Nine of the Most Secure Email Providers
You might not think a lot about the security level of your email provider. Most users don’t, typically using the same email address first setup fifteen years ago, content with the free email account supplied by their internet service provider or the free Yahoo! or Gmail account they received in college. To a lot of people, the difference between two levels of security in your email might seem innocuous enough; after all, you have nothing to hide, no illegal activities or dangerous emails to contend with. But that doesn’t mean you should leave your email completely unprotected. The United States Postal Service doesn’t open and read your mail or check your packages prior to delivering them—or at least, they shouldn’t—so why should businesses and government officials be allowed to do the same with your email?
Email providers like Gmail and Yahoo! Mail aren’t completely unprotected, but they also aren’t the most secure email providers currently available on the market. For that, you’ll want to turn to some lesser-known email providers that focus on security and end-to-end encryption, and can offer peace of mind over all else. We’ve gathered a list of the eight best secured and encrypted email providers that will protect your privacy as much as possible, often for free or at a low price for data. These services don’t collect or sell your data, don’t scan your emails for keywords in order to sell directed advertisements, and don’t allow any government agencies to access server data, helping to keep your data and privacy protected as much as possible. And this doesn’t even include the fear of sending sensitive information, including tax documents and contracts, between two parties on an unsecured line.
Most of these providers offer some mixture of free and paid plans, but to unlock the majority of their features, you’ll have to lay down some cash to get the full experience. Unfortunately, free email services like those offered through Gmail and Yahoo! Mail often make you the product, through advertising and the selling of your personal data. It’s why the best way to keep yourself secured is to steer away from these free tiers of email providers and to pay a few bucks each month to keep yourself safe and secured online. These are nine of the most secure email providers on the market today.
What makes ProtonMail our top pick isn’t just the security the service provides to its users, but the ability to quickly setup the service and ensure that it stays safe from prying eyes. ProtonMail is based out of a security center in Switzerland, developed by scientists from CERN and MIT. The service launched in 2013 to glowing reviews, not only for its encryption and security factors, but for its ease of use as well. Setting up a ProtonMail account is as simple as setting up an email address with Gmail or Outlook, but unlike those platforms, ProtonMail has built-in security for your protection against rogue users and snooping eyes.
In terms of security and services, here’s what makes ProtonMail so powerful: the service features end-to-end encryption, something you probably hear a lot about when it comes to VPNs and private messaging apps like Signal. This means every message you send from your ProtonMail account is protected from the moment you hit send to the moment the message is opened, and it can only be viewed by the sender and the recipient. When the message is stored on ProtonMail’s private servers, only the sender, who contains the public key, and the recipient, who has the private key, can read the message. Not even ProtonMail can read the message, despite your words living on their own servers. In fact, ProtonMail promises that they mathematically cannot read your messages, because their zeroaccess architecture makes it impossible to decrypt the messages stored on their servers.
Of course, end-to-end encryption only truly functions well if you’re emailing other ProtonMail users. For this reason, ProtonMail also supports sending mail to other non-ProtonMail users while still offering the same kind of encryption you’d expect from their service. This includes mail providers like Gmail, Yahoo! Mail, Outlook, Apple Mail, and even AOL Mail. These users will receive an encrypted link in place of the email, which they can decrypt using a passphrase you’ve shared with them privately. And, of course, you can also send unencrypted emails to these users as well. As we mentioned, ProtonMail puts a strong focus on ensuring their service is easy for anyone to use. There’s no software to install on your computer, no encryption keys that you have to keep track of, and no difficult setup process. Plus, ProtonMail offers apps for both Android and iOS, and both are well-received by their users.
ProtonMail has a free tier for users to sign up and use, which allows for a single user to sign up and use the service online. This supplies you with 500 megabytes of online storage, a single email address, up to 150 messages sent per day, limited customer support, and up to three labels or folders. Most users will want to spring for the Plus plan, which grants a much-more flexible user experience. For $5 per month or $48 per year, the Plus subscription grants you plenty of extra features, including the ability to send up to 1000 messages per day, store up to 5GB of cloud-based data, keep 200 folders or labels, experience normal support from ProtonMail, and use email filters and autoresponders.
Businesses, meanwhile, will want to look into the Professional plan, which offers up to 50 users the ability to store 5GB of data per user, send unlimited messages, keep unlimited folders, and features a priority support line. The top-tier plan, fittingly titled the Visionary plan, exists for those ready to pay for the best experience offered by Proton. For $30 per month or $288 per year, you’ll receive email accounts for six different users, 20GB of cloud storage, unlimited messaging, and an included ProtonVPN to keep your internet usage secure and private.
