6 Best Services for Secure Email

Gold Bank Vault
…and only the recipient has the key to unlock your secure email's encryption. kjpargeter/Depositphotos

A secure email service is the easiest way to keep your emails private and untampered with. Not only are we talking about secure and encrypted email, we're also looking at maintaining anonymity (much more than you get with a regular free email account) and self-destructing emails.

​Here are the best secure email services you can use to send and receive encrypted email – right now.

ProtonMail
ProtonMail - Best Secure Email Service. Proton Technologies AG

With ProtonMail, all encryption and decryption happens in the browser (using JavaScript) or app (available for iOS and Android). On the ProtonMail servers (most of which are deep in a Swiss maintain bunker) are only the encrypted emails – without a key and password to decipher them. This is about the most secure email service you can hope for that is still usable.

Speaking of usable, ProtonMail feels and works like any solid modern email service. It sports, for instance, a reliable spam filter and a simple interface that still includes rich-text editing and keyboard shortcuts. To organize mail – even automatically – ProtonMail includes custom folders and labels as well as (with paid accounts) incoming email rules. Using a simple search field, you can find emails fast. ProtonMail will not let you search inside the encrypted message text, though; this would require all emails to be fetched and deciphered in the browser in real time.

You can use ProtonMail to exchange encrypted emails with anybody, not just other ProtonMail users. People who do not use ProtonMail themselves can even reply to you in encrypted form. You have to specify a password for them to decrypt the email, though. Any email sent from ProtonMail can be made to expire automatically up to 4 weeks in the future.

While ProtonMail uses the OpenPGP standard and lets you receive emails encrypted with it, you cannot access ProtonMail using SMTP and IMAP in an email program, and plug-ins for Outlook or other email clients do not exist. For more business-like appearance and use, ProtonMail lets you use the service with your own domain name.

Free ProtonMail accounts include 5 GB of online storage; extra space is available for a monthly or annual fee.

For an extra level of security and, more significantly, anonymity, ProtonMail is also accessible on the "hidden" internet using Tor and through VPNs. Two-factor authentication is also a (recommended) option.

ProtonMail Pros

  • Strong security concept
  • Productive interface
  • Apps for iOS and Android

ProtonMail Cons

  • No IMAP access
More »
02
of 07
Tutanota
Tutanota. Tutao

Tutanota (which easily could have been called "Nuntiumprotectum") is very similar to ProtonMail in its design – and, fortunately, in its security: emails are encrypted and decrypted right (and only) at your device using a private encryption key not accessible even to Tutanota.

To exchange secure emails with other Tutanota users, this is all you need. For encrypted email outside the system, you specify a message password, which recipients use to pick up the email via a web interface. That interface lets them reply securely, too.

Unlike ProtonMail, which uses OpenPGP, Tutanota uses AES and RSA for email encryption, and it cannot receive emails from outside using a standard. Tutanota servers are in Germany, and EU as well as German regulations apply.

The web interface and apps for iOS and Android are thoroughly usable including custom folders and a spam filter. Search is missing altogether, though, and you cannot send anything but plain text (and file attachments) from Tutanota or set emails to expire and destruct automatically. IMAP and SMTP access are not available, and neither are plug-ins for popular email programs.

With a paid premium account, you get to use Totanota secure email with email addresses at your own domain name, though. Free accounts come with 1 GB of storage with more available on a subscription basis.

​Tutanota Pros

  • Strong email security
  • Even free accounts include ample storage
  • Apps for iOS and Android access

​Tutanota Cons

  • IMAP access not available
  • Supports only sending of plain text emails
More »
03
of 07
Mailfence
Mailfence. ContactOffice Group sa

With Mailfence, email encryption is not the central feature; Mailfence is an email (and calendar) service that takes email security seriously, though.

What you get is an email account and web service that incorporates OpenPGP public key encryption like an email program would: you can create a key pair for your account and manage a store of keys for people you want to email securely.

That concentration on the OpenPGP standard means you can access Mailfence using IMAP and SMTP (using secured SSL/TLS connections, of course) with the email program of your choice. It also means you cannot use Mailfence to send encrypted messages to people who do not use OpenPGP and have no public key avaiable.

For online storage, a free Mailfence account nets you a mere 200 MB, though paid accounts offer ample space (together with the option to use your own domain name for Mailfence email addresses).

Unlike what is the case with ProtonMail and Tutanota, Mailfence's software is not available for inspection as open source. This detracts from the system's security and privacy. Mailfence is based in Belgium and subject to EU and Belgian laws and regulations.

Mailfence Pros

  • Fully featured email service with strong OpenPGP encryption added as a bonus

Mailfence Cons

  • Puny online storage
  • Email encryption code not available for inspection as open source
  • Cannot send encrypted email to everybody (only Mailfence or OpenPGP users)
More »
04
of 07
CounterMail
CounterMail. CounterMail.com

For those seriously concerned with email privacy, CounterMail offers a thoroughly secure implementation of OpenPGP encrypted email in a browser: a Java application does all the cryptography on your computer, and only encrypted emails are stored on CounterMail servers. So far, so high security standard.

