20

Nine of the Most Secure Email Providers

Posted by Jamie on May 17, 2019

You might not think a lot about the security level of your email provider. Most users don’t, typically using the same email address first setup fifteen years ago, content with the free email account supplied by their internet service provider or the free Yahoo! or Gmail account they received in college. To a lot of people, the difference between two levels of security in your email might seem innocuous enough; after all, you have nothing to hide, no illegal activities or dangerous emails to contend with. But that doesn’t mean you should leave your email completely unprotected. The United States Postal Service doesn’t open and read your mail or check your packages prior to delivering them—or at least, they shouldn’t—so why should businesses and government officials be allowed to do the same with your email?

Email providers like Gmail and Yahoo! Mail aren’t completely unprotected, but they also aren’t the most secure email providers currently available on the market. For that, you’ll want to turn to some lesser-known email providers that focus on security and end-to-end encryption, and can offer peace of mind over all else. We’ve gathered a list of the eight best secured and encrypted email providers that will protect your privacy as much as possible, often for free or at a low price for data. These services don’t collect or sell your data, don’t scan your emails for keywords in order to sell directed advertisements, and don’t allow any government agencies to access server data, helping to keep your data and privacy protected as much as possible. And this doesn’t even include the fear of sending sensitive information, including tax documents and contracts, between two parties on an unsecured line.

Most of these providers offer some mixture of free and paid plans, but to unlock the majority of their features, you’ll have to lay down some cash to get the full experience. Unfortunately, free email services like those offered through Gmail and Yahoo! Mail often make you the product, through advertising and the selling of your personal data. It’s why the best way to keep yourself secured is to steer away from these free tiers of email providers and to pay a few bucks each month to keep yourself safe and secured online. These are nine of the most secure email providers on the market today.

Everyone else

Also hosted within the borders of Switzerland, Kolab Now is a fully-premium secure email service that focuses primarily on business users. The platform used by Kolab is far more powerful than most other secure email services, not just in terms of its security and privacy protocols, but in how much it offers the user. The app is built like a full office suite; for example, Kolab uses their contacts system as a sort of mini-social network, making it easy to browse through your contacts and organize groups. The calendar system allows users to share calendars with collaborators and keep up to 100 independent digital calendars. It even includes a file system for browsing your cloud-saved files inside the integrated cloud service, and allows you to set up a scheduling system inside the application.

All of this means that Kolab Now is built more like a suite for business users than an offering for individuals looking for a basic email address. There’s a lot offered by Kolab, essentially creating an all-in-one replacement for Microsoft Office, Google Drive, and Slack that allows businesses to focus on their work without having to deal with the limitations or the privacy concerns of less-secure services. And all that said, Kolab is no slouch when it comes to email. The service is built to host your files and emails inside a dedicated system in Switzerland, keeping your information private from foreign attackers, unknown governments, and advertisers.

Unfortunately, Kolab doesn’t state what security protocols they implement for your saved data, and their email service doesn’t provide end-to-end encryption. That’s not the end of the world, though it does mean users looking for that sort of security will need to look elsewhere for their security, perhaps at either of our top picks on this article. But between the ability to use Thunderbird or similar email clients for fully-encrypted messages and the storage of your content in a country as secure about data as Switzerland, the sacrifice in security for the features Kolab offers might be one of the best tradeoffs in email today. Still, Kolab doesn’t come cheap. Individual accounts run users about $5 per month, with that price rising steadily through the group and hosting account options available.

In stark contrast to Kolab, Countermail focuses entirely on your security. Though the system and accompanying website are a bit dated, the system is still regularly updated to this day, and its security protocols can’t be beat. Countermail offers end-to-end encryption between senders and recipients, 4096-bit security keys, and uses OpenPGP and other similar security protocols to keep your email safe and your account secure. The service uses Sweden-based diskless data servers, meaning anything you send through their servers cannot be read or written. Plus, no other company is quite as open and honest about how their server system works: Countermail provides a helpful diagram of their system directly on their website, displaying proudly how secure their diskless system is for your usage.

Countermail is also one of the only email services on the web to feature USB dongle keys, providing a physical security system for your cloud-based email. When used, you’ll require your physical USB key from Countermail in order to decrypt your email from their servers, giving only you access to the information saved inside your email account. While this is an excellent feature to provide users with, it also prevents you from accessing your information if you’ve forgotten your dongle—or if you’re trying to access information from your smartphone or other device.

