Email encryption is the process of converting plain text email messages into a coded format that is unreadable by anyone except the intended recipient
The encoded message is then decoded by the recipient using a decryption key, which allows them to read the original message. Email encryption is used to protect the privacy and security of email communications by preventing unauthorized access to the contents of the message. In today’s digital age, where most of the communication is done via electronic means, the use of encryption has become a necessity to protect personal, business and sensitive information. It helps to protect the confidentiality and integrity of the communication and ensures that the message is only read by the intended recipient.
Historically, email was not designed with encryption in mind. It was designed to be simple, fast, and easy to use, and encryption was not a requirement. But the implication of an unencrypted email is that the message which includes personal, financial, or other sensitive information can be intercepted and read by anyone (ISP employees, spy agencies, or malicious actors) with access to the network or servers through which the message is sent, thereby compromising the privacy of the sender and recipient.
However, with the increasing awareness of the importance of data security and privacy; and in some cases, regulatory requirements, more and more email providers are starting to offer encryption options for their users, either as a built-in feature or via third-party add-ons. In this article, we’re going to review the 7 best email encryption services out there. Hopefully, this will guide you in choosing the right one for your organization.
The best Email Encryption Services
1. ProtonMail
ProtonMail is an end-to-end encrypted email service founded in 2013 in Switzerland. Switzerland is particularly noted for its strong privacy laws. ProtonMail uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Yahoo Mail.
ProtonMail uses a combination of public-key cryptography and symmetric encryption protocols such as AES, RSA, and OpenPGP to offer end-to-end encryption and keep your messages safe from prying eyes. The service also offers a built-in VPN service for added security. Users can also send encrypted messages to non-ProtonMail users through the use of a secure passphrase or a secure link.
ProtonMail requires users to create and log in with a two-password mode: a login password and a mailbox password. The login password is used for authentication; while the mailbox password encrypts the user’s mailbox that contains received emails, contacts, and user information as well as a private encryption key. The decryption takes place on the client-side either in a web browser or in one of the apps. The public key and the encrypted private key are both stored on Proton Mail servers. This makes it difficult for ProtonMail to access user emails or reset user mailbox passwords.
ProtonMail offers the following pricing plans:
- ProtonMail Free: ProtonMail free plan comes with the same security and ease of use as our paid plans but with limited storage and features.
- ProtonMail Plus: ProtonMail Plus is the basic paid plan that comes with a number of advanced features for your everyday communication. It offers more storage and advanced features
- Proton Unlimited: Proton Unlimited is our great value bundle that gives you all our services in one easy subscription: ProtonMail, Proton Calendar, Proton Drive, and Proton VPN.
They also offer custom enterprise plans for businesses with specific needs. The licensing model is based on the number of email addresses and storage required. A free account is available on signup.
2. Tutanota
Tutanota is a secure email service provider based in Germany. It offers encrypted email communications and emphasizes privacy and security. Tutanota also offers end-to-end encryption for emails sent from one Tutanota user to another, which means that only the intended recipient can read the message. The service is advertisement-free and mostly relies on donations and premium subscriptions.
Tutanota utilizes multiple layers of encryption to protect the privacy of its users. The service operates on the principle of end-to-end encryption, which means that emails and attachments are encrypted on the sender’s device before they are sent to the recipient. This ensures that only the intended recipient can access and read the message. Additionally, all data, including emails and attachments, are encrypted on Tutanota’s servers, adding an extra layer of security. Tutanota also implements strong password protection and offers two-factor authentication for added security. Furthermore, Tutanota’s software is open-source, allowing security experts to review the code and identify any vulnerabilities, making it a trustworthy and secure email service.
Tutanota offers both free and paid licensing options. The free plan is strictly for private communications and includes one free email account, 1 GB of storage, limited search functionality, and support for custom domains. The paid plans, known as Tutanota Premium, Teams, and Pro, offer additional features such as more storage, advanced search, custom domains, and encrypted calendars and contacts. All plans come with end-to-end encryption of all data, ad-free emailing, and support for mobile and desktop devices. A free account is available on signup. Because of security reasons and for keeping the service free, Tutanota deletes free accounts that have not been logged into for 6 months.
3. Hushmail
Hushmail is a Canadian-based secure email service that provides PGP-encrypted email and vanity domain service to individuals and businesses. Hushmail also offers a secure webmail interface and supports popular email clients such as Microsoft Outlook and Apple Mail, making it easy for users to access their encrypted email from anywhere. Hushmail also has a strong privacy policy that does not allow logging or monitoring of user activity. The company makes it clear that “it will not release any user data without a court order from the Supreme Court of British Columbia, Canada, and that other countries seeking access to user data must apply to the government of Canada via an applicable Mutual Legal Assistance Treaty”.
Hushmail works by providing encrypted email communication to ensure the privacy and security of email communication. When a user sends an email using Hushmail, the email and its contents are encrypted using industry-standard encryption methods, making it difficult for anyone other than the intended recipient to read the email. To access a Hushmail account, users must enter a unique password, which is used to decrypt the email and its contents. This added layer of security makes it much more difficult for unauthorized individuals to access a user’s email.
Hushmail offers both personal and business plans, with various features and pricing options. The personal plan includes 2GB of storage, support for custom domains, and a secure webmail interface. The business plans are tailored towards Healthcare, Small Business, Law, and also includes custom solutions. The business plan offers features such as increased storage, custom branding, and priority support. Pricing for Hushmail business plans varies based on the number of users and the specific needs of the organization.
4. Posteo
Posteo is a German privacy-focused email provider that offers encrypted email services and data storage. Posteo is known for its strong commitment to protecting users’ privacy and security; and its high standard security features and relative anonymity as it does not require any private information in the registration process. Posteo offers support for PGP through Mailvelope in the web interface. Additionally, they offer two-factor-authentication via time-based one-time password (TOTP) and use Extended Validation certificates and HTTP Public Key Pinning (HPKP) for the HTTPS connection.
