You’d think elite services like Gmail or Yahoo Mail protect users’ emails. But, nope, their email security leaves a lot to be desired.
If you send an email to someone who’s not using an encrypted service, you might as well be sending a postcard. But it doesn’t have to be that way. Lucky for you, we have narrowed down the top 10 encrypted email services for 2024.
Table of contents
What is email encryption and why does it matter?
Encryption makes sure your emails are protected when traversing the web. It scrambles the contents of a message so that they look like nonsense to anyone who doesn’t have the key needed to unscramble it. That way, even if it’s intercepted, it’s useless to the hacker – modern encryption can take a computer millions of years to crack.
Major email platforms now employ transport-level encryption. This means that the email is encrypted in transit from you to the server. It’s not the safest solution, as the contents of the email are accessible on the server for your Internet Service Provider (ISP) or any hackers snooping around.
On the other hand, end-to-end encryption is a lot safer. It ensures that the email is encrypted throughout the entire trip. And this is where encrypted mail services come in. Let’s take a look at some of the best ones out there!
Note: to understand standard abbreviations used throughout the comparison, refer to the “Other features to look for in your encrypted email service” section at the end of this article.
-
ProtonMail – the most reputable encrypted email provider
Created by the European Organization for Nuclear Research (CERN) and Massachusetts Institute of Technology (MIT) scientists and developers, ProtonMail is currently the world’s largest encrypted email service.
Praised for its transparency and dedication to privacy, ProtonMail is an end-to-end encrypted service. This means that data is encrypted when it’s transferred and stored on their servers. Thus, not even ProtonMail can access the contents of your letters. In fact, if you lose your password, they can’t even retrieve your emails. That’s why you should set up recovery information.
ProtonMail is a no-logs email service, so your emails won’t be traced back to you. It doesn’t keep your IP (Internet Protocol) address information either.
Pros | Cons |
---|---|
Free of charge (you can pay for more space and a built-in VPN) | Does not support IMAP, SMTP, or POP3 data transfer protocols, so you can’t use it with email programs. Given the EFAIL vulnerability that made Gmail, Apple, and Outlook clients leak contents of encrypted emails, this may be more secure |
Does not keep any IP address information | |
Allows you to download your PGP keys if you use the Pretty Great Privacy encryption software | |
Works on any device |
-
Hushmail – best for business users
Hushmail has been around since 1999 and has an excellent reputation. It has both business and personal options, a modern web interface, and it keeps your email secure enough that even Hushmail can’t read it.
Hushmail offers many options for businesses and non-profits. It also allows you to create secure web forms with a drag-and-drop creator. It’s part of what makes it very attractive for health professionals who want a HIPAA-compliant email account. Did I mention it has a filter to reduce spam emails, too?
Pros | Cons |
---|---|
Supports IMAP and POP, meaning it’s more compatible with email software | You have to hand over your phone number as well as an alternate email address to sign up |
Offers two-step authentication | No free option outside of the 14-day trial |
Includes a spam filter | |
Unlimited aliases (you can change your alias without creating a new account) |
-
Mailfence – best for encrypted emails with any domain
Based in Belgium, Mailfence is an OpenPGP-based (most widely used email encryption standard) service that provides end-to-end encryption. And that’s on top of its integrated keystore (to store all of your encryption keys), focus on digital signatures, and 2-factor authentication (meaning there’s an extra step logging in). You can also use it with custom domains to get the @weedbong.com email you always wanted.
Belgium has strict data protection laws, which places this in good jurisdiction. However, Mailfence complies with user identification requests from Belgian courts. It serves the statistics of requests received and fulfilled and provides a warrant canary.
Pros | Cons |
---|---|
Supports digital signatures to prevent email spoofing | Limited free storage |
Includes a spam filter | Requires an alternate email address |
Imports contacts | Stores the private keys on its servers |
Includes a calendar | Can only send to people with an OpenPGP key |
POPS, IMAPS, and SMTPS are available for secure connection | Does not allow others to inspect their code, so you can’t know if they have malicious processes inserted into their services |
Can be used to send faxes and text messages, albeit not for free | Will identify users if Belgian courts submit a valid demand |
-
Tutanota – most flexible pricing
Based in Germany, Tutanota is operated by a small team of developers who take privacy seriously. The services encrypt the entire mailbox, which includes both your address book and emails. The files are also stored in an end-to-end encrypted format while at rest (stored) at Tutanota.
Free at the basic level, Tutanota comes with flexible pricing options. For businesses, Tutanota offers excellent features like white labels and secure, shared calendars.
Pros | Cons |
---|---|
Automatically encrypts your entire mailbox | Does not support SMTP, IMAP, or POP3 – only accessible via web |
Verification does not require a phone number | Somewhat barebones at the free level |
Encrypted emails can be sent to users who don’t have the service (a pre-shared password is used) | |
Automatically encrypts email headers, subject lines, and body | |
High level of encryption and security | |
Provides support for custom domains, encrypted contact forms, and business emails |
-
Runbox – best-protected server location
Based in Norway, Runbox is a secure email provider that protects your information under the jurisdiction of Norwegian privacy legislation. This is important to note as a court order is needed before any of your data is disclosed to another party.