The general design of Countermail is dated and lacking in style to say the least, with a late-90s design that simply doesn’t hold up compared to most of the other interfaces on this list. However, assuming you you can get over the visual imperfections, it’s one of our favorite secure email platforms on the web. Looking at pricing, Countermail doesn’t come cheap: three months of server access runs you a full $19 for only 250MB of cloud storage, and 12 months is $59 for only 500MB of storage (extra storage is available, but also costly). That said, the service does offer a week-long trial version.

Based on their own website, Mailfence’s email system was directly inspired by Edward Snowden’s global data revelations in 2013. The general idea behind Mailfence is similar to the other platforms we’ve seen here: privacy should be a right, not a privilege, and this system stands by that. Mailfence promises no tracking, advertising, or third-party data scanning ever—something that can’t be promised by what we’ve seen from Gmail or Yahoo Mail. Like most of their competitors on this list, Mailfence keeps their sent emails encrypted on both ends, preventing everyone but the sender and the recipient from reading the message. Mailfence uses AES-256 bit security, an even-stronger standard than what our top pick Tutanota offers in their own clients. And like others before it, Mailfence also hosts their servers outside of the United States, keeping their servers based in Belgium.

In terms of features, Mailfence’s closest competitor comes in the form of Kolab. Like that service, Mailfence offers several office-like applications and abilities, including private calendars, a cloud-document service, and the ability to split contacts into specific groups and users. You can access your emails from the web, any popular email platform, or your smartphone, making Mailfence a powerful modern email service. Unfortunately, dedicated apps were announced in 2017, but two years later, they have yet to roll out options for smartphones (despite assurances from the Mailfence team in our comments from 2018). Remote connections are available to sync with the client of your choice, through protocols like IMAP, POP, and ActiveSync, though it’s worth noting that you’ll have to sign up for a paid account to access these options due to maintenance and upkeep costs.

Three paid plans are available, with the basic plan including 5GB of email storage, 12GB for documents, 10,000 event calendars, and custom email domains for only $3.00. There’s also a free plan available for any personal user, which reduces your email storage to 500MB, your document storage to 500MB, and your calendars to just 1,000 events. Still, the option to use a free plan is welcomed here, and it makes Mailfence one of our favorite web apps available for private emails. While we do wish Mailfence had a full mobile app for use across multiple platforms, that doesn’t stop it from being one of our favorite secure email providers on the web today, a great service that offers an excellent web client, IMAP remote sync, and full security options for your email.

Hushmail is a great option for anyone looking to gain access to similar features to ProtonMail in a service that has been around for nearly twenty full years. Based out of Vancouver, Hushmail sells itself as a fully enhanced email security system for the modern web, with a focus on business offerings but the ability to use it with personal sources as well. Like ProtonMail, Hushmail pushes itself as an encrypted service, using a password system to both send and receive emails from Hushmail platforms. When you’re sending your message, your first email gives you the option to encrypt your email by checking a small box on the menu. If you’re sending to another Hushmail user, the message is automatically encrypted, which will grant them access to reading the email in their current web window, right within the email without any add-ons or new windows.

If they don’t have access to a Hushmail account, don’t worry—you can still send encrypted emails from your account to Gmail or Outlook users, but you’ll have to turn it on manually in your email. Once you’ve sent the encrypted message, non-Hushmail users will receive a prompt in their email, inviting them to a secure web page where they can view your message or documents. Viewing the documents is as easy as creating a passcode for their own Hushmail viewer account, along with the answer to an (optional) security question designed by the sender in order to open the message, effectively working as a password system for the emails viewable in your browser. It’s a strong system, one that works well, and the interface for Hushmail makes it easy for the recipient to figure out what they’re doing.

Hushmail’s encryption protocols use OpenPGP encryption to protect the contents of the email and SSL/TLS secure connections between computers and the Hushmail servers to access your content. The email system isn’t free, however. Personal accounts run you $49.99 per year, a semi-expensive rate considering the free offerings Hushmail is competing against. Still, at around $4 per month paid annually, it’s a decent option to jump in with. That price grants you 10GB of storage, ad-free accounts, a fully serviceable webmail client with an iPhone app (unfortunately, no Android app as of writing), and multiple email aliases. It’s not free, but it’s an affordable annual price for a solid encrypted offering.

Posteo is a privately-owned email service that is hosted in Germany, allowing for users all over the world to take advantage of their secure and private anonymous platform. Though the company doesn’t offer a free tier, the email service is entirely ad-free, and has made a name for themselves by aiming to offer greater security, privacy, and sustainability on the internet than their alternatives. The service is open-source, and features an anonymous signup, two-factor authentication when logging in, and TLS-encrypted access on their servers. Backups of your account occur each day and last for seven days before being purged from their system. All of Posteo’s hard disks are encrypted, as are their emails, data, and attachments sent through the service.

