ProtonMail Review: Free Secure Email Service

ProtonMail offers secure, encrypted email for free

ProtonMail
Proton Technologies AG

Email encryption is supposed to be easy, but as users will tell you, it's not. You have to create keys for the cipher and maintain a list of others. You have to remember to click the "encrypt" button and contend with the fact that secure emails are typically not searchable. You have to keep track of keys and programs for decryption, plus some arcane password. Even so, having emails safely encrypted — end-to-end — is so useful that it should be worth the trouble and effort. That's where ProtonMail steps in as an easier-to-use solution.

ProtonMail offers free, end-to-end encrypted email through a web interface and mobile apps. Exporting emails or accessing them by any other means is challenging, though, and ProtonMail could offer more productivity features. Users get 500 MB online storage; paid accounts include up to 20 GB.

Email Encryption: Why It's So Difficult

There are good reasons for internet email's troubled history with cryptography. An email that you send from your email program or browser is delivered to the recipient's email server, where that person picks it up. Between you and the recipient, though, other servers might be passing along the message.

Getting your email program and the servers to establish a secure connection and send all data in encrypted form is relatively easy. If somebody collects the raw data as it is sent — say, using an unsecured Wi-Fi connection or a hacked router — all they see is garbage.

Emails are usually stored unencrypted on both ends, though, and possibly on your mail (IMAP) servers as well. Enforcing or just verifying that mail servers do use encryption among themselves can be difficult, too. Any server between you and the recipient can be used to capture the unencrypted message.

What Is End-to-End Encryption?

With end-to-end encryption, the message is encrypted as soon as you send it, and it's only decrypted when the recipient opens it. Because the message can be unlocked only with the recipient's own personal key, nobody in between can decrypt it. ProtonMail employs this method.

All that might sound a bit confusing, but using Tor need not be any different than installing a special browser, a Tor-enabled version of Mozilla Firefox.

Sending and Receiving Encrypted Email in ProtonMail

If you exchange emails with another ProtonMail user, the messages are automatically encrypted with their key in your browser or smartphone app, and deciphered only when the recipient opens them.

When you send a message to an email recipient who does not use ProtonMail, you get the option to encrypt it with a password. The recipient can pick up the message using the ProtonMail web interface and that password. From that same interface, they can reply with an encrypted message using your ProtonMail key as well.

All this works most transparently and, as far as one can tell, with utmost precautions to keep the system secure. Unfortunately, you can't currently export your PGP key from ProtonMail.

Organizing and Finding Emails With ProtonMail

On the receiving end, ProtonMail offers the useful basics in its web interface: the folders you would expect (including Archive and Spam) and color-coded labels you can use to categorize mail; stars to make mail stand out; and rules that can perform a few actions, such as labeling mail. (Free accounts are limited to one custom rule.)

If you like, you can set up ProtonMail to group emails in threads, and you can filter folders quickly for only unread messages.

Speaking of selecting and discovering: ProtonMail does offer email search, of course, but the fields you can search for are restricted to the message headers such as senders, subjects, dates, and so on. Encryption prevents ProtonMail from searching message bodies.

Sending Messages With ProtonMail

When you send a new message or reply to one, ProtonMail offers all the convenience and features you'd expect: a nice rich-text editor and encryption of all attachments and inline images.

ProtonMail's cryptography brings another benefit: You can set emails to self-destruct. Such messages disappear at a time you specify.

Unfortunately, ProtonMail offers little help with composing messages. You cannot set up templates or text snippets, for example, and ProtonMail does not suggest text, times, or recipients. There's no auto-responder function, either.

Whether you compose, read, or file mail, you can probably make ProtonMail do your bidding with a swift keyboard shortcut.

Accessing ProtonMail: The Web and Mobile Apps

If you think using your favorite email program with ProtonMail might help with some of the productivity shortcomings, you're out of luck.

That all email text exists only in encrypted form inside ProtonMail makes simple IMAP or POP access pointless. Messages would have to be decrypted seamlessly but in a secure manner on your computer, then fed to the email program, which is currently not available.

Conversely, ProtonMail cannot collect mail from your existing email accounts, and you cannot set it up to send mail using any of your existing email addresses either.

Outside the very attractive web interface, ProtonMail offers very functional apps for iOS and Android.

The Bottom Line

The pros and cons of ProtonMail illustration with 3 pros and 3 cons listed
Maritsa Patrinos @Lifewire

If you frequently need to encrypt your email, ProtonMail is a decent solution — not perfect, but arguably the best way available as of late 2018 to manage secure email.

What We Like:

  • Easy, secure encryption is baked right into the service; messages are password-encrypted and sent via regular email.
  • You can set emails to expire.
  • Apps for iOS and Android let you access ProtonMail swiftly on any device.

What We Don't Like:

  • ProtonMail does not offer IMAP or POP access and cannot collect mail from other accounts.
  • Two-factor authentication could improve security even further.
  • You cannot export your PGP key.
  • ProtonMail isn't the best at organizing mail or suggesting replies.