You’d think that elite services like Gmail or Yahoo Mail would protect their users’ emails. However, email security leaves a lot to be desired.
If you send an email to someone who’s not using an encrypted service, you might as well be sending a postcard. But it doesn’t have to be that way. Lucky for you, we have narrowed down the top 8 encrypted email services for 2022.
What is email encryption and why does it matter?
Encryption makes sure your emails are protected when traversing the web. It scrambles the contents of a message so that they look like nonsense to anyone who doesn’t have the key needed to unscramble it. That way, even if it’s intercepted, it’s useless to the hacker – modern encryption can take a computer millions of years to crack.
Major email platforms now employ transport-level encryption. This means that the email is encrypted in transit from you to the server. It’s not the safest solution, as the contents of the email are accessible on the server for your Internet Service Provider (ISP) or any hackers snooping around.
On the other hand, end-to-end encryption is a lot safer. It ensures that the email is encrypted throughout the entire trip. And this is where encrypted mail services come in. Let’s take a look at some of the best ones out there!
Note: to understand standard abbreviations used throughout the comparison, refer to “Other features to look for in your encrypted email service” section at the end of this article.
ProtonMail – the most reputable encrypted email provider
Created by the European Organization for Nuclear Research (CERN) and Massachusetts Institute of Technology (MIT) scientists and developers, ProtonMail is currently the world’s largest encrypted email service.
Praised for its transparency and dedication to privacy, ProtonMail is an end-to-end encrypted service. This means that data is encrypted when it’s transferred and stored on their servers. Thus, not even ProtonMail can access the contents of your letters. In fact, if you lose your password, they can’t even retrieve your emails. That’s why you should set up recovery information.
ProtonMail is a no-log email service, so your emails won’t be traced back to you. It doesn’t keep your IP (Internet Procotol) address information either.
Free of charge (you can pay for more space and a built-in VPN)
Does not keep any IP address information
Allows you to download your PGP keys if you use the Pretty Great Privacy encryption software
Works from any device
Does not support IMAP, SMTP, or POP3 data transfer protocols, so you can’t use it with email programs. Given the EFAIL vulnerability that made Gmail, Apple and Outlook clients leak contents of encrypted emails, this may be more secure
Hushmail – best for business users
Hushmail has been around since 1999 and has an excellent reputation. It has both business and personal options, a modern web interface, and it keeps your email secure enough that even Hushmail can’t read it.
Hushmail offers many options for businesses and non-profits. It also allows you to create secure web forms with a drag-and-drop creator. It’s part of what makes it very attractive for health professionals that want a HIPAA-compliant email account.
Supports IMAP and POP, meaning it’s more compatible with email software
Offers two-step authentication
Includes a spam filter
Unlimited aliases (you can change your alias without creating a new account)
You have to hand over your phone number as well as an alternate email address to sign up
No free option outside of the 14-day trial
Mailfence – best for secure emails with any domain
Based in Belgium, Mailfence is an OpenPGP-based (most widely used email encryption standard) service that provides end-to-end encryption. And that’s on top of its integrated keystore (to store all of your encryption keys), focus on digital signatures, and 2-factor authentication (meaning there’s an extra step logging in). You can also use it with custom domains to get the @weedbong.com email you always wanted.
Belgium has strict data protection laws, which places this in a good jurisdiction. However, Mailfence complies with user identification requests from Belgian courts. It serves the statistics of requests received and fulfilled and provides a warrant canary.
Supports digital signatures to prevent email spoofing
Includes a spam filter
Includes a spam filter
Includes a calendar
POPS, IMAPS, and SMTPS are available for secure connection
Can be used to send faxes and text messages, albeit not for free
Limited free storage
Requires an alternate email address
Stores the private keys on its servers
Can only send to people with an OpenPGP key
Does not allow others to inspect their code, so you can’t know if they have malicious processes inserted into their services
Will identify users if Belgian courts submit a valid demand
Tutanota – most flexible pricing
Based in Germany, Tutanota is operated by a small team of developers who take privacy seriously. The services encrypt the entire mailbox, which includes both your address book and emails. The files are also stored in an end-to-end encrypted format while at rest (stored) at Tutanota.
Free at the basic level, Tutanota comes with flexible pricing options. For businesses, Tutanota offers excellent features like white labels and secure, shared calendars.
Automatically encrypts your entire mailbox
Verification does not require a phone number
Encrypted emails can be sent to users who don’t have the service (a pre-shared password is used)
Automatically encrypts email headers, subject lines, and body
High level of encryption and security
Provides support for custom domains, encrypted contact forms, and business emails
Does not support SMTP, IMAP or POP3 – only accessible via web
Somewhat barebones at the free level
Runbox – best protected server location
Based in Norway, Runbox is a secure email provider that protects your information under the jurisdiction of Norwegian privacy legislation. This is important to note as a court order is needed before any of your data is disclosed to another party.
Runbox’s data center operates out of a place that was built for the Norwegian government. It contains a lot of security and safety measures that ensure the integrity of servers. It’s also run on green energy.