In terms of additional features, Posteo also offers a fully-secured address book, encrypted with AES bit protection, a calendar system that can be shared with other users and also supports reminders, and a focus on running a green-energy company from their headquarters in Germany, including using energy-efficient hardware and optimizing their server sizes to maximize their green output. Posteo isn’t a free service, but it is affordable, charging users $1.20 per month (payable anonymously) to access their base 2GB accounts. Additional gigabytes of storage can be purchased for about 30 cents each month per gigabyte, as can additional calendars and email aliases. Posteo isn’t the most private service on our list—the system lacks end-to-end encryption without the use of an additional browser add-on, something you can’t use at every company in America—but that doesn’t stop it from being a great choice for those looking for a secure alternative to Gmail that doesn’t scan your emails in order to serve you advertisements.

LuxSci is one of the few secure email providers on this list with servers based in the United States. The service is aimed mainly at business users and professionals, and focuses primarily on offering those users a full email-based productivity suite while keeping encryption a priority. All emails sent from LuxSci support end-to-end encryption, with no setup required and a plugin available for Outlook users. The service uses SMTP protocols, TLS and SSL technologies, and other secure systems to keep your email safe and secure, and the system is compatible with any desktop or mobile web client. LuxSci calls their secure email system SecureLine, and it helps keep any and all prying eyes out of your personal and private information.

As mentioned, the system primarily is made for business users looking to migrate to a more secure form of email, and the prices display this. Monthly email hosting costs start at $10 for LuxSci, with most accounts made during business hours ready in about an hour. A LuxSci support member will even give you a thirty minute walkthrough of your new email account over the phone, making it easy for anyone to learn how their email system works without much training or know-how. LuxSci offers several different business and premium plans on their website, ranging from the basic SecureLine email system to more complicated web hosting plans for higher-end users. Though the company isn’t a great choice for personal users, anyone looking for a business-tier email system will find plenty to love with LuxSci.

SCRYPTmail is a newer email service that aims to provide users with a private, anonymous email hosting service while also providing a clean and user-friendly interface that looks designed for this decade. Like most of the other services on this list, your email is secured with end-to-end encryption, as is any and all data uploaded to their service. The service also promises to not use any third-party script services that can leak user metadata, location information, and more. The email service uses AES-256 bit encryption, making it virtually uncrackable online, and the service allows both plaintext and encrypted text to be sent in messages.

There are a couple small reasons why SCRYPTmail doesn’t make it to the top of the list. First, the company purposefully doesn’t detail its technical information. That isn’t to say SCRYPTmail isn’t safe—the company actually provides users with the source code on Github, but it does make it difficult to check the basic technical specs of the service at a simple glimpse and without the technical knowledge required to read and understand source code. Second, SCRYPTmail is an unproven platform, and although it’s been around for a few years, it hasn’t seen any news updates in more than a year. When we first highlighted the app, it had received an update in June of 2017; at the time of writing, that is still the most recent update on the news posts within the email.

The service is currently free, but the service allows for both PayPal and Bitcoin donations. SCRYPTmail also offers a paid that allows for 1 gigabyte of storage space, 5 aliases, and a single custom domain for $1.30 per month. However, the last update on the SCRYPTmail blog was over a year ago, and it doesn’t look like the platform is being actively developed any longer. Unfortunately, we can’t give SCRYPTmail our full recommendation as of yet, thanks to its questionable support status and its lack of updates over the last year, but it’s certainly an app you should keep an eye on if you care for the development of new services.

20 thoughts on “Nine of the Most Secure Email Providers”

Slumming for Today says:
All of these services you have listed are in “14-Eyes” jurisdictions; how can you (or they) possibly say they are secure?
Reply
Danielle says:
Most likely, you and I are separated by thousands and thousands of kilometers, however, I can feel that your mind is not working properly.

The haters have a filter that only allows them to see what suits them, even if the object to attack is good.

None of these services is in jurisdiction, you have invented it to obscure its validity.

Are you going to tell me how safe Gmail and Hotmail are?

Friend, please keep an open mind.

