The 3 Most Secure & Encrypted Email Providers Online

Ads by Google

encrypted email providersWe use email to send close personal secrets, negotiate business transactions and do everything else in between. But most email is sent in plain text and stored in an easily readable format. Encrypted email providers offer more privacy. Your emails will be encrypted in transmission and on the server’s storage, so no one but you and your intended recipients can read them.

Encrypted email providers come in a variety of forms. Some are entirely web-based applications, some are desktop applications and some plug into your existing email account and add a layer of encryption.

Hushmail

Hushmail, which we’ve mentioned in the past, is one of the most widely-known encrypted email providers. With a Hushmail account, your email is stored in encrypted form and decrypted with your password when you log in. Email sent between Hushmail users is encrypted and decrypted automatically. If you’re emailing someone else, you can use a secret question that person must answer to decrypt your email.

screenshot_01

Your recipient will get an email with a link they can click. The link takes them to Hushmail’s website.

encrypted email

After clicking the link, they must answer the question to view the encrypted email.

encrypted email

Let’s get this out of the way. In 2007, Hushmail was subject to a court order and turned over emails from three email accounts. How did they do this, if the email is encrypted? They modified their system to capture the specific users’ passwords. In an refreshingly honest interview with Wired’s Threat Level blog, Hushmail CTO Brian Smith said that:

Ads by Google

“[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.”

encrypted email

Some people opt for other encrypted email providers over Hushmail because of this, but each of them could also be forced to modify their system and capture your decryption key. The only solution is using Enigmail or a similar program, which is the do-it-yourself alternative. If you did use such a program, many governments could legally compel you to turn over your encryption key, anyway.

VaultletMail

VaultletMail, part of the VaultletSuite set of programs, is a desktop program instead of a web app. If both users are using VaultletMail accounts, email messages are fully encrypted in transmission. If you want to email a user using a different email service, you can use VaultletMail’s SpecialDelivery system.

vaultletmail

SpecialDelivery allows a receipient to create a secure passphrase, which they can use to decrypt all future emails sent from your VaultletMail account.

encrypted secure email

VaultletMail offers a lot of control. It can prevent recipients from forwarding, copying, printing or quoting specific emails. It can set an expiration time, after which the message will self-destruct from your recipient’s VaultletMail inbox. You can even send messages from an anonymous email address, providing deniability. We’ve covered VaultletMail and its features extensively in the past.

Enigmail

Enigmail is a free extension for Mozilla Thunderbird – you’ll also find similar plug-ins available for other popular email programs. To use Enigmail, you’ll have to install both the Enigmail extension for Thunderbird and the GNU Privacy Guard software for your operating system.

After you install Enigmail, you’ll find a setup wizard under the new OpenPGP menu in Thunderbird. The wizard will walk you through the setup process, including creating or importing a public and private key pair.

encrypted secure email

By default, messages are only digitally signed, which lets recipients know the email is actually from you. You’ll have to select the “Encrypt This Message” option under S/MIME in the email-composing window to enable email encryption.

screenshot_07

You’ll have to exchange keys with the people you’ll communicate with, so the setup process is a bit complex – this is the traditional way of sending encrypted email. The advantage is that you can use Enigmail with an existing email provider, such as Gmail. You don’t have to set up a new email account. FireGPG, a popular Firefox extension, used to let you do this from your web browser, but it’s no longer being developed and its Gmail support no longer works.

Conclusion

Another option is using a file encryption program and sending encrypted messages and files as email attachments, which your recipient can then decrypt.

While encryption can help protect your privacy, it isn’t a silver bullet that can protect you from the government — even if you’re using an alternative to Hushmail or doing your own encryption with Enigmail. As XKCD once illustrated, encryption is more easily breakable than you think:

encrypted email providers

Let us know in the comments what email encryption program you use.

Image Credits: Letter and Key Image via Shutterstock, XKCD

Ads by Google
From the Web

28 Comments - Write a Comment

Reply

Matt

Enigmail is GREAT! I have used it for years. It definitely takes the pain out of using GnuPG. Thanks!

Chris Hoffman

You’re welcome! I definitely knew I had to include Enigmail.

Reply

Anonymous

 Good to know about the  3 Most Secure & Encrypted Email Providers Online.

Reply

Chris Hoffman

That’s a good point. It isn’t free, though. These services are.

Reply

Chris Hoffman

Thanks for the recommendation. We tried to focus on free services, which is why many couldn’t be included.

Reply

blonde

I always email my prescription and never had any problem with it.  ;)

Reply

Michel

The most secure email service is Countermail. It covers some of the vulnerabilities and limitations that Hushmail has.

