ProtonMail Review: Free Secure Email Service

ProtonMail Offers Secure, Encrypted Email for Free

ProtonMail
Proton Technologies AG

Email encryption is supposed to be easy, but as users will tell you, it's not. You have to create keys for the cipher and maintain a list of others. You have to remember to click the "encrypt" button and contend with the fact that secure emails are typically not searchable. You have to keep track of keys and programs for decryption, plus some arcane password. Yet, having emails safely encrypted — end-to-end — is so useful that it should be worth the trouble and effort. That's where ProtonMail steps in as an easier-to-use solution.

ProtonMail offers free, end-to-end encrypted email through a web interface and mobile apps. Exporting emails or accessing them by any other means is challenging, though, and ProtonMail could offer more productivity features. Users get 500 MB online storage; paid accounts include up to 20 GB.

Email Encryption: Why It's So Difficult

There are good reasons for the internet email's troubled history with cryptography. If you send an email from your email program or browser, it is delivered to the recipient's email server, where they can pick it up. Between you and the recipient might be other servers that hand on the message.

Getting your email program and the servers to establish a secure connection and send all data in encrypted form is relatively easy. If somebody collects the raw data as it is sent — say, using an unsecured Wi-Fi connection or a hacked router — all they get is garbage.

The emails are usually stored unencrypted on both ends, though, and possibly on your mail (IMAP) servers as well. Enforcing or just verifying that mail servers do use encryption among themselves can be difficult, too. Any server in between you and the recipient can be used to capture the unencrypted message.

What Is End-to-End Encryption?

With end-to-end encryption, the message is encrypted as soon as you send it, and it's only decrypted when the recipient opens it. Because the message can be unlocked only with the recipient's own personal key, nobody in between can decrypt it. This is the method ProtonMail employs.

All that might sound a bit confusing, but using Tor need not be any more different than installing a special browser, a Tor-enabled version of Mozilla Firefox.

Sending and Receiving Encrypted Email in ProtonMail

If you exchange emails with another ProtonMail user, the messages are automatically encrypted with their key in your browser or smartphone app, and deciphered only when the recipient opens them.

When you send a message to an email recipient who does not use ProtonMail, you get the option to encrypt it with a password. The recipient can pick up the message using the ProtonMail web interface and that password. From that same interface, they can reply in with an encrypted message using your ProtonMail key as well.

All this works most transparently and, as far as one can tell, with utmost precautions to keep the system secure. Unfortunately, it is currently not possible to export one's PGP key from ProtonMail.

Organizing and Finding Emails With ProtonMail

On the receiving end, ProtonMail offers the useful basics in its web interface: the folders you would expect (including Archive and Spam) and color-coded labels you can use to categorize mail; stars to make mail stand out; and rules that can perform a few actions, such as labeling mail. (Free accounts are limited to one custom rule.)

If you like, you can set up ProtonMail to group emails in threads, and you can filter folders quickly for only unread messages.

Speaking of selecting and discovering: ProtonMail does offer email search, of course, but the fields you can search for are restricted to the message headers such as senders, subjects, dates, etc. Encryption prevents ProtonMail from searching message bodies.

Sending Messages With ProtonMail

When you send a new message or reply to one, ProtonMail offers all the convenience and features you'd expect: a nice rich-text editor, and encryption of all attachments and inline images.

ProtonMail's cryptography brings another benefit: You can set emails to self-destruct. Such a message will disappear at a time you specify.

Unfortunately, ProtonMail offers little help with composing messages. You cannot set up templates or text snippets, for example, and ProtonMail will not suggest text, times, or recipients. There's no auto-responder function, either.

Whether you compose, read, or file mail, ProtonMail you can probably make ProtonMail do your bidding with a swift keyboard shortcut.

Accessing ProtonMail: The Web and Mobile Apps

If you think using your favorite email program with ProtonMail might help with some of the productivity shortcomings, you're out of luck.

That all email text exists only in encrypted form inside ProtonMail makes simple IMAP or POP access pointless. Messages would have to be decrypted seamlessly but in a secure manner on your computer, then fed to the email program. This is currently not available.

Conversely, ProtonMail cannot collect mail from your existing email accounts, and you cannot set it up to send mail using any of your existing email addresses either.

Outside the very attractive web interface, ProtonMail offers very functional apps for iOS and Android.

The Bottom Line

If you frequently need to encrypt your email, ProtonMail is a decent solution — not perfect, but arguably the best way to manage secure email currently available.

What We Like:

  • Easy, secure encryption is baked right into the service; messages are password-encrypted and sent via regular email.
  • You can set emails to expire.
  • Apps for iOS and Android let you access ProtonMail swiftly on any device.

What We Don't Like:

  • ProtonMail does not offer IMAP or POP access and cannot collect mail from other accounts.
  • Two-factor authentication could improve security even further.
  • You cannot export your PGP key.
  • ProtonMail isn't the best at organizing mail or suggesting replies.