Posteo secures email through the following security mechanisms:
- End-to-end encryption: Email content is encrypted before it is transmitted and decrypted by the recipient, ensuring that only the intended recipient can read the email.
- SSL/TLS encryption: All connections to the Posteo server are encrypted with SSL/TLS, preventing eavesdropping and tampering of data in transit.
- No tracking: Posteo does not track or log IP addresses or other information that could be used to identify users.
- Data protection: Posteo stores data on encrypted hard drives and implements regular backups to ensure data safety.
- Two-factor authentication: Posteo supports two-factor authentication, adding an extra layer of security to user accounts.
- Open source software: Posteo uses open-source software, allowing security experts to review the code and identify potential vulnerabilities.
Posteo is licensed as a paid service. All paid plans include features such as end-to-end encryption, SSL/TLS encryption, no tracking, data protection, expanded storage and support for multiple email addresses. You can sign up here for your Posteo email account.
5. Mailfence
Mailfence is a privacy-focused encrypted email service provider based in Belgium. It offers OpenPGP based end-to-end email encryption service. The platform implements various measures to ensure the privacy and security of user data, including end-to-end encryption, SSL/TLS encryption, data protection, two-factor authentication, spam protection alongside plus addressing, sender address blacklist and whitelist. The service also supports POP/IMAP and Exchange ActiveSync as well as vanity domains with SPF, DKIM, DMARC and catch-all address support.
End-to-end encryption ensures that the content of emails is encrypted before it is transmitted, and can only be decrypted by the recipient. This helps to prevent unauthorized access to email content and ensures that only the intended recipient can read the email. SSL/TLS encryption is used to encrypt all connections to the Mailfence server, protecting against eavesdropping and tampering of data in transit. Data protection is also a key feature of Mailfence, with data stored on encrypted hard drives and regular backups to ensure data safety.
Two-factor authentication adds an extra layer of security to user accounts, making it more difficult for unauthorized users to access a user’s email account. In addition to these security features, Mailfence also offers a range of additional services, including digital signature and encryption capabilities, and a secure online document collaboration platform. These services help to provide a complete, secure, and private email experience for Mailfence users.
6. FastMail
FastMail is a paid email hosting service that provides users with a secure and private email platform. It offers features such as calendar and contact management, task management, custom domains, and two-factor authentication. FastMail is known for its privacy and security, as well as its user-friendly interface and fast, reliable service.
FastMail works by providing users with a web-based email platform that can be accessed from any device with an internet connection. When you sign up for a FastMail account, you get a unique email address and password that you can use to log in to the service. Once logged in, you can access your email, calendar, contacts, and other features. FastMail uses advanced security measures to protect your data, including encryption and two-factor authentication. All email and other data is stored on FastMail’s secure servers, which are regularly backed up to ensure the safety of your information. To use FastMail, you simply log in to your account, compose and send messages, and manage your email, calendar, and contacts.
FastMail offers a range of pricing plans for individuals and businesses. The following are FastMail’s current licensing and price plans:
- FastMail Basic: Privacy-first email, calendars, and contacts
- FastMail Standard: The best features for home or work
- FastMail Professional: Email retention archive and pro options
All plans offer a 30-day free trial, and there’s no obligation and no credit card required to try it.
7. Runbox
Runbox is an email hosting service that provides users with secure, private, and reliable email services. The company is based in Norway, which is known for its strong privacy laws, and Runbox is committed to protecting the privacy of its users. Runbox is known for its privacy and security, as well as its user-friendly interface and excellent customer support. It offers features such as webmail access, calendar and contact management, spam and virus protection, and custom domains.
Runbox works by storing email messages on Runbox’s servers and delivering them to users’ email clients (Outlook, Gmail, Apple Mail) when they check their email. Users can access their email through a web interface or by configuring their email client to retrieve messages from Runbox’s servers using IMAP or POP. Runbox provides a secure email service by implementing the following security measures:
- Encryption: Runbox uses encryption to protect email messages in transit and at rest. Email messages are encrypted using Transport Layer Security (TLS) when they are sent and received, and they are stored in an encrypted format on Runbox’s servers.
- Limited data collection: Runbox collects only the minimum amount of personal data necessary to provide its email services. This includes users’ names, email addresses, and payment information.
- Data sharing: Runbox does not sell or share users’ personal data with third parties, except in limited circumstances where it is required by law or necessary to provide its services.
- Email content protection: Runbox does not access or store the content of users’ email messages, except in limited circumstances where it is necessary to provide its services (e.g. spam filtering).
- Spam and virus filtering: Runbox uses advanced filtering techniques to detect and block spam and virus-infected email messages.
These measures help ensure that users’ email data is protected from unauthorized access, theft, and other security threats. Various pricing plans are available to suit the needs of individuals, families, and businesses. A free 30-day trial is available on request.
Hello,
I have heard that Tutonota claims to be the only email service that encrypts the subject line as well as the body of the email. This is an important feature to sending emails securely so I don’t know why the others don’t do this. Or do they??? I tried to set up a free account with Tutanota to try it out. I’m glad I didn’t pay for it because even though I set up an account with an new email address, they are telling me the address is not on file. To me, that’s weird and I am getting nowhere in establishing an account with them. I’ve tried more than once. Does Proton Mail offer subject line encryption?
Okay, here’s a clarification from Proton Mail: “All Proton Mail data at rest and in transit is encrypted. However, subject lines in Proton Mail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end-to-end encrypted.” Please link below for more information: https://proton.me/support/does-protonmail-encrypt-email-subjects