Some differences:
* CM does not log IPs. Whatsoever.
* CM has 100% MITM-protection.
* CM has the ability to use double authentication.
* CM stores all incoming and outgoing mail encrypted.

Your solution in the article above to use Enigmail and so on has some huge limitations. For instance, enigmail does not provide good protection if the attacker has physical access to the computer (ie search & seize order) and depending on mail provider used with Enigmail the ip-address is revealed to the recipient.

Chris Hoffman

Thanks for sharing, Michel. That sounds like a great service.

It costs money after the first month, though, and we try to focus on free services. That made writing the post hard — I had to pass up some high-quality options.

Still, if you really need encrypted mail, it may be a good idea to shell out some cash. (Then again, doesn’t that create a paper trail? That could also be a concern.)

smadha danyew

actually, if you dont log in to hushmail on a regular basis (they say 3 weeks, but it is more like a week) they lock you out and charge you to reopen it… CRAPPY!!

Chris Hoffman

Wow, really? That really sucks.

Reply

BL

Is Enigmail transparent to the recipient if they don’t have the tool? How does the key exchange process work? Will they need to install something on their end?

I’m trying to look for free options that allow me to send / receive encrypted emails but my recipient has certain restrictions on the tools that she can download.

Chris Hoffman

Enigmail isn’t transparent to the end user. They’ll need Enigmail installed, too.

The other options in the article can be sent to a user without a special email account or software, though.

BL

Which service would you recommend the most? I was leaning towards the free version of Vaultlet Mail but it does not provide me with the attachment size limits that I need. Enigmail is not an option for me as my recipient won’t be allowed to download anything.

Would Hushmail be secure enough to transfer files of sensitive nature to another person?

I’ve also read a little bit about eCrypt Me, but I guess is free to try but has a monthly fee subscription of $8.

Chris Hoffman

I’d lean towards Hushmail, if it has the file-size limits that work for you. Some people are paranoid about Hushmail, but I dealt with the concerns about it in the post.

I haven’t used any paid options, so I can’t really comment on those. But it was hard to find enough free options to round out the article.

BL

Thanks a lot!

Henry

CryptoHeaven http://cryptoheaven.com works similarly to Hushmail, but offers more features. It does have a free option although it is not advertised on the website. When creating new account, leave the “activation code” blank and it will create a free account with limited storage.

Chris Hoffman

Very interesting! I might have included CryptoHeaven if they advertised that.

Thanks for chipping in.

Reply

BL

Do recipients of emails sent using Enigmail have to have Enigmail installed as well? How does the key exchange process work?

Reply

Jimmy

Hushmail isn’t safe. The NSA has real-time access to their servers. Plus their backdoor that they grant to US law enforcement.

I’ve been using Countermail and Neomailbox.net for years. I think Countermail is the absolute best.

smadha danyew

Not only that, but if you do not log in to Hushmail regularly, they lock you out and charge to reopen it… totally crappy!

Reply

Anony Mos

Hushmail should never be advertised as anything secure IMHO.

TutaNote lacks certain features but is very secure, free, based in Germany (good privacy laws), and well programmed. tutanota.de

Django

Tutanota.de is 404.

Reply

TylerD

Protonmail is the best hands down! It’s so good that they have a waiting list for an email account because they ran out of room on their servers. The company is based out of Switzerland, which is probably the last country left that actually honors peoples privacy. They based it here specifically for their privacy laws. I’m not a computer whiz but from what I understand the complete email process is encrypted and only you have the key. The owner said in an interview that even if the federal government would demand access to accounts they would have no means to provide it to them because they have no access to the keys.

Reply

MR. G. NOYB

Startmail

Reply

JD

Well now great info…
1. Hushmail will turn over email accounts with a Canidian Court order, just so you know. So if you just have to use it…. download ALL the emails as you get them.
2. Then there is vfemail.net which is free for 49.5 (+ or – a meg or so. I download most of my “private law” info as I receive it, as their servers are in the USA. Their paid version is real cost effective if you are not totally on a “fixed” allowance.

So just a bit of an update for you!
Thanks!

Reply

purplerebel

Any take on ProtonMail?

fiddle2

purplerebel, I have ProtonMail. Once you finally get your account it’s smooth to work with. Like TylerD says, hands down the best!

Reply

Jerry

A question for Chris, if he’s still monitoring this thread.

I use Thunderbird email app exclusively in my business. If I were to install Enigmail, using Open/PGP and S/MIME protocol (which I gather is the technology), shouldn’t it be possible for my recipients to be able to open and read the emails using any other compliant Open PGP mail app that also uses S/MIME? Presumably all OpenPGP apps have ways of sharing Public keys with one another, no matter who writes the code and what the product is called?

Your comment