Clearly, Google, Microsoft and Yahoo are not the most secure email providers. None of them encrypt your messages end-to-end, and no one takes your privacy very seriously. Some users are still surprised that Google and others scan your email for keywords to show more personalized ads.
What’s more, if your government decides to snoop on your inbox, none of the three companies will object. Their data breach history isn’t that great either.
Fortunately, there is more than one option on the market. Today, I’m going to introduce our top 10 secure email providers that will protect your privacy. Each of these secure email services encrypts your messages so neither they nor any third party can decipher the content. Also, they all make money by selling premium plans rather than ads or your data.
But how do you choose the best secure email service? Well, there are personal preferences, but I also have a list of criteria to meet, which I describe in detail below
Best secure email providers in 2022:
- ProtonMail – Secure Email Provider with Best Price and Privacy Ratio
- Startmail – Best Email for Desktop Users Only
- Tutanota – The Best Secure Email for Any Device
- Zoho Mail – Part of the Best B2B Security Product Suite
- Thexyz – Excellent feature suite
Top email services
The best encrypted email services have end-to-end encryption, security features like 2FA, and a reputation for not including serious security breaches or breaches.
Although most of these services offer free versions, they are a bit lacking. Premium plans add important features like more storage space and priority customer support. Check out the descriptions of each secure email service to find the one that best suits your needs.
1. ProtonMail – The best email for desktop users only
Access Proton Mail
Launched in 2013 by CERN scientists in privacy-friendly Switzerland, ProtonMail has arguably become the most popular and secure email provider.
This open source service has a strict no-logs policy and uses end-to-end encryption. Users can even send encrypted messages to people who don’t use ProtonMail. All of their servers are stored deep in nuclear bunkers more than three thousand feet underground.
ProtonMail does not have a desktop application, but uses a web-based client for all popular browsers. It feels a bit clunky and outdated after years of using Gmail, but you can get used to it. On the mobile side, you can download apps for Android and iOS.
Smartphone apps are more user-friendly and modern. As usual, the mobile app has less setup, but what we really like is Combined Contacts, which lets you autocomplete email addresses from other accounts.
ProtonMail’s Plus plan gives you 5 GB of storage, 5 email aliases, your own domain support, and more. Meanwhile, the $24 per month Visionary plan comes with 20 GB, 50 email aliases, multi-user support, and ProtonVPN. It’s also likely to include the upcoming ProtonDrive storage solution.
There is also a free version, but it only allows you 500 MB of storage and 150 messages per day. Also, customer support will be limited.
If you don’t see a downside to ProtonMail and aren’t afraid to have no backups in case you forget your password, this secure email is a great option. It’s secure and private (though, after being pressured by Swiss authorities, they did reveal the IP address of a French activist – you can use a VPN to get around that!), and powerful features are being added every day
Visit ProtonMail to read more about the features
- No-logs policy
- Encrypted messages to anyone
- CSV contact import
- Self-destructing emails
- Over 20 account languages
- May log your IP if you’re a criminal suspect
- Web client feels outdated
- POP3 not supported
- May log your IP if you’re a criminal suspect
2. Startmail – The best email for desktop users only
If Startmail sounds unfamiliar, maybe you’ve heard of another of their projects: httpl.com.vn. This is a search engine that doesn’t track any of your data. In essence, Startmail takes the same core values and applies them here.
In practice, this means that Startmail is one of the most secure email services. It is fully integrated with PGP, so you can communicate securely with other users who have PGP set up. It’s important to note that PGP is only implemented on the server side, which means this isn’t a true end-to-end setup, which you’ll hear other providers brag about. Two-factor authentication can also be added to ensure that even if someone discovers your password, your email cannot be cracked.
A significant benefit is that it effectively integrates burner email into its mode of operation. You can add other aliases quickly and easily, for example, when you’re registered somewhere and need a quick one-off address. It also works perfectly when you create an email for the sole purpose of selling on Craigslist.
While StartMail doesn’t offer any dedicated mobile apps, the site itself is fully responsive and works well on most devices. Plus, with full IMAP and SMTP support, you’ll be able to get email through regular services. Although this mailbox is a paid mailbox, you do get a full 7-day trial, including all major platform features.
Visit Startmail to read more about the features
- PGP support
- Multiple aliases can be added
- IMAP/SMTP support
- 10 GB encrypted cloud storage
- Encryption is not end-to-end
- Limited trial version
- Features to look for in your secure email service
3. Tutanota – Best secure email for any device
Visit Tutano Tower
Open source end-to-end secure email provider with over 2 million customers. Let’s see why they all chose Tutanota over other services. But we can already say that if it wasn’t available in GitHub under the GPL v3 license, those numbers could be even lower.