Runbox’s data center operates out of a place that was built for the Norwegian government. It contains a lot of security and safety measures that ensure the integrity of servers. It’s also run on green energy.
While the secure email service places quite a bit of focus on security and privacy, it does have a user-friendly feel and plenty of features. Runbox will run via dedicated mobile apps as well as on third-party email clients.
Pros | Cons |
---|---|
Supports various means of access | To ensure end-to-end encryption, you must utilize PGP or S/MINE encryption types, which is a bit involved for regular users |
Physically stores all emails in its own high-security data center | No business features |
Features spam protection and advanced virus scanning capabilities | Data not encrypted while it’s stored in the Runbox system |
Has a history of excellent uptime | |
Accepts anonymous cash payments and cryptocurrency |
-
Posteo – best anonymous sign-up
Posteo is a secure email provider with robust encryption options and IMAP support – great for using the service on different devices or different email clients.
This service is probably closest to providing an anonymous email because the company doesn’t keep user logs and automatically strips IP addresses from your email. You can even sign up anonymously by making an anonymous payment.
Users are provided with end-to-end encryption of individual emails, so nobody is intercepting them. You also have the ability to encrypt your address book, calendar, and saved emails. Access protection is provided in layers with a salted hash password, optional one-time password, and hard disk encryption.
Pros | Cons |
---|---|
Encryption of email subject, body, headers, metadata, and attachments | No spam folder (emails are either rejected or delivered to your inbox) |
Emails are encrypted in storage by using OpenPGP | No custom domains |
Supports anonymous payments utilizing cash or cryptocurrency | |
Good track record and self-financed | |
IP address stripping | |
No logs and secure email storage |
-
StartMail – best for disposable temporary emails
StartMail is a secure email service by the developers of Startpage, a private search engine based in the Netherlands. Privacy is important in this country.
A unique feature of StartMail is that they handle the encryption functions on the server-side, instead of in the browser. You can use PGP encryption, and all emails are encrypted while at rest.
Another feature unique to StartMail is the ability to quickly create disposable email addresses, which can be utilized with different services. The service also supports IMAP and SMTP if you want to use third-party apps.
Pros | Cons |
---|---|
You can pay with cryptocurrency | No plug-ins for email software |
Supports custom domains | Non-open-source |
Support for SMTP and IMAP for those desktop app users | |
The IP address is stripped from emails as well as headers | |
Allows creating temporary, disposable addresses |
-
Mailbox.org – best all-around service
Mailbox.org is another secure email provider that’s based in Germany. Its development team has experience going back to the 1990s. Their services utilize transport-level encryption, and the company also uses Extended Validation Certificates for added security.
The service provides support for SMTP, IMAP, POP, and DAV services and secure cloud storage. You also have access to features such as full PGP key management, groupware, calendar, and contacts. Additionally, their infrastructure is located at two separate locations for geo-redundancy.
Pros | Cons |
---|---|
Virus protection and advanced spam filters | IP addresses are logged for security and then erased after four days |
Provides support for anonymous payment and anonymous registration | |
Accepts cash payments (by mail) and cryptocurrency | |
Cloud storage for all accounts | |
PGP encryption on stored emails | |
Provides full migration services, groupware, contacts, and calendar | |
Utilizes security processes like CSP, CAA, HSTS, X-XSS, and MTA-STS to prevent in-transit attacks |
-
Zoho Mail – best for ease of use
Zoho Mail is an email provider usually preferred by business entities. That said, it also provides a free version for individuals and gets excellent feedback on its user-friendly interface.
The service uses S/MIME (Secure/Multipurpose Internet Mail Extensions) encryption for its users’ emails. It prevents emails from data breaches, phishing attacks, email spoofing, and other email threats.
Zoho Mail also employs an SSL (Secure Socket Layer) connection to ensure that your data is secure while in transit from POP/IMAP/SMTP clients to their servers.
Pros | Cons |
---|---|
Supports POP and IMAP for a secure connection | The focus is on business clients |
End-to-end encryption | Works best when combined with their other products |
Malware & spam protection | Data centers are distributed across the US, Europe, China, and India |
Provides 2FA for an extra layer of security | Some premium plans add very little value |
HIPAA compliant: no collecting, using, storing, or maintaining health information |
-
CounterMail – best for a four-layered encryption
With servers in Sweden, CounterMail is one of the leading secure email providers using a robust encryption protocol called OpenPGP with 4096bit encryption keys to protect your data.
Although the company’s website might look like it’s clinging to the days of yore, they’re serious about security and openly provide all the information about their protection methods.
