The 5 Best Secure Email Services for 2021

Encrypted email services keep your messages private

Most free email account services are fine for regular use, but if you want to be extra confident that the messages you send and receive are protected, check out the email services below. These services keep emails private, secure, and encrypted.

An encrypted email account protects your privacy. If you want more anonymity, use your secure account behind a free, anonymous web proxy server or a Virtual Private Network (VPN) service.

01
of 05

ProtonMail

ProtonMail
What We Like
  • Two-factor authentication.

  • Send password-protected messages to anyone.

  • Import CSV contact lists.

What We Don't Like
  • Can't change the default signature on free accounts.

  • Limited search abilities.

ProtonMail is a free, open-source, encrypted email provider based in Switzerland. It works from any computer through the ProtonMail website and also through Android and iOS mobile apps.

The most important feature when talking about any encrypted email service is whether or not other people can access your messages, and the answer is a solid no when it comes to ProtonMail, as it features end-to-end encryption.

Nobody can decrypt ProtonMail messages without your unique password—not even employees at ProtonMail, their ISP, your ISP, or the government.

ProtonMail is so secure that it can't recover your emails if you forget your password. The decryption happens when you log in, which means the service doesn't have a means of decrypting emails without your password or a recovery account on file.

ProtonMail also doesn't keep your IP address information. With a no-log email service like ProtonMail, emails can't be traced back to you.

The free version of ProtonMail supports 500 MB of email storage and limits usage to 150 messages per day.

Purchase the Plus or Visionary service for more email storage, email aliases, priority support, labels, custom filtering options, the ability to auto-reply, built-in VPN protection, and the ability to send more emails each day. A Professional plan is also available for organizations.

02
of 05

CounterMail

CounterMail
What We Like
  • Supports IMAP.

  • Doesn't keep IP address logs.

  • Includes Safebox, a built-in password manager.

What We Don't Like
  • Can't send encrypted emails to non-users.

  • Limited storage space.

  • One-week free trial period.

If you're seriously concerned with email privacy, CounterMail offers a secure implementation of OpenPGP encrypted email in a browser. Only encrypted emails are stored on CounterMail servers.

Additionally, the servers (which are based in Sweden) don't store emails on hard disks. All data is stored on CD-ROMs only. This method helps prevent data leaks, and the moment someone tries to tamper with the server directly, the data is likely lost.

With CounterMail, you can also set up a USB drive to further encrypt email. The decryption key is stored on the device and it, too, is required to log in to your account. This way, decryption is impossible even if a hacker steals your password.

The added physical security of the USB device makes CounterMail less simple and convenient to use than other secure email services, but you do get IMAP and SMTP access, which you can use with any OpenPGP-enabled email program, such as K-9 Mail for Android.

After the one-week free trial, purchase a plan to keep using the service. The trial includes 100 MB of space.

03
of 05

Hushmail

Hushmail
What We Like
  • Supports IMAP and POP.

  • Optional two-step verification.

  • Import contacts from a CSV file.

  • Spam filter and auto-responder.

  • Includes 10 GB of storage.

What We Don't Like
  • No free trial.

  • Only available on iOS.

Hushmail is an encrypted email service that's been around since 1999. It keeps emails secure and locked behind state-of-the-art encryption methods. Not even Hushmail can read your messages; only someone with your password can do so.

With this service, you can send encrypted messages to users of Hushmail as well as non-users who have accounts with Gmail, Outlook Mail, or other similar email clients.

The web version of Hushmail is easy to use and provides a modern interface to send and receive encrypted messages from any computer.

When creating a new Hushmail account, choose from a variety of domains to use in your address, such as @hushmail.com, @hushmail.me, @hush.com, @hush.ai, and @mac.hush.com.

There are both personal and business options when you sign up for Hushmail, but neither is free.

04
of 05

Mailfence

Mailfence
What We Like
  • Digital email signatures prove authorship.

  • Supports two-factor authentication.

  • Includes spam blocker.

  • Import contacts from Outlook, CSV files, Gmail, etc.

  • Calendar and file storage for documents.

What We Don't Like
  • Limited online storage.

  • Requires alternative email address for activation key.

  • Private keys kept on Mailfence servers.

  • Email encryption code not available for inspection.

Mailfence is a security-centric email service that features end-to-end encryption to ensure nobody but you and your intended recipient can read your messages.

The service includes an email address and web interface that incorporates OpenPGP public key encryption. Create a key pair for your account and manage a store of keys for people you want to email securely.

This OpenPGP standardization means you can access Mailfence using IMAP and SMTP with secured SSL/TLS connections through the email program of your choice. You cannot use Mailfence to send encrypted messages to people who don't use OpenPGP and have no public key available.

For online storage, a free Mailfence account provides 500 MB, while paid accounts offer ample space as well as the option to use your own domain name for your Mailfence email address.

Mailfence's software is not available for inspection because it's not open source, making it less secure and private.

Mailfence stores your private encryption key on Mailfence servers but insists it can't be read because it's encrypted with your passphrase (via AES-256), and there's no root key that would allow the service to decrypt messages encrypted with your keys.

Mailfence uses servers in Belgium, so it's only through a Belgian court order that the company can be forced to reveal private data.

05
of 05

​Tutanota

Tutanota
What We Like
  • Apps for iOS and Android.

  • Includes 1 GB of storage space.

  • Open source.

  • Supports spam filtering.

What We Don't Like
  • Alias addresses only available to paid accounts.

  • Doesn't support IMAP.

  • Can't import contacts in bulk.

Tutanota is similar to ProtonMail in its design and security level. All Tutanota emails are encrypted from the sender to the receiver and decrypted on the device. The private encryption key isn't accessible to anyone else.

This email account is all that's needed to exchange secure emails with other Tutanota users. For encrypted email outside the system, specify a password for the recipient to use when viewing the message in a browser. That interface allows them to reply securely, too.

The web interface is user-friendly; however, there's no search function, so it's impossible to search for previous emails.

Tutanota uses AES and RSA for email encryption. Servers are located in Germany, which means that German regulations apply.

Free accounts can create an email account using a Tutanota domain, while paid plans can create custom domains. Tutanota domains are: @tutanota.com, @tutanota.de, @tutamail.com, and @tuta.io.

Several features in this service are only available on paid plans. For example, the Premium edition lets you purchase up to 5 aliases, while the Teams plan expands the storage to 10 GB.

Additional Tips to Keep Email Secure and Private

If you use an email service that offers end-to-end encryption, you've taken a huge step toward making your email secure and private. To make life even more difficult for hackers, here are a few more precautions:

  • Beware of keylogging software that captures what you type on the keyboard. These programs can thwart encryption if the password is all the hacker needs to access an account.
  • Don't leave mobile devices or computers unguarded. Also, make sure devices are protected with strong passwords or biometrics and don't allow for guest accounts or similarly unprotected access. If supported, also add two-factor authentication.
  • Be vigilant of social engineering. Phishing attempts often come by email, instant messages, VoIP, or social networking messages, and can be designed or tailored specifically to you. These communications are tricks to get you to hand out personal details such as passwords and banking information.
  • Don't write down or share passwords. Never make note of the password unless you store it in a secure password manager.
Was this page helpful?