First, Tutanota uses AES and RSA instead of PGP encryption. Both use the same algorithm, but the latter adds an extra layer of security by combining symmetric and asymmetric keys. On the other hand, Tutanota also encrypts sender and receiver names and subject lines. Two-factor authentication is supported, and users can choose between TOTP (Authenticator App) and U2F (YubiKey).
This secure email service takes privacy very seriously. IP addresses and emails will be removed from header metadata to protect you. There is also a strict no-logs policy, but the fact that Germany has joined the Fourteen Eyes intelligence alliance casts a shadow over Tutanta’s otherwise spotless reputation.
In addition to Windows, macOS, iOS, and Android apps, Tutanota also has a web-based app. They are ad-free and easy to use, including an encrypted calendar. What’s more, you can easily sync between them.
For $1 per month, you get a custom domain, 1 GB of storage, 5 aliases, and email support. For another dollar, your storage expands to 10 GB, which is nearly twice the cost of Hushmail subscribers.
Tutanota’s business plan mimics the non-commercial plan and adds Pro for $8.5/month with a custom domain login, logo, and contact form. You can also purchase additional storage space (10 GB, ~$2.36/mo), email aliases (20, ~$1.18/mo), and features like white labeling. All in all, Tutanota is cheap, but can quickly become expensive if you keep adding extra features.
You can also try the free version with 1 GB of storage, one calendar, and one user. However, it does not have any customer support options
Visit Tutanota to read more about the features
- No logs policy
- Spam filter
- 20+ supported languages
- encrypted calendar
- Fourteen Eyes
- PGP and IMAP are not supported
- Expensive extra storage space
4. Zoho Mail – One of the best B2B security product suite
Visit Zoho Mail
Zoho Mail isn’t common among the best secure email services. However, this has nothing to do with its quality – this provider is only the first choice for business customers. However, it’s also great for individuals, so we’ll add it to the list.
Zoho offers many IT solutions, including password managers, so its Mail works best when you combine it with other products. That aside, the service comes with a secure data center that can only be accessed via biometric authentication. Then there’s malware and spam protection, and end-to-end encryption.
This secure email supports 2FA for increased account security. Users can use Zoho’s authentication app, OTP, QR code or Touch ID. You can also access your mailbox from other applications via OAuth 2.0. Zoho Mail can be used as a web application or as an application for smartphones. You can also configure it on other third-party mail clients. The design is intuitive and pleasing to the eye, which is important if you plan to use secure email every day.
For $1 per month, you get apps and other IMAP/POP clients, 250 MB attachment size, and multiple domains. Premium users can use Mail Premium for $4 per month to send 1 GB attachments, store 50 GB, back up emails, and use white labels. A 15-day free trial is also available.
You can also check out the free version of Zoho. However, even though it offers 5 GB of storage, its attachment size is ten times smaller than the cheapest plan. Also, you can only use the web app, which makes checking emails on mobile devices cumbersome.
However, for $1 per month, you get apps and other IMAP/POP clients, ten times the size of attachments, and multiple domains. Premium users can use Mail Premium for $4 per month to send 1 GB attachments, store 50 GB, back up emails, and use white labels. A 15-day free trial is also available.
Visit Zoho Mail to read more about the features
- stylish design
- POP/IMAP import
- Generous free version
- Physical Security Server
- Malware Protection
- For B2B customers
- Some data centers are located in the US and China
5. Thexyz – excellent suite of features
Thexyz is a little-known private email service based in Canada. They boast about 40,000 accounts have been created since launch. Considering that was 13 years in, that’s not a huge number, but that doesn’t mean it’s a bad service.
Conversely, if you’re looking for a private mailbox, it’s probably one of the safest options. Their service is ad-free and highly focused on keeping your emails safe. They have many filters to limit the spam you receive. In fact, if you visit their website, it displays a graph showing how many threats were blocked by sender monitoring and analysis systems like Cloudmark or Message Sniffer. The same chart also shows that they have proprietary filters that can affect the overall reduction in spam.
One reason for concern is that, being a Canadian service, they mostly use data centers in the US. However, there are several in Europe. Their website lists major locations like Chicago, Montreal, London and Sydney. Therefore, the existence of the five eyes is inevitable. If you’re very privacy-conscious, you should.