While the secure email service places quite a bit of focus on security and privacy, it does have a user-friendly feel and plenty of features. Runbox will run via dedicated mobile apps as well as on third-party email clients.
Supports various means of access
Physically stores all emails in its own high-security data center
Features spam protection and advanced virus scanning capabilities
Has a history of excellent uptime
Accepts anonymous cash payments and cryptocurrency
To ensure end-to-end encryption, you must utilize PGP or S/MINE encryption types, which is a bit involved for regular users
No business features
Data not encrypted while it’s stored in the Runbox system
Posteo – best anonymous sign up
Posteo is a secure email provider with robust encryption options and IMAP support – great for using the service on different devices or different email clients.
The company does not keep any logs and automatically strips IP addresses from your email. You can even sign up anonymously by making an anonymous payment.
Users are provided with end-to-end encryption of individual emails, so nobody is intercepting them. You also have the ability to encrypt your address book, calendar, and saved emails. Access protection is provided in layers with a salted hash password, optional one-time password, and hard disk encryption.
Encryption of email subject, body, headers, metadata, and attachments
Emails are encrypted in storage by using OpenPGP
Supports anonymous payments utilizing cash or cryptocurrency
Good track record and self-financed
IP address stripping
No logs and secure email storage
No spam folder (emails are either rejected or delivered to your inbox)
No custom domains
StartMail – best for disposable temporary emails
StartMail is a secure email service by the developers of Startpage, a private search engine based in the Netherlands. Privacy is important in this country.
A unique feature of StartMail is that they handle the encryption functions on the server-side, instead of in the browser. You can use PGP encryption, and all emails are encrypted while at rest.
Another feature unique to StartMail is the ability to quickly create disposable email addresses, which can be utilized with different services. The service also supports IMAP and SMTP if you want to use third-party apps.
You can pay with cryptocurrency
Supports custom domains
Support for SMTP and IMAP for those desktop app users
The IP address is stripped from emails as well as headers
Allows creating temporary, disposable addresses
No plug-ins for email software
Mailbox.org – best all-rounder
Mailbox.org is another secure email provider that’s based in Germany. Its development team has experience going back to the 1990s. Their services utilize transport-level encryption, and the company also uses Extended Validation Certificates for added security.
The service provides support for SMTP, IMAP, POP, and DAV services and secure cloud storage. You also have access to features such as full PGP key management, groupware, calendar, and contacts. Additionally, their infrastructure is located at two separate locations for geo-redundancy.
Virus protection and advanced spam filters
Provides support for anonymous payment and anonymous registration
Accepts cash payments (by mail) and cryptocurrency
Cloud storage for all accounts
PGP encryption on stored emails
Provides full migration services, groupware, contacts, and calendar
Utilizes security processes like CSP, CAA, HSTS, X-XSS and MTA-STS to prevent in-transit attacks
IP addresses are logged for security and then erased after four days
Other features to look for in your encrypted email service
Encryption is the key feature of secure email services, but not the only one. Here’s what you can also consider:
- PGP. Pretty Good Privacy is an encryption program that was developed in the 1990s. It uses a pair of public and private keys to encrypt your email messages.
- Two-factor authentication (2FA). 2FA is a commonly used security measure that introduces an additional step when you log in. It asks you to confirm your identity in a different way (usually through a mobile app). This way, you can protect your email even if your credentials get stolen!
- Open source. Commercial software usually doesn’t demonstrate its ins-and-outs to customers. Open-source software can be easily looked into. It makes it possible to publicly ascertain if the developer hasn’t inserted any unfriendly functions into the code.
- Stripping metadata. Your email isn’t just the words you wrote and the picture of the cute cat that you attached. Metadata is the embedded information about your computer, browser, and so on. Good secure email services strip it away.
- Server location. You want your email provider’s server to be located in a country with tight privacy laws. If not, you might run into some nasty surprises with some random intelligence folk reading your personal emails.
- Anonymous sign-up. Sometimes, you might not even want to leave a trace of having signed up for a secure email. That’s why you should consider getting an encrypted email provider that doesn’t require any personally-identifiable data, accepts cryptocurrency or cash, and so on.
Encrypted emails – tip of the iceberg in the privacy world
Getting the right encrypted email service is a crucial step towards greater privacy online. As you can, paying for the service comes with many benefits, like the newest security features and reputability.
However, it takes more than just encrypted email to stay secure and browse anonymously. A VPN can protect your other data because it:
- Masks IP address and DNS: this makes you very hard to trace by scrambling the two most identifiable technical details.
- Encrypts your data: it’s like transport-level encryption but for your entire internet traffic.
- Connects to a VPN server outside of your country: this way, you can make the entire internet believe that you are in that country.
- Hides your online activity from your internet service provider: they can’t store your metadata for transferring to authorities or selling it to advertisers.
- Secures your data on public Wi-Fi: even if hackers intercept it, they can’t read the encrypted contents.
So once you find the encrypted email provider you like, add a new layer of security by using a VPN.
Bet you 30 days you’ll love it!Get Surfshark