Reply
ce says:
I hear no one rushing to endorse Hotmail. lol It started out fine years ago but now is definitely the pits. Rinky-dinky. Lots of features, but I’m sure they are reading and I have to decide by August 2019 if I’ll agree to their terms, which, of course, includes everything I say and do, plus ads and no telling what else. I’m no techy, but I would like a modicum of privacy. Joke, huh?
Reply
kellye says:
wow! great heads up on protonmail I seriously never figured it was them changing my password. I have opened a zillion accounts due to the fact I hardly ever got to return to an account because my password was changed. then after cooperating with their song and dance questions they still told me they couldn’t verify who I was. so I open another account. which i did numerous times because each time id return bam my password wouldn’t work. the end result: i no longer use proton mail and am currently looking for another service which is simple and free. i expect privacy on a personal level. simple and direct. what service is free and generous….we all are riding the same wave~~~~
Reply
Jessica says:
What service are you using now?
Reply
Polly Etymology says:
I’ve gotten more spam through Protonmail than any other service I’ve ever used!
Lon Moore says:
I’ve had the HushMail experience. It’s certainly as secure as any free disposable email. I was with them for a time, and some problem occurred that did not affect me. All of a sudden, every email I ever wrote, and every incoming showed up in my incoming mail, with an explanation that they were being helpful and providing me all my past mail so I could decide which I wanted to keep. I understand that they have since given the information about their 100% non-private practice of keeping such copies, when a sucker signs up. I don’t know because I wouldn’t touch them with a stick. NO security, NO privacy. HushMail is a big lie.
Reply
Danielle says:
If you do not want spam, simply do not use your email to subscribe to sites where it is abundant. It’s cool to know that I am the only person who has no problem.
Reply
Janita Fields says:
I used Protonmail for about 6 months. I felt very secure. Then, one week, every account I have was hacked, including Protonmail. Since then, I can’t stay in my account. While I am logged in, my password gets changed. I can’t change my password because I don’t know the new password.

Protonmail sends snippy comments such as “Clearly, you have forgotten your password”. Really? Well, how did I get into my account?

I don’t know how its done. The hacker gets in, locks me out. They got into the app, changed the pin, took away the touch ID. Its a game to them. Protonmail support is no support at all. They are so caught up in how secure they are that they won’t listen to what is happening. They want me to leave an e-mail address in this form. I have none.

If this person can hack in and out at will, then any hacker can do it. NOT SAFE!

Reply
Cedric says:
What??? This leaves me flabbergasted. I”m just a normal person who loves privacy.
Has your problem been sorted out?
And what did the protonmail support have to say???
Reply
Proteus says:
Proton was good say, two years ago, no problems. Used their VPN based on my free email experiences and it too, started out fine, then began to be unreliable with disconnects and slow speeds. They began to upload crash data with no opt out and made it very hard to unsubscribe, so I let my service lapse. Proton held my email account hostage until I paid up on the VPN, which they made autorenew at some point, and hadn’t been used for months before it expired. Couldn’t access my email, so I deleted the account.

Can’t recommend Proton now, lots of spam, very expensive and deceptive practices. Use a VPN or secure email provider that can’t be trusted? No.

Joe says:
I would to switch to something other than Gmail or Comcast email but I read the following and wanted to get other opinions on it:

“But what really makes Gmail a better option than ProtonMail in this regard, though, is its new optional “Advanced Protection” service, an even stronger set of security features that make it extremely hard for anyone to hack into your account. “Advanced Protection” requires the use of physical tokens or security keys, which make phishing attacks virtually impossible to pull off.”

Thank you!

Reply
avoid spam says:
I grow weary of telling news outlets that you CANNOT defend yourself against phishing attacks with a usb key or any other device. If you understand what phishing is, what it can do, the extents to which it can fool someone, no key will prevent it.
Reply
Simon says:
I think full email security is a bit of a myth. Some of the most secure email services are not all that convenient. I think the privacy and reliability of a provider also need to be considered. Having good data portability is also a good idea. I am currently hosting my mail with Thexyz and by having your own domain, you can move mail pretty much anywhere.
Reply
Stacey Riska says:
Thanks for including us in your list. While you have “US based servers” as a con, it is actually a “pro” for people in the USA not worried about government monitoring lol. There are multiple ways to order, including calling, chatting and/or placing an order directly online. Our specialty is providing the most secure data and communications solutions in the industry. We invite anyone to learn more and test it out with a free 30-day trial.
Reply
Jehan says:
Hello Jamie,
Thanks for including us in your overview of most secure email providers.
I just would like to let you know that our free subscription offers 500 MB and not 200 MB.

We are working on our mobile app. It has high priority and we are focussing on this point.
Thank you for your great site.

