What is a secure email provider?
A secure email provider protects your email account and content with features such as end-to-end encryption that encrypts your email throughout the journey to the recipient. However, there is no standardization of secure email services, so you must be cautious when choosing one. Pay attention to the encryption and other important features employed.
How do secure email providers work?
Secure email service providers use encryption to protect your email messages from hackers and snoopers. Regular email services use plain text communication which is insecure and can be accessed by service providers and surveillance authorities. Transport-level encryption is used by email services to encrypt emails during transit. End-to-end encryption is more secure as it encrypts emails right from the sender’s device to the receiver’s device with no intermediary servers involved. It comes enabled by default in most secure email services and is easy to use and detect. Some common end-to-end encryption protocols include S/MIME and PGP.
Why bother using secure email providers?
Encrypting your emails with regular services can be a hassle, and even after configuring everything, you can’t be sure about achieving privacy for your messages. That’s where secure email providers come in. Using secure email service providers based in privacy-friendly nations is the easiest way to ensure privacy for your data. These providers warrant utmost data security, often with zero access that they can easily follow due to no mandatory data retention laws. Secure email providers also allow you to communicate freely via emails without worrying about unauthorized access to your data. Additionally, they even hide your metadata from prying eyes, making them a better option compared to regular email services.
Proton Mail
Proton AG, a Switzerland-based company, is the operator of the Proton Mail family of products which includes Proton Mail, a calendar, Proton Drive and the well-known Proton VPN.
However, for the purpose of this review, we will only look at Proton Mail. Proton Mail is an encrypted email service that can be accessed via webmail or with iOS and Android mobile applications. It includes end-to-end encryption and is built as an open-source service. Proton Mail appeared on the scene following Snowden’s revelations and is known for its secure email service.
Proton Mail has data centers in under 1000 meters of granite rock in Switzerland, which can survive a nuclear attack. It is designed with the principle of zero knowledge and zero access, which means even the staff and email servers cannot read or share your emails. The Proton Mail free version supports 1 GB of email storage and limits your usage to 150 messages a day, but if that is not enough, you can pay for the Plus service for more space, email aliases, priority support, tags, and custom filtering options.
Proton Mail also has mobile apps for Android and iOS and offers two-step verification and self-destruct message functionality.
As a conscientious user of email services, I have some concerns regarding Proton Mail. Firstly, the fact that Proton Mail does not encrypt email subject lines raises potential privacy issues, as subject lines can sometimes contain sensitive information. This is understandable though as Proton Mail adheres to the OpenPGP encryption standard, which is derived from the PGP standard. As per the standard, metadata related to the email address, such as message headers, must remain unencrypted to ensure that the email can be successfully delivered to the recipient.
Additionally, while Proton Mail generally prides itself on its strong emphasis on user privacy, there have been instances where the service has required users to provide personal information for verification purposes, which can be problematic. Furthermore, there have been allegations that Proton Mail may log IP addresses for government agencies, which raises further concerns about the security and privacy of users’ data. But, for the average person who just want peace of mind from your average criminal, these service more than suffices. However, these issues do highlight the importance of being vigilant and informed when choosing an email service provider.
Tutanota
Tutanota has been in operation since 2011 and is based in Hanover, Germany. It is easy to use and has quality features. Tutanota uses encryption standards to encrypt emails from the sender to the receiver and decrypt them directly on the device. The private encryption key is not accessible to anyone else. You only need an email account to exchange secure emails with other Tutanota users. You can also specify a password for emails encrypted outside the system, if you prefer. Tutanota’s web interface is easy to use, but there is no search function to search for text in archived emails.
Tutanota has applications for iOS and Android, and no phone number is required for verification. It includes 1 GB of storage space, and the subject line, headers, body, metadata, and all attachments are automatically encrypted. It also supports spam filtering. However, features like aliases and messaging rules are only available for paid accounts, and it does not support IMAP and neither can you import contacts in bulk.
Other than that, Tutanota is highly recommended and my second recommendation for the best free email service provider in 2023.
Conclusion
In today’s digital age, it’s no secret that email privacy is a major concern for most people. Many of us are using email services that may not be as secure as we would like them to be, which can leave our sensitive information vulnerable to hackers, cybercriminals, and even government agencies. However, there are a growing number of secure email providers available online that offer robust encryption and advanced security features to help keep our emails private and secure.
While both of the above mentioned secure email services are more secure than the majority of email services out there, there are some differences to consider between each.
Tutanota, for example, is known for its end-to-end encryption, which ensures that only the intended recipient can read your emails. This means that even if someone intercepts your email during transit, they won’t be able to read the contents of the message. Tutanota also offers two-factor authentication, which adds an extra layer of security to your account.
Proton Mail, on the other hand, also offers end-to-end encryption and two-factor authentication, but it has a few additional features that some users may find useful. For example, on the paid plan of Proton Mail, it allows you to send self-destructing emails, which automatically delete after a set amount of time. It also has integration with other Proton products, such as Proton VPN, an encrypted calendar and an online cloud storage drive which can help further enhance your online security.
It’s worth noting, however, that even the most secure email providers can’t protect your privacy if big players like government agencies are involved. If you’re trying to run or hide from such entities, no email service can guarantee your privacy. Nevertheless, for the vast majority of users, choosing a secure email provider like Tutanota or Proton Mail can go a long way in ensuring that your emails are private and secure.
Just remember that it is important to note that no system is entirely bulletproof. Therefore, it is crucial to evaluate your threat model and determine whether a particular service provides adequate security for your needs. Ultimately, choosing a secure email provider can greatly enhance your online privacy and security, and it is important to carefully consider your options before selecting a service provider.