possible to publicly ascertain if the developer hasn’t inserted any unfriendly functions into the code.
Your email isn’t just the words you wrote and the picture of the cute cat that you attached. Metadata is the embedded information about your computer, browser, and so on. Good secure email services strip it away.
You want your email provider’s server to be located in a country with tight privacy laws. If not, you might run into some nasty surprises with some random intelligence folk reading your personal emails.
Desktop and mobile compatibility
If using your email is an everyday practice for you, it sure won’t be convenient to have an email app on your computer only. So, try looking for a provider that also has a mobile app.
Sometimes, you might not even want to leave a trace of having signed up for a secure email. That’s why you should consider getting an encrypted email provider that doesn’t require any personally-identifiable data, accepts cryptocurrency or cash, and so on.
How secure are free email providers?
Some of the email services mentioned earlier provide free plans that are feature-limited. However, there are completely free email clients, such as Gmail, Yahoo, and Microsoft. Can they guarantee absolute protection though?
No. None can promise you complete privacy since they don’t encrypt messages end-to-end. Take a look at Gmail, for example. I’m not saying that it’s not secure at all. Gmail is encrypted with TLS (Transport Layer Security) and uses a standard 128-bit encryption. However, keep in mind that:
- TLS encryption isn’t exceptionally reliable since your message can still be routed through a third-party server. So, it can be deciphered;
- TLS encryption only functions when you send an email to the recipient who has TLS encryption too;
- Even with TLS encryption, your private information can still be accessible since Gmail can filter out the emails that appear suspicious, are phishing scams, or include malware;
- Because TLS doesn’t encrypt your message, Google’s bots can read your emails, use the data they contain to build your user profile, and distribute that data to third parties.
TLS is undoubtedly preferable to having no encryption at all, but it falls short of providing the highest level of security. If you’re looking for more – such as complete security and privacy – go with any encrypted email service from our list above.
Encrypted emails – the tip of the iceberg in the privacy world
Getting the right encrypted email service is a crucial step towards greater privacy online. As you can, paying for the service comes with many benefits, like the newest security features and reputability.
However, it takes more than just encrypted email to stay secure and browse anonymously. A VPN can protect your other data because it:
- Masks your IP address and DNS: this makes you very hard to trace by scrambling the two most identifiable technical details.
- Encrypts your data: it’s like transport-level encryption but for your entire internet traffic.
- Connects to a VPN server outside of your country: this way, you can make the entire internet believe that you are in that country.
- Hides your online activity from your internet service provider: they can’t store your metadata for transferring to authorities or selling it to advertisers.
- Secures your data on public Wi-Fi: even if hackers intercept it, they can’t read the encrypted contents.
So once you find the encrypted email provider you like, add an extra layer of security to it with a VPN.
Bet you 30 days you’ll love it!Get Surfshark
Is Gmail an encrypted email?
To an extent. Your emails, sent and received via Gmail, are secured using the TLS (Transport Layer Security) protocol. Your and your recipient’s email providers need TLS enabled for it to work.
What is the most secure free email provider?
It all depends on your wants and needs. Having said that, the following are considered the best secure free email providers:
- Zoho Mail.
Is ProtonMail safer than Gmail?
ProtonMail is more secure than Gmail when it comes to sending sensitive data. ProtonMail is an end-to-end encrypted service, meaning that data is encrypted when transferred and stored on its servers.