Overall, most users looking for a secure or private email address will find a lot to like in ProtonMail. It’s easy to setup, even easier to use, and features some of the best security we’ve seen in private emails. The visual design is modern and clean, with a focus on staying secure without losing out on the visual design that makes Gmail or Outlook so popular. The importance of sending encrypted messages to unencrypted services can’t be understated, and the free tier is competent enough for low-use senders to rely on. The Plus tier, meanwhile, is great for users looking to take their email to the next level, and options for professionals and teams make it a great choice for anyone looking for a quality email service that won’t share, leak, or sell your data. If you’re looking for a one-size-fits-all package for encrypted email, ProtonMail is the option for you.
Another web-based secure platform, Tutanota mail focuses on providing the best experience possible for its users, with a wide variety of security features and solutions available within the platform for use. Tutanota boasts about its open-source systems, as well as its ability to supply private users with a fully-featured platform for their email. The security systems put in place by Tutanota make it one of our top picks for secure email platforms, and the ability to cheaply supply private email for even the most frugal of consumers reading this best-of guide.
Like ProtonMail, Tutanota does its best to keep its encryption easy to use and learn, automatically encrypting your email data on your device. This means both your email and your contacts list are kept private and secured, making it easy to avoid problematic situations online. Tutanota’s email encryption works no matter you’re using their client or not, so end-to-end encryption is possible no matter the client or time. All emails and email attachments are stored right on Tutanota’s servers, making it easy to access the content you need as you need it and send it to whomever you wish, encrypted or otherwise. These servers are kept in Germany, which means all data saved on their servers is subject to German privacy laws, but all data is encrypted end-to-end and cannot be viewed by other services or users. The service utilizes a custom solution that uses 2049-bit RSA keys and employs AES-128 encryption keys for stronger security.
Tutanota’s biggest and best feature is its pricing. The service uses an open-source code that can be downloaded directly from the site’s Github, and is licensed under GPL V3. This open-source code allows security professionals to verify the security of your emails while also maintaining your own privacy, and allowing the app to be free for most personal users. Any non-business user can use Tutanota for your email for free, granting you access to a gigabyte of cloud storage for attachments, your choice of Tutanota domain, and an unlimited number of sent messages per day. If you’re interested in upgrading your account, of course, that’s an option as well.
The Plus account starts at about $1.50 per month, making it extraordinarily cheap compared to most other secure email providers on the market. This includes the option to use your own domain for your email, additional email aliases, and a premium support line. You can also expand your cloud storage and user count, though this is done on top of paying for the premium version of the app.
The service features apps for both iOS and Android, although we found both apps’ visual designs to be a bit behind the times when compared to other 2018-era email applications. That said, Tutanota’s development team has been touting an upcoming redesign for the mobile app that will better match the newer web client design, with a more modern feel while still keeping the features we’ve come to love from Tutanota. Whether or not the update rolls out sometime in July of this year remains to be seen, but we’re hopeful that the new application does an even better job in presenting your email on your phone.
Overall, Tutanota is a great email client. The free service can’t be beat in terms of pricing, and since Tutanota is a web-based cloud service, there’s nothing to download or install for your computer. Much like Gmail and ProtonMail, Tutanota can be used from any device with an internet connection and a browser, regardless of operating system. Overall, it’s a great choice for the budget minded; it’s personal account selection is great for anyone looking for a new email provider, and for about $17 per year, you can step up to the premium account. ProtonMail might be our top pick, but Tutanota is our best budget selection for secure email providers.
Also hosted within the borders of Switzerland, Kolab Now is a fully-premium secure email service that focuses primarily on business users. The platform used by Kolab is far more powerful than most other secure email services, not just in terms of its security and privacy protocols, but in how much it offers the user. The app is built like a full office suite; for example, Kolab uses their contacts system as a sort of mini-social network, making it easy to browse through your contacts and organize groups. The calendar system allows users to share calendars with collaborators and keep up to 100 independent digital calendars. It even includes a file system for browsing your cloud-saved files inside the integrated cloud service, and allows you to set up a scheduling system inside the application.
All of this means that Kolab Now is built more like a suite for business users than an offering for individuals looking for a basic email address. There’s a lot offered by Kolab, essentially creating an all-in-one replacement for Microsoft Office, Google Drive, and Slack that allows businesses to focus on their work without having to deal with the limitations or the privacy concerns of less-secure services. And all that said, Kolab is no slouch when it comes to email. The service is built to host your files and emails inside a dedicated system in Switzerland, keeping your information private from foreign attackers, unknown governments, and advertisers.
Unfortunately, Kolab doesn’t state what security protocols they implement for your saved data, and their email service doesn’t provide end-to-end encryption. That’s not the end of the world, though it does mean users looking for that sort of security will need to look elsewhere for their security, perhaps at either of our top picks on this article. But between the ability to use Thunderbird or similar email clients for fully-encrypted messages and the storage of your content in a country as secure about data as Switzerland, the sacrifice in security for the features Kolab offers might be one of the best tradeoffs in email today. Still, Kolab doesn’t come cheap. Individual accounts run users about $5 per month, with that price rising steadily through the group and hosting account options available.