Regards

Jehan

Reply
Ashish says:
Hey Jamie

Really Nice post. I have been using Proton mail for quite some time now. First time I saw proton mail was on Mr. Robot season 3 finale.
Thank you all the other recommendations.

Reply
FINALLY passed recaptch! YAY! says:
The problem that apparently most of these guys don’t understand is their names. Try telling an indian tech support guy in india your email address is “SCRYPTmail” or “tutonota” dot com.

You’ll spend 20 minutes trying to spell it for him and he’ll still get it wrong.

Reply
David Frossard says:
I’m an early crowd-funding backer of ProtonMail, so I’m probably biased. But it does everything I need it to do — with what appears to be world-class security. I’ve had an account for years and the service, interface, and apps get better every year. I’m certainly never going back to Gmail. (And for those on the fence, the free version of ProtonMail is pretty good, if you don’t need a lot of storage and don’t mind a mandatory advertising signature.)

As for ProtonMail appearing on a TV show (Mr. Robot — a series known for its fanatical attention to technical detail), I thought that was a hoot. I mean, what other email program would Mr. Robot use anyway?

It would appear that Tuanota is a worthy runner-up to ProtonMail. A question: does operating under Swiss privacy law (ProtonMail) have any advantage or disadvantage to operating under German law (Tuanota)? Would anyone like to weigh in?

Reply
Brian says:
I’m curious – there are a few recent comments here that suggest a decline in Protonmail’s quality of service. Have you experienced any of this?
Reply
Tajba says:
I use Runbox and Msgsafe.io.
Both are great.
Reply
OJ says:
I use my own domain with hosting control panel and hosted on secure datacenter.
If I need any switch, I just change the hosting provider.
Reply
James says:
Tom, I do understand the frustration of being hacked and your data getting compromised. Aside from technical and philosophical concerns (relating to Tutanota and Protonmail). I believe, following good security practices e.g., Strong password, TFA, not using open/public WiFi or other insecure connections, etc… (especially when you have a high threat model ) is something that you have take care of, regardless of the service (e.g., Mailfence in this case.)
Reply
James says:
Tom I see what you meant there, and it really is frustrating to get your mailbox hacked and data compromised. Technical and other issues aside (that relates to Protonmail and Tutanota) – having your account compromised due to not following adequate security practices (weak password, No TFA, etc…) is something that you have to deal with on your side and has nothing to do with the service being used e.g., Mailfence in this case.

All and all, I do agree that for users having high-level threat models are more prone of being attacked, and therefore should take relatively more security measures.

Reply
stan says:
I have tried husmail and fast mail before, I want to go secure again, just sick of the amount of targeting advertising and spying going on these days and its annoyed me enough to look at this again. Would love to hear of any suggestions for most secure email providers ideally blocking EVERYONE, not just hackers, I don’t like some govermint bean counter reading them either, call me weird, i just like the notion of privacy if it still exists! Grateful for any comments
Reply
Pam McCall says:
I don’t understand how my centurylink email account got hacked so I can’t send messages online but I can on my phone using the same account. . .

Can anyone shed some light on that for me?

Reply
em says:
I’ve been using msgsafe.io to send encrypted email for over a year now. Its better than any of the others I’ve seen available allowing you to forward messages to another email, bring your own domain, etc.
Reply
Cattie M says:
I have been using openmailbox.org for years. It seems to be very good.
Reply
Brent says:
It was very good, however they have undergone a facelift with no warning. Can no longer access calenders or contacts via dav, aliases dissappeared overnight, and all attempts to contact them with questions have been met with silence. Looking for a new mail provider now
Reply
tom says:
mailfence is NOT secure, all of my emails have been hacked into over the last months, tutanota is only secure if the recipient bothers to use the password and what stranger would have the time to do that, Protonmail is questionable they have affiliated with a USA TV series recommendation and they are the only email provider that sales Tshirts and Mugs as part of their sale?

GMAIL ARE HELL but the rest are difficult to trust, there are hardly NO secure email providers in the market at the moment. Haven’t been able to send any work related nor anything important since these local hackers have been targeting my email or the NSA.

Reply
Sarah Jane says:
As a journalist who has worked with sensitive data, I feel your pain Tom. What are you currently using, or would you prefer to remain discrete?
Reply
Frankie says:
I’m not sure why the fact that a TV show has done research and liked a product and contacted the provider and asked if they could use their service in the show has any relevance on how secure a provider is or is not. One could potentially argue that it opens them up to being pressured by more capitalistic concerns (vs being really focused on security)…but that seems a stretch.

Leave a Reply

Your email address will not be published. Required fields are marked *


Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.