CounterMail takes things further, though. For one, the servers (based in Sweden) have no solid hard disks. All data is stored in memory only. The moment somebody tries to tamper with the server directly, chances are the data will be irrevocably lost.

What's more, you can get your email decryption key on a USB stick. That stick is then also required to log in to CounterMail: without it, decrypting emails is impossible – even if a hacker had gotten hold of your password using key logging software or social trickery.

Of course, the added security and, alas, the need for Java make CounterMail a tad less simple and convenient to use than other secure email services. You do get IMAP and SMTP access, though, which you can use with any OpenPGP-enabled email program – including K-9 Mail on Android, for example.

The OpenPGP standard lets you exchange emails from CounterMail securely with anybody else using OpenPGP – but not your average email user who cannot be bothered with key pairs and extra software for email security.

For the extra security of CounterMail's server and storage setup, you pay a little extra in additional storage costs.

CounterMail Pros

  • Very strong email security
  • IMAP access

CounterMail Cons

  • Java required to access CounterMail in browser
  • Not the easiest and friendliest secure email service to use
More »
05
of 07
Hushmail
Hushmail. Hush Communications Canada Inc.

Let us get the bad out of the way and noted: with Hushmail, email encryption keys are generated and stored on the server. That makes the service more vulnerable to attacks and enforcement. Given the password, Hushmail can decrypt all emails it has stored. If keys are only stored in enciphered form (as they are with other services such as ProtonMail or Tutanota), this is not possible.

Using a capable web interface or iOS app, Hushmail lets you exchange secure and encrypted emails easily. This works with other Hushmail users, of course, but you can also email anybody, and they will be able to read the enciphered email using a web interface and shared password.

Because Hushmail uses OpenPGP, it is possible to receive encrypted emails from outside the Hushmail system, too.

While plug-ins for Gmail, Outlook or other email programs are not available, you do get to access Hushmail accounts using standard IMAP and SMTP interfaces. Online, free accounts come with a mere 25 MB of storage (1 GB for paid accounts).

Hushmail is based in British Columbia, Canada.

Hushmail Pros

  • Easy to use web interface
  • Accessible through IMAP/SMTP
  • iOS app included

Hushmail Cons

  • Decryption on server a possibility and privacy risk
  • Free accounts include little storage
More »
06
of 07
Sendinc
Sendinc. j2 Global, Inc.

Sendinc offers a particularly simple way to send encrypted email. Oddly, that is most of what Sendinc does.

With a Sendinc account, you do not get a full secure email service like with the other offerings on this page. You get a way to send messages encrypted with "military grade" encryption (Sendinc will not say precisely which method they use). The recipient then uses their Sendinc account to read the message. If they do not have an account yet, they can set one up easily.

While you get a list of emails you sent using Sendinc, the only thing you can do is expire and destroy the messages. You cannot even open them to examine their contents. Messages from free Sendinc accounts automatically expire after a week.

If you get a (securely encrypted) reply through Sendinc, you receive it at your regular old email address – as a link to Sendinc's web interface. You get to see the decrypted message on the web and reply (or print), but the message in turn is not saved to your Sendinc account…

Sendinc (based in Texas, U.S.A. and subject to U.S. legislation) also suffers from the same limitation as Hushmail: decryption keys are stored on the server.

Sendinc Pros

  • Easy way to send secure email

Sendinc Cons:

  • Not a full email service
  • No IMAP or POP access
More »
07
of 07

Additional Steps to Keep Email Secure and Private

If you use a secure email service that offers end-to-end encryption, you have taken a huge step towards making your email truly secure and private. Congratulations! Your messages are the fruit that hang really high and are expensive to get.

To make life difficult for even the most dedicated hackers, you can take a few precautions more:

  1. Beware of keylogging software. Key-loggers capture what you type right from your keyboard – before any secure email encryption software can protect it.
  2. Do not leave your mobile devices and computers unguarded. Also, make sure your devices are themselves protected with strong passwords or biometrics and have no guest accounts or similarly unprotected access allowed.
     
  3. Be vigilant of social engineering. Phishing attempts often come by email, instant messages, VoIP or social networking messages and can be very cleverly designed (possibly tailored specifically to you) to trick you into handing out personal details, information or even passwords.
     
  4. Do not write down or share any passwords. Never make a note of the password that lets you decrypt secure emails you receive.
    Note: Also guard passwords to other email accounts or social networking accounts with particular care.
     
  5. Assume that, given enough resources, interest or time, it will be possible to hack into your every email account (even encrypted email).

    In fact, it may be even "easier" to force, trick or blackmail you so you reveal information directly or grant access to secure email accounts.