In stark contrast to Kolab, Countermail focuses entirely on your security. Though the system and accompanying website are a bit dated, the system is still regularly updated to this day, and its security protocols can’t be beat. Countermail offers end-to-end encryption between senders and recipients, 4096-bit security keys, and uses OpenPGP and other similar security protocols to keep your email safe and your account secure. The service uses Sweden-based diskless data servers, meaning anything you send through their servers cannot be read or written. Plus, no other company is quite as open and honest about how their server system works: Countermail provides a helpful diagram of their system directly on their website, displaying proudly how secure their diskless system is for your usage.
Countermail is also one of the only email services on the web to feature USB dongle keys, providing a physical security system for your cloud-based email. When used, you’ll require your physical USB key from Countermail in order to decrypt your email from their servers, giving only you access to the information saved inside your email account. While this is an excellent feature to provide users with, it also prevents you from accessing your information if you’ve forgotten your dongle—or if you’re trying to access information from your smartphone or other device.
The general design of Countermail is dated and lacking in style to say the least, with a late-90s design that simply doesn’t hold up compared to most of the other interfaces on this list. However, assuming you you can get over the visual imperfections, it’s one of our favorite secure email platforms on the web. Looking at pricing, Countermail doesn’t come cheap: three months of server access runs you a full $19 for only 250MB of cloud storage, and 12 months is $59 for only 500MB of storage (extra storage is available, but also costly). That said, the service does offer a week-long trial version.
Based on their own website, Mailfence’s email system was directly inspired by Edward Snowden’s global data revelations in 2013. The general idea behind Mailfence is similar to the other platforms we’ve seen here: privacy should be a right, not a privilege, and this system stands by that. Mailfence promises no tracking, advertising, or third-party data scanning ever—something that can’t be promised by what we’ve seen from Gmail or Yahoo Mail. Like most of their competitors on this list, Mailfence keeps their sent emails encrypted on both ends, preventing everyone but the sender and the recipient from reading the message. Mailfence uses AES-256 bit security, an even-stronger standard than what our top pick Tutanota offers in their own clients. And like others before it, Mailfence also hosts their servers outside of the United States, keeping their servers based in Belgium.
In terms of features, Mailfence’s closest competitor comes in the form of Kolab. Like that service, Mailfence offers several office-like applications and abilities, including private calendars, a cloud-document service, and the ability to split contacts into specific groups and users. You can access your emails from the web, any popular email platform, or your smartphone, making Mailfence a powerful modern email service. Unfortunately, dedicated apps were announced in 2017, but two years later, they have yet to roll out options for smartphones (despite assurances from the Mailfence team in our comments from 2018). Remote connections are available to sync with the client of your choice, through protocols like IMAP, POP, and ActiveSync, though it’s worth noting that you’ll have to sign up for a paid account to access these options due to maintenance and upkeep costs.
Three paid plans are available, with the basic plan including 5GB of email storage, 12GB for documents, 10,000 event calendars, and custom email domains for only $3.00. There’s also a free plan available for any personal user, which reduces your email storage to 500MB, your document storage to 500MB, and your calendars to just 1,000 events. Still, the option to use a free plan is welcomed here, and it makes Mailfence one of our favorite web apps available for private emails. While we do wish Mailfence had a full mobile app for use across multiple platforms, that doesn’t stop it from being one of our favorite secure email providers on the web today, a great service that offers an excellent web client, IMAP remote sync, and full security options for your email.
Hushmail is a great option for anyone looking to gain access to similar features to ProtonMail in a service that has been around for nearly twenty full years. Based out of Vancouver, Hushmail sells itself as a fully enhanced email security system for the modern web, with a focus on business offerings but the ability to use it with personal sources as well. Like ProtonMail, Hushmail pushes itself as an encrypted service, using a password system to both send and receive emails from Hushmail platforms. When you’re sending your message, your first email gives you the option to encrypt your email by checking a small box on the menu. If you’re sending to another Hushmail user, the message is automatically encrypted, which will grant them access to reading the email in their current web window, right within the email without any add-ons or new windows.
If they don’t have access to a Hushmail account, don’t worry—you can still send encrypted emails from your account to Gmail or Outlook users, but you’ll have to turn it on manually in your email. Once you’ve sent the encrypted message, non-Hushmail users will receive a prompt in their email, inviting them to a secure web page where they can view your message or documents. Viewing the documents is as easy as creating a passcode for their own Hushmail viewer account, along with the answer to an (optional) security question designed by the sender in order to open the message, effectively working as a password system for the emails viewable in your browser. It’s a strong system, one that works well, and the interface for Hushmail makes it easy for the recipient to figure out what they’re doing.