That being said, there are plenty of safety measures to offset its location flaws. For example, every mail supports all encrypted ports for mail exchange, and every mail sent will not reveal your IP address. If you want more security, it supports IMAP, POP, and even OpenPGP public key to End encryption, which you can configure with plugins such as Mailvelope. In transit, the only protection used is SSL/TLS to ensure that no one alters the intercepted email content. Additionally, logins can be further secured with two-factor authentication.
Let’s say you want to try the service, but don’t want to deal with the tedious data movement between two separate mailboxes. In this case, there is a simple migration tool. It works with Office 365, Gmail, and more. Plus, it doesn’t just apply to the messages you send, but also to Calendar, Contacts, and Notes. As such, it is a full-fledged email service with many useful options that are useful even in a business setting.
The main caveat is that the service is only paid, and there is no free version. It has 25GB of total storage and a 50 MB attachment cap. Prices start at $2.95.month, but depending on your needs, you can choose a more expensive plan or even add more.
Visit Thexyz to read more about the features
- Several spam filters
- IMAP, POP and OpenPGP support
- GMigrations tool
- 50 MB attachment limit
- Two-factor authentication
- iOS and Android apps
- Based on five eyes
- Pay only
6. CounterMail – strongest security features
Started in 2008, CounterMail may have maintained the same website design, but it has come a long way in becoming one of the top secure email providers. And because of its safety-first approach, it’s probably the safest of them all.
CounterMail uses PGP encryption, which is an industry standard. However, they went the extra mile by implementing a RAM-only server that didn’t store anything. Additionally, CounterMail has strong man-in-the-middle (MITM) attack protection, adding AES and RSA algorithms alongside the SSL layer. For 2FA, you can use a USB key or a time-based one-time password (TOTP) algorithm with a third-party authenticator application.
While CounterMail may even outperform ProtonMail in protecting user privacy, I still have to point out that Sweden is a Fourteen Eyes country. Other than that, this provider does more for your security than others. For example, CounterMail offers an anonymous payment option and a separate password-protected safe that can be used as a mini-password manager of sorts.
This secure email provider works as a web application and through third-party email applications such as Android, iOS and other IMAP/SMTP clients. The web app design is outdated (don’t try the Light interface), but offers plenty of customization options.
CounterMail’s 7-day free trial should be enough to check out what it has to offer. However, you can only send and receive from secure email and VPN users (such as yourself). Also, with a maximum attachment size of 3 MB, you will not be able to install CounterMail on third-party mail applications. A two-year plan for $3.29 per month gives you 4 GB of storage, which you can expand by 1.75 GB for a one-time $89 fee.
Visit CounterMail to read more about the features
- No logs policy
- Encrypted messages to anyone
- CSV Contact Import
- self-destructing email
- Over 20 account languages
- If you are a suspect, your IP can be logged
- Web client feels outdated
- POP3 is not supported
- If you are a suspect, your IP can be logged
7. Posteo – one of the cheapest and most secure email services
Posteo is a Germany-based provider of secure email services focused on businesses and individuals.
They have several ways to protect your emails as they transition: TLS with perfect forward secrecy, HTTP Strict Transport Security HSTS, SSH, etc. Encryption is not enabled by default, but is easy to set up with the add-on Mailvelope app. It’s open source, so you don’t trust your data to unverified sources. Plus, with it, you can add PGP, which is the best way to keep your email safe (provided both parties are using it).
There are also features that other secure email providers might be jealous of. For example, they support POP, SMTP and IMAP protocols. So you can retrieve emails from your inbox through the app you’re most familiar with. For added security, you can even encrypt your mailbox, but if you lose your password, not even customer support can recover your data. These are not empty promises – Posteo has been audited by respected cybersecurity firm Cure53.
The main downside is that Posteo doesn’t currently have any desktop or mobile apps. This means you have to use a web client. This can be problematic because some mobile web browsers tend to crop windows, so your emails may not be easy to read, depending on the screen size of the mobile device. Also, there is no live chat or ticketing system for customer support, so you can wait a while until help arrives.
While there’s no free version, with a little customization and a small monthly fee, you can get one of the most secure email services on the market.
Visit Posteo to read more about the features
- PGP support
- Email encryption
- very affordable
- Reviewed by Cure53
- Highly customizable
- POP/IMAP/SMTP import
- No mobile app
- Limited customer support
8. Mailbox – respects your privacy from the very start
Mailbox is another Germany-based secure email provider. The company is privately funded, which protects it from outside influences and ensures you’re still the customer – not the product.