The service also offers protection against MITM (Man-In-The-Middle) attacks. Most providers use SSL for this, but CounterMail claim it’s not secure enough. Because of this, they added RSA and AES-CBC encryption underneath the standard SSL protocol. With it, they now have four protection layers: SSL encryption → Session encryption → OpenPGP encryption → Server-side disk encryption.
Pros | Cons |
---|---|
End-to-end security | No free plan |
OpenPGP data encryption | Lets you communicate only with other OpenPGP-compatible email users |
SSL-MITM protection | |
Diskless web servers based in Sweden | |
Supports IMAP | |
USB key option for 2FA | |
Provides password manager |
Other features to look for in your encrypted email service
Encryption is the key feature of secure email services, but not the only one. Here’s what you can also consider:
-
PGP
Pretty Good Privacy is an encryption program that was developed in the 1990s. It uses a pair of public and private keys to encrypt your email messages.
-
Two-factor authentication (2FA)
2FA is a commonly used security measure that introduces an additional step when you log in. It asks you to confirm your identity in a different way (usually through a mobile app). This way, you can protect your email even if your credentials get stolen!
-
Open source
Commercial software usually doesn’t demonstrate its ins and outs to customers. Open-source software can be easily looked into. It makes it possible to publicly ascertain if the developer hasn’t inserted any unfriendly functions into the code.
-
Stripping metadata
Your email isn’t just the words you wrote and the picture of the cute cat that you attached. Metadata is the embedded information about your computer, browser, and so on. Good secure email services strip it away.
-
Server location
You want your email provider’s server to be located in a country with tight privacy laws. If not, you might run into some nasty surprises with some random intelligence folk reading your personal emails.
-
Desktop and mobile compatibility
If using your email is an everyday practice for you, it sure won’t be convenient to have an email app on your computer only. So, try looking for a provider that also has a mobile app.
-
Anonymous sign-up
Sometimes, you might not even want to leave a trace of having signed up for a secure email. That’s why you should consider getting an encrypted email provider that doesn’t require any personally-identifiable data, accepts cryptocurrency or cash, and so on. Make this your dedicated email address for anonymous sign-ups.
Increase email security with an email alias
An email alias, like Alternative ID (a Surfshark product), can create a new email address and online persona to protect your email. It redirects all messages to your primary account, so you can use it for online purchases and sign-ups while minimizing the risk of receiving spam.
Using an alias instead of your primary email address reduces the chances of your real email address being exposed or sold to third parties.
How secure are free email providers?
Some of the email services mentioned earlier provide free plans that are feature-limited. However, there are completely free email clients, such as Gmail, Yahoo, and Microsoft. Can they guarantee absolute protection though?
No. None can promise you complete privacy since they don’t encrypt messages end-to-end. Take a look at Gmail, for example. I’m not saying that it’s not secure at all. Gmail is encrypted with TLS (Transport Layer Security) and uses a standard 128-bit encryption. However, keep in mind that:
- TLS encryption isn’t exceptionally reliable since your message can still be routed through a third-party server. So, it can be deciphered;
- TLS encryption only functions when you send an email to the recipient who has TLS encryption too;
- Even with TLS encryption, your private information can still be accessible since Gmail can filter out the emails that appear suspicious, are phishing scams, or include malware;
- Because TLS doesn’t encrypt your message, Google’s bots can read your emails, use the data they contain to build your user profile, and distribute that data to third parties.
TLS is undoubtedly preferable to having no encryption at all, but it falls short of providing the highest level of security. If you’re looking for more – such as complete security and privacy – go with any encrypted email service from our list above.
Encrypted emails – the tip of the iceberg in the privacy world
Getting the right encrypted email service is a crucial step towards greater privacy online. As you can, paying for the service comes with many benefits, like the newest security features and reputability.
However, it takes more than just encrypted email (or email masking, or burner emails…) to stay secure and browse anonymously. A VPN can protect your other data because it:
- Masks your IP address and DNS: this makes you very hard to trace by scrambling the two most identifiable technical details.
- Encrypts your data: it’s like transport-level encryption but for your entire internet traffic.
- Connects to a VPN server outside of your country: this way, you can make the entire internet believe that you are in that country.
- Hides your online activity from your internet service provider: they can’t store your metadata for transferring to authorities or selling it to advertisers.
- Secures your data on public Wi-Fi: even if hackers intercept it, they can’t read the encrypted contents.
So once you find the encrypted email provider you like, add an extra layer of security to it with a VPN.
FAQ
Is Gmail an encrypted email?
To an extent. Your emails, sent and received via Gmail, are secured using the TLS (Transport Layer Security) protocol. Your and your recipient’s email providers need TLS enabled for it to work.
What is the most secure free email provider?
It all depends on your wants and needs. Having said that, the following are considered the best secure free email providers:
- ProtonMail;
- Mailfence;
- Tutanota;
- Runbox;
- Zoho Mail.
Is ProtonMail safer than Gmail?
ProtonMail is more secure than Gmail when it comes to sending sensitive data. ProtonMail is an end-to-end encrypted service, meaning that data is encrypted when transferred and stored on its servers.