Hushmail’s encryption protocols use OpenPGP encryption to protect the contents of the email and SSL/TLS secure connections between computers and the Hushmail servers to access your content. The email system isn’t free, however. Personal accounts run you $49.99 per year, a semi-expensive rate considering the free offerings Hushmail is competing against. Still, at around $4 per month paid annually, it’s a decent option to jump in with. That price grants you 10GB of storage, ad-free accounts, a fully serviceable webmail client with an iPhone app (unfortunately, no Android app as of writing), and multiple email aliases. It’s not free, but it’s an affordable annual price for a solid encrypted offering.
Posteo is a privately-owned email service that is hosted in Germany, allowing for users all over the world to take advantage of their secure and private anonymous platform. Though the company doesn’t offer a free tier, the email service is entirely ad-free, and has made a name for themselves by aiming to offer greater security, privacy, and sustainability on the internet than their alternatives. The service is open-source, and features an anonymous signup, two-factor authentication when logging in, and TLS-encrypted access on their servers. Backups of your account occur each day and last for seven days before being purged from their system. All of Posteo’s hard disks are encrypted, as are their emails, data, and attachments sent through the service.
In terms of additional features, Posteo also offers a fully-secured address book, encrypted with AES bit protection, a calendar system that can be shared with other users and also supports reminders, and a focus on running a green-energy company from their headquarters in Germany, including using energy-efficient hardware and optimizing their server sizes to maximize their green output. Posteo isn’t a free service, but it is affordable, charging users $1.20 per month (payable anonymously) to access their base 2GB accounts. Additional gigabytes of storage can be purchased for about 30 cents each month per gigabyte, as can additional calendars and email aliases. Posteo isn’t the most private service on our list—the system lacks end-to-end encryption without the use of an additional browser add-on, something you can’t use at every company in America—but that doesn’t stop it from being a great choice for those looking for a secure alternative to Gmail that doesn’t scan your emails in order to serve you advertisements.
LuxSci is one of the few secure email providers on this list with servers based in the United States. The service is aimed mainly at business users and professionals, and focuses primarily on offering those users a full email-based productivity suite while keeping encryption a priority. All emails sent from LuxSci support end-to-end encryption, with no setup required and a plugin available for Outlook users. The service uses SMTP protocols, TLS and SSL technologies, and other secure systems to keep your email safe and secure, and the system is compatible with any desktop or mobile web client. LuxSci calls their secure email system SecureLine, and it helps keep any and all prying eyes out of your personal and private information.
As mentioned, the system primarily is made for business users looking to migrate to a more secure form of email, and the prices display this. Monthly email hosting costs start at $10 for LuxSci, with most accounts made during business hours ready in about an hour. A LuxSci support member will even give you a thirty minute walkthrough of your new email account over the phone, making it easy for anyone to learn how their email system works without much training or know-how. LuxSci offers several different business and premium plans on their website, ranging from the basic SecureLine email system to more complicated web hosting plans for higher-end users. Though the company isn’t a great choice for personal users, anyone looking for a business-tier email system will find plenty to love with LuxSci.
SCRYPTmail is a newer email service that aims to provide users with a private, anonymous email hosting service while also providing a clean and user-friendly interface that looks designed for this decade. Like most of the other services on this list, your email is secured with end-to-end encryption, as is any and all data uploaded to their service. The service also promises to not use any third-party script services that can leak user metadata, location information, and more. The email service uses AES-256 bit encryption, making it virtually uncrackable online, and the service allows both plaintext and encrypted text to be sent in messages.
There are a couple small reasons why SCRYPTmail doesn’t make it to the top of the list. First, the company purposefully doesn’t detail its technical information. That isn’t to say SCRYPTmail isn’t safe—the company actually provides users with the source code on Github, but it does make it difficult to check the basic technical specs of the service at a simple glimpse and without the technical knowledge required to read and understand source code. Second, SCRYPTmail is an unproven platform, and although it’s been around for a few years, it hasn’t seen any news updates in more than a year. When we first highlighted the app, it had received an update in June of 2017; at the time of writing, that is still the most recent update on the news posts within the email.
The service is currently free, but the service allows for both PayPal and Bitcoin donations. SCRYPTmail also offers a paid that allows for 1 gigabyte of storage space, 5 aliases, and a single custom domain for $1.30 per month. However, the last update on the SCRYPTmail blog was over a year ago, and it doesn’t look like the platform is being actively developed any longer. Unfortunately, we can’t give SCRYPTmail our full recommendation as of yet, thanks to its questionable support status and its lack of updates over the last year, but it’s certainly an app you should keep an eye on if you care for the development of new services.