Mailbox respects your privacy from the start. The service will only ask for your recovery email or phone number after you create an account. Even so, it is not mandatory to provide these data.
This email allows you to send the message normally or in encrypted form. Still, the latter will take some time to get set up properly. This is well worth it because mailboxes are encrypted using full PGP. Even if you send emails regularly, your emails are protected by SSL/TLS with perfect forward secrecy. You can customize your mailbox to prevent you from sending mail to recipients using insecure mail services. httl.com.vn is fully compatible with Mailvelope. This is useful if you want to store encryption keys locally for added protection.
The developers put a lot of work into the service to make it a complete suite. With your email, you get cloud-based file storage and a text editor. It’s like they’re trying to replicate the Google suite step by step. So let’s say you’re looking for a secure email service with an extra edge. In this case, httpl.com.vn is one of the services you should consider.
Visit Mailbox to read more about the features
- PGP support
- Compatible with Mailvelope
- Cloud-based storage
- SSL/TLS and PFS
- Prevent unsafe inboxes
- No mobile app
- Email metadata is not encrypted
9. Runbox – private email service with a lot of quality of life features
Unlike most of its competitors, Runbox is based in Norway. It’s not a privacy haven like Panama, but it has adequate privacy laws so your data should be safe. But keep in mind that Norway is not outside the so-called 14 Eyes intelligence alliance, so this service may be of concern.
However, as an email service, Runbox has several advantages. It includes TLS/SSL and adds support for SMTP, POP, and IMAP, and it strips IP addresses from outgoing email. Also, you don’t need to provide any personal details when creating an account, which is a big plus. Finally, Runbox allows you to further restrict access to mailboxes using two-factor authentication and IP address whitelisting.
In addition to security, the privacy-first promise works well. Their website and post-login emails don’t display ads or run intrusive scripts. You can use the service and feel safe, something you shouldn’t take for granted, especially in this day and age. It is the perfect replacement for Fastmail users as the service is very similar.
Visit Runbox to read more about the features
- Accept cryptocurrencies
- SMTP/POP/IMAP support
- No ads
- Intuitive User Interface
- No native end-to-end encryption
- Nine Eyes Country
10. Mailfence – one of the most customizable email services
Visit Mail Fence
Mailfence is the secure email adopted by the Belgians. However, encryption measures are considered optional, not a must-have for every user. So, by design, this service is for those who seek convenience first, safety second.
These features are definitely “not great and not terrible”. It supports OpenPGP encryption, which is much more than some of the more popular email service providers. You can even use RSA or ECC encryption, which should suffice in most cases. Your emails can even be digitally signed, which means if you need to be sure of the sender’s identity, there’s a way to verify it. There is also two-factor authentication support.
Regular users will also appreciate the versatility of the service. It integrates calendar, document storage and user groups. With a free account, either one is capped at 500 MB, but you can bypass the paid version limit. However, even as a free user, you get customer support options. That’s a rare sight.
You should be aware that this service records your IP address as well as some minor logging that cannot be disabled. One more caveat, it’s partially open source, so you can’t be too sure what’s going on under the hood. However, if you’re transitioning from an insecure email service and don’t want to go deep into encryption, this service is a solid option.
Visit Mailfence to read more about the features
- PGP support
- RSA/ECC encryption
- Built-in digital signature
- Minimal logging
- Lack of customer support
Features to look for in your secure email service
Not all secure email services are actually secure and private. There are a lot of free ones that can do more harm than good. So when searching for the most secure email service, see if it meets all or most of the following criteria:
- End-to-end encryption. No email provider can claim to be secure without it. If you’re using the regular service, your messages will only be encrypted before reaching Gmail or Hotmail. When using end-to-end encryption, only the sender and receiver can read the message. So-called Pretty Good Privacy, or PGP for short, is the most common end-to-end encryption for secure email.
- Two-factor authentication (2FA). It gives you extra security and saves your account in case someone knows your password. By adding things you own, like a smartphone, you can make it harder to hack into your email. There are many 2FA options, from SMS to authentication apps from Google and others.
- Strip metadata headers. Every email contains metadata about you, such as your web browser, device, and even recipients. The Secure Email Service removes header metadata for the privacy of senders and recipients.
- Server location. Not all countries are privacy friendly. Some have data retention laws that require your personal data to be stored for a certain period of time. The US, UK, Canada and Australia are members of the Five Eyes intelligence network. They share signals intelligence data and are one of the worst places to sign up for a secure email provider.
Other features are mostly optional and depend on your personal needs.
