Internet-based email has been around for nearly 50 years. And the email services we use today aren’t that different than the original version going back decades.
Unfortunately, security wasn’t a factor when it was originally invented. The internet was just universities and governments where everybody could verify who everyone else was. There were no spammers, hackers, or phishing scams in those days.
Because the email protocol isn’t secure by design, email services offer varying degrees of security. Let’s look at 8 secure email providers to consider if you want to switch to a more secure option.
Email Security Considerations
Most major email services provide secure connections to their servers. That means anything you send gets encrypted when it’s traveling from your PC to the server.
Whether the information on the server is encrypted is another question. If you’re concerned about email security, you need to know whether the email service can read your messages when they’re stored on their server.
And more importantly, do you trust them?
Even if you do trust them, there are other factors at play. If they have the encryption keys to read your email, those keys could get stolen and your information could get exposed. It could also be subject to political or other legal factors that might force the provider to release it.
Features to Look for from Secure Email Providers
There are several security-focused features to look for when considering an email service:
- End-to-end encryption
- Where is the server located
- 2-factor authentication (2FA)
- Open-source systems
- Anonymous account setup and payment options
End-to-end encryption ensures only you and the receiver of your email can read it because the email provider doesn’t have the encryption key. Privacy laws vary from one country to another so the server location can have a bearing on whether the government can get access to your email.
2-factor authentication uses a second layer of security to log in on top of your password, such as sending a text message or using an app on your smartphone. Open-source software means the source code is available for anyone to see and evaluate for any security risks.
And anonymous account setup and payment ensures the email provider has no personally-identifying information about you.
ProtonMail is one of the most popular secure email services. Their servers are based in Switzerland, a country with some of the tightest privacy laws in the world. The servers are located in a bunker below 1,000 meters of rock so they’re safe from virtually any kind of damage.
ProtonMail offers end-to-end encryption and their staff has no access to your email. If they were to access it on their server, all they would see is a bunch of random encrypted characters.
Tutanota’s servers are located in Germany, another country with strong privacy laws to help protect your data. They support 2-factor authentication but do not offer end-to-end encryption.
End-to-end encryption makes it a bit more complicated to set up and limits the number of email apps you can use, especially on mobile devices. If you want to be able to set it up more easily, Tutanota’s service is more widely-compatible.
They use open-source tools and support a protocol called DNS-based Authentication of Name Entities (DANE). This protocol provides authentication of each step your email goes through in the chain of PCs and servers, protecting you from “man-in-the-middle” attacks where someone impersonates a server so they can intercept your communication.
Posteo’s servers are located in Germany and also support the DANE protocol. They don’t offer end-to-end encryption either but support 2-factor authentication.
One of the unique features of Posteo is that they don’t store any identifying information or IP addresses used by their users. If they ever do get a request to release information, it wouldn’t be able to link it back to a specific user.
Countermail’s servers are located in Sweden. They use diskless servers to run their email service which means your information is never stored on a disk, only in temporary memory. Even if someone gained physical access to the server, they wouldn’t be able to reconstruct your data.
Countermail offers another unique feature as well – the ability to use a physical security key. You can set it up so you can only access your email from a computer with a USB dongle plugged into it.
Mailbox.org runs on servers located in Germany using the open-source OpenPGP encryption system. This means their encryption is compatible with any other service that also uses OpenPGP, giving you more flexibility for sending and receiving encrypted messages.
Every email you send includes a lot of personal information in the message header. You don’t see it when you read your email but it’s in the underlying code. Mailbox.org strips this information out of the messages, adding another layer of protection.
They also let you sign up with no personal information using Bitcoin to avoid sharing any personal data.
Mailfence not only offers secure email, but they also offer a calendar, contacts, and document storage. If you’re wondering how to delete a Gmail account, this would be a good choice since it can replace several G-Suite services.
Their servers are located in Belgium and use the open-source OpenPGP system for end-to-end encryption. Mailfence is one of the more complex systems to use so it’s best suited for more tech-savvy users.
7. Kolab Now
Kolab Now also offers a suite of services including a calendar, contacts, and file storage. Their servers are located in Switzerland and do not provide end-to-end encryption.
They use a protocol called Perfect Forward Secrecy (PFS) that generates unique keys for each message you send. That way, if a message does get intercepted, the key is only good for that one – it won’t work for any other emails.
SCRYPTmail offers end-to-end encryption, 2-factor authentication, and uses open-source tools. They also have a unique feature that lets you create disposable email addresses to use when you don’t want to share your actual address.
One potential drawback to SCRYPTmail is that their servers are located in the US, which is a sticking point for some people due to the less-strict privacy laws.
Choosing the Right Secure Email
When considering which of these secure email providers to use, ask yourself how much complexity you’re willing to put up with in exchange for security. The more secure the email service is, the more complicated it can be to use.
If you’re not sending state secrets by email, you might not need the most secure service. Most hackers look for easy targets so any of these services will be secure enough to make them move on to lower-hanging fruit.
Did you find this post helpful? Check out the rest of our blog for more interesting articles.