ProtonMail Review - Free Secure Email Service

ProtonMail
ProtonMail's web interface offers easy to use, free and secure email. Proton Technologies AG

The Bottom Line

ProtonMail offers free, end-to-end encrypted email through a web interface and mobile apps.
Exporting emails or accessing them by any other means is challenging, though, and ProtonMail could offer more productivity features itself.

Pros

  • ProtonMail offers easy and secure encryption within the system, password-encrypted messages by regular email
  • You can set emails to expire as well
  • Apps for iOS and Android let you access ProtonMail swiftly on devices

    Cons

    • ProtonMail does not offer IMAP or POP access and cannot collect mail from other accounts
    • 2-step authentication could improve security even further, and you cannot export your PGP key
    • ProtonMail could be more helpful organizing mail and suggesting replies

    Description

    • ​ProtonMail offers free, encrypted email with 500 MB online storage; paid accounts include up to 20 GB.
    • Emails between ProtonMail users are automatically and transparently encrypted right at the time of delivery and only decrypted at the recipient's machine when opened.
    • No deciphered and readable copy is left at any server. Unencrypted emails you receive at ProtonMail are stored in encrypted form only as well.
    • Access through an Onion site using the Tor network further anonymizes traffic to ProtonMail, allows you to access it where opening the ProtonMail site may be blocked, and adds two further layers of end-to-end encryption.
    • For email to users outside its system, ProtonMail offers to encrypt the message's content to be opened and deciphered with a shared password. The recipient needs to open the actual message using the ProtonMail web interface, which allows them to reply in a securely encrypted a manner as well.
    • Emails sent from ProtonMail within the system or using password encryption can be set to self-destruct; past their expiration date, messages disappear from the ProtonMail system and are no longer accessible.
    • Since its servers are exclusively located in Switzerland, email in the ProtonMail system is protected—as far as such protection reaches—by the mountainous and neutral European country's information privacy laws.
    • ProtonMail does not collect personal information when an account is created, and the IP address from where you created the account is not saved, so you can set up a for all intents and purposes anonymous address.
    • Using (color-coded and custom-called) labels, you can categorize and organize mail flexibly; traditional email folders are not available, though.
    • Using the venerable SpamAssassin for spam filtering, ProtonMail can keep your inbox mostly clear of junk mail with very few false positives.
    • In addition, ProtonMail lets you set up filters that mark, move or label mail and maintain black as well as white lists of senders. (Free accounts are limited to 1 filter.)
    • Handy keyboard shortcuts—consisting mostly of but one key to press—make the ProtonMail web application a snap to operate.
    • ProtonMail can also make use of the browser to send new mail notifications to the desktop, albeit not in much discriminatory a manner; the mobile apps also can alert you to new mail, of course.
    • ProtonMail lets you send plain or richly formatted text, attachments and inline images, all safely encrypted.
    • You can search for senders, recipients, subjects, dates and other header fields; since actual message texts and attachments are encrypted, ProtonMail does not search these, though.
    • ProtonMail employs time-tested PGP for high-grade encryption and maintains the open source OpenPGP.js library for use of OpenPGP in browsers.

    ProtonMail - Expert Review

    Do you encrypt your emails? However simple it's supposed to be, encrypted email is never easy.

    One has to create keys for the cipher and maintain a list of others'; one has to think of clicking the "encrypt" button and remember secure emails are typically not searchable; one has to always keep keys and programs for decryption—and that arcane password, too; one has to deal with changing email addresses, and…

    Yet, having emails safely encrypted—end-to-end—is so useful it should be worth some trouble and effort; "should be", because realistically and barring special circumstances, it is not.

    That's where ProtonMail thinks it can step in.

    Encrypted Email is Hard

    ProtonMail is a free email service that makes secure and encrypted email reasonably easy to use, as easy as is possible with email, for there are good reasons for Internet email's troubled history with cryptography.

    If you send an email from your email program or browser, it is delivered to the recipient's email server, where they can pick it up. In between you and the recipient may be other servers that hand on the message.

    To have your email program and the servers to establish a secure connection and send all data in encrypted form is relatively easy. If somebody collects the raw data as it is sent, say using an unsecured Wi-Fi connection or a hacked router maybe, all they get is garbage.

    On your computer and the recipient's, the emails are usually stored unencrypted, though, and possibly on your mail (IMAP) servers as well. It is also hard to enforce or just verify that mail servers do use encryption amongst themselves. Any server in between you and the recipient can also still be used to capture the unencrypted message.

    What Is End-to-End Encryption?

    With end-to-end encryption, the message is encrypted as soon as you click send and only decrypted when the recipient opens it. Since the message can only be unlocked with the recipient's very own and personal key, nobody in between can decrypt it.

    This is what ProtonMail employs.

    If you access ProtonMail not through the regular Internet you know but through the anonymizing Tor network, this adds another two layers of end-to-end encryption making it ever more difficult to snoop on your emails. In addition, Tor anonymizes your internet traffic, so you can access ProtonMail from areas and networks that prohibit you from opening the regular ProtonMail web site.

    All that may read a bit confusing, but using Tor need not be any more different than installing a special browser, a Tor-enabled version of Mozilla Firefox.

    Sending and Receiving Encrypted Email

    If you exchange emails with another ProtonMail user, the messages are automatically encrypted with their key in your browser—or smartphone app—, and only deciphered when the recipient opens them.

    When you send a message to an email recipient who does not use ProtonMail, you get the option to encrypt it with a password. The recipient can pick up the message using the ProtonMail web interface and that password. From that same interface, they can reply in encrypted manner—using your ProtonMail key—as well.

    All this works most transparently and, as far as one can tell, with utmost precautions to keep the system secure. Unfortunately, it is currently not possible to export one's PGP key from ProtonMail.

    So much for the security. Encrypted email is still email, after all, and an email service should help you manage it.

    Organizing and Finding Emails with ProtonMail

    On the receiving end, ProtonMail offers the useful basics in its web interface: the folders you would expect (including "Archive" and "Spam") and color-coded labels you can use to categorize mail; stars to make mail stand out and rules that can perform a few actions, such as labeling mail. (Free accounts are limited to one custom rule.)

    If desired, ProtonMail groups emails in threads, and you can filter folders fast for just unread messages.

    Speaking of selecting and discovering: ProtonMail does offer email search, of course, but the fields you can search for are restricted to the message headers—sender, subject, date, etc. Encryption prevents ProtonMail from searching message bodies.

    Sending Messages with ProtonMail

    When you send a new message or reply, ProtonMail offers all the comfort and features you'd expect: a nice rich-text editor, attachments and inline images, all securely encrypted.

    ProtonMail's cryptography bring another benefit: you can set emails to self-destruct. At a specific time, such a message will disappear.

    Unfortunately, ProtonMail offers little help with composing messages. You cannot set up templates or text snippets, for example, and ProtonMail will not suggest text, times or recipients. An auto-responder is also not included.

    Whether you compose, read or file mail, ProtonMail can probably be made to heed your bidding with a swift keyboard shortcut.

    Accessing ProtonMail: the Web and Mobile Apps

    If you think using your favored email program with ProtonMail might help with some of the productivity shortcoming, you are, alas, out of luck for now.

    That all email text exists only in encrypted form inside ProtonMail makes simple IMAP or POP access pointless. Messages would have to be decrypted seamlessly but in a secure manner on your computer, then fed to the email program. This is currently not available.

    Conversely, ProtonMail cannot collect mail from your existing email accounts, and you cannot set it up to send mail using any of your existing email addresses either.

    Outside the very attractive web interface, ProtonMail offers very functional apps for iOS and Android, though.

    Visit Their Website