Secure email providers compared
How does secure email work?
The defining characteristic of secure email is end-to-end encryption. This means that mail services or third parties cannot decrypt your messages – only the recipient can do so. Instead, any regular email provider like Google can read your emails (they’re already scanning them for keywords!) and make them easier for hackers to get their hands on.
PGB and S/MIME are the most common encryption choices. PGP combines symmetric and asymmetric encryption, while S/MIME uses certificates that must be signed by a local or public certificate authority. Using a certificate ensures that you are the sender of the email and no one has tampered with it.
Thanks to encryption, neither hackers nor governments can snoop on your messages or metadata, such as email addresses.
As mentioned above, transport-level encryption ensures that your messages travel securely over the network. However, it alone is not enough to ensure secure mail delivery, as providers can see the unencrypted version of the mail after it reaches their servers. TLS is the successor to SSL, although the latter is still used. It is implemented on top of TCP (Transmission Control Protocol) and can encrypt not only email (IMAP, SMTP) but also other protocols such as HTTP or FTP. Unfortunately, it’s still not used in all mail services. To the average user, this may not be obvious because, contrary to web browsers that display a green lock or similar, there is no easy way to know when transport-level encryption has been implemented when using email.
End-to-end encryption ensures that neither your mail provider nor any other third party can decrypt your messages. Only you and the recipient have the public and private keys needed to open it.
End-to-end encryption works as follows:
You encrypted the message with your friend’s public key – now it can only be decrypted with your friend’s private key. Your encrypted message travels through the server until it reaches your friend. In turn, he or she decrypts your message using the private key.
PGP (Pretty Good Privacy) email encryption
PGP email encryption combines hashing, symmetric encryption, and public key encryption without requiring users to exchange private keys. The secure mail service does all the work behind the scenes, so you don’t have to worry about the ins and outs.
Here’s how PGP works:
After PGP generates the session key, the recipient’s public key encrypts it. Now the sender sends this encrypted session key and the receiver decrypts it with his or her private key. Finally, the receiver uses the unencrypted session key to read the message.
Why use a secure email service?
If you have read this article, the advantages of using a secure mail provider should be obvious to you. However, if you’re still in doubt, be sure to review the following parameters before returning to Gmail:
- Protect your message. Gmail, Hotmail, and other mainstream services don’t encrypt your mail after it reaches their servers. This means they can read them and makes it easier for hackers to read too.
- Hide your metadata. If your regular mail service encrypts your messages, that doesn’t mean the headers with metadata are automatically hidden. It usually includes your and recipient’s email address, device, browser and network.
- Don’t be a product. If your email is awesome but free, chances are you’re the product. Still, few users know that Gmail actively scans your mailbox for keywords and uses them to display personalized ads. That way, by using Gmail, you’re helping Google monetize your data.
- Store your messages in a privacy-friendly location. The U.S. and any Fourteen Eyes intelligence-sharing country may one day decide to check your inbox. If the provider’s servers are located in one of these countries, doing so is much easier than visiting some nuclear bunkers in Switzerland (see the ProtonMail section above).
Finally, always remember that your mail service is as secure as the password you choose. All the end-to-end encryption and no-logs policies are all over the place if someone can crack your password in minutes.
Is Gmail a secure service provider?
Gmail uses standard Transport Layer Security (TLS) encryption to protect email in transit. If you’re emailing someone whose provider also supports TLS, your email conversion is protected. However, once the email arrives in the mailbox, the provider can see the content of your email.
Why should I need to encrypt my emails?
Email is often used to send confidential information, so its security is paramount. However, email as a method of sending messages hasn’t evolved much since its inception. This means your emails can be tricked or read by nosy people in a number of ways.
Do you need a service provider to encrypt your email?
No, you don’t need a registered service provider to encrypt your email. It can be done manually. One of the most popular methods is PGP, but you need to have everyone you communicate with set it up in their email. It’s much easier to use an end-to-end encrypted email provider.
What could happen if a hacker took over my email?
Every email a hacker sends from your account is from you. This can put your reputation at risk, especially when combined with a money transfer request. Your other online accounts also rely on the security of your email. So taking over your email account means taking over most of your online identity.
How do I know that someone read my private emails?
While there are some obvious signs that your email has been hacked, it’s much harder to determine if someone has read your email. Imagine a police officer expressing interest in your communication. What’s preventing them from asking your email provider for backdoor access to the content of your messages? The only way to ensure that unintentional readers don’t read your emails is to use end-to-end encryption.