The 3 Most Secure & Encrypted Email Providers Online

Ads by Google

encrypted email providersWe use email to send close personal secrets, negotiate business transactions and do everything else in between. But most email is sent in plain text and stored in an easily readable format. Encrypted email providers offer more privacy. Your emails will be encrypted in transmission and on the server’s storage, so no one but you and your intended recipients can read them.

Encrypted email providers come in a variety of forms. Some are entirely web-based applications, some are desktop applications and some plug into your existing email account and add a layer of encryption.

Hushmail

Hushmail, which we’ve mentioned in the past, is one of the most widely-known encrypted email providers. With a Hushmail account, your email is stored in encrypted form and decrypted with your password when you log in. Email sent between Hushmail users is encrypted and decrypted automatically. If you’re emailing someone else, you can use a secret question that person must answer to decrypt your email.

screenshot_01

Your recipient will get an email with a link they can click. The link takes them to Hushmail’s website.

encrypted email

Ads by Google

After clicking the link, they must answer the question to view the encrypted email.

encrypted email

Let’s get this out of the way. In 2007, Hushmail was subject to a court order and turned over emails from three email accounts. How did they do this, if the email is encrypted? They modified their system to capture the specific users’ passwords. In an refreshingly honest interview with Wired’s Threat Level blog, Hushmail CTO Brian Smith said that:

“[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.”

encrypted email

Some people opt for other encrypted email providers over Hushmail because of this, but each of them could also be forced to modify their system and capture your decryption key. The only solution is using Enigmail or a similar program, which is the do-it-yourself alternative. If you did use such a program, many governments could legally compel you to turn over your encryption key, anyway.

VaultletMail

VaultletMail, part of the VaultletSuite set of programs, is a desktop program instead of a web app. If both users are using VaultletMail accounts, email messages are fully encrypted in transmission. If you want to email a user using a different email service, you can use VaultletMail’s SpecialDelivery system.

vaultletmail

SpecialDelivery allows a receipient to create a secure passphrase, which they can use to decrypt all future emails sent from your VaultletMail account.

encrypted secure email

VaultletMail offers a lot of control. It can prevent recipients from forwarding, copying, printing or quoting specific emails. It can set an expiration time, after which the message will self-destruct from your recipient’s VaultletMail inbox. You can even send messages from an anonymous email address, providing deniability. We’ve covered VaultletMail and its features extensively in the past.

Enigmail

Enigmail is a free extension for Mozilla Thunderbird – you’ll also find similar plug-ins available for other popular email programs. To use Enigmail, you’ll have to install both the Enigmail extension for Thunderbird and the GNU Privacy Guard software for your operating system.

After you install Enigmail, you’ll find a setup wizard under the new OpenPGP menu in Thunderbird. The wizard will walk you through the setup process, including creating or importing a public and private key pair.

encrypted secure email

By default, messages are only digitally signed, which lets recipients know the email is actually from you. You’ll have to select the “Encrypt This Message” option under S/MIME in the email-composing window to enable email encryption.

screenshot_07

You’ll have to exchange keys with the people you’ll communicate with, so the setup process is a bit complex – this is the traditional way of sending encrypted email. The advantage is that you can use Enigmail with an existing email provider, such as Gmail. You don’t have to set up a new email account. FireGPG, a popular Firefox extension, used to let you do this from your web browser, but it’s no longer being developed and its Gmail support no longer works.

Conclusion

Another option is using a file encryption program and sending encrypted messages and files as email attachments, which your recipient can then decrypt.

While encryption can help protect your privacy, it isn’t a silver bullet that can protect you from the government — even if you’re using an alternative to Hushmail or doing your own encryption with Enigmail. As XKCD once illustrated, encryption is more easily breakable than you think:

encrypted email providers

Let us know in the comments what email encryption program you use.

Image Credits: Letter and Key Image via Shutterstock, XKCD

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Awesome Websites
Awesome Websites
137 Members
Deep Web Communities
Deep Web Communities
80 Members
Best Anonymity Tools
Best Anonymity Tools
73 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
44 Members
Best Music Services
Best Music Services
43 Members
Online Security Tips
Online Security Tips
41 Members
Web for Kids
Web for Kids
32 Members
Ads by Google
Comments (37)
  • reb444

    One thing to be mindful of–in any free or paid email server–is to never use active web-based links within the email or signature line…while the raw text of your emails may be secure depending on your chosen server (those noted here and below)…be mindful that any hacker (read: government) can follow “leaked links” that go outside the boundary of the email you send or receive. They DO leak.

    for example, “Beautiful . com” should read “beautifuldotcom”

    always use basic raw text only in secure emails. IMHO

  • Irene

    I have Hushmail. The only problem is with the ‘passphrase”. If you forget what it is, too bad! Part of the Hushmail security premise, is that only the user knows what the passphrase is.
    I like to think that I keep a very careful record of my user names, and passwords. But, I did it, changed the phrase and now I am locked out. I have gone over 30 days since logging in, so now even if I remember my passphrase, I have to buy the premium email, to get my account back.
    Be extremely careful! I really thought that I had been, but…

    • reb444

      I had the same issue, Irene…several times…but, as an annual subscriber, they are able to “recover” email from probably three weeks prior. Ask nicely. when I asked them how they could deliver it w/o me knowing my passphrase (password), I had to recreate my account. The best way you can do retrieval in the future is to download and save your emails to a desktop/laptop arrangement (like Thunderbird without the add-ons and geo-locators)

      Once there, I scan the emails for malware, trojans etc, and only then UPLOAD the emails (TB export/file folder) to Dropbox or similar “somewhat” secure cloud server. I do this because I do not trust Hushmail, and in the event of laptop breakdown, I have some sort of immediate access to recreate my emails and files in a day or two.

      I say “do not trust Hushmail” because now they want to install cookies which narrows your geo-location. Like many other on-line or web corporations (such as Go Ogle, Yahoo/Peekaboo, Hulu+NBC, etc.), Hushmail does not like VPN servers (virtual private networks) which bounce one around the world for privacy reasons).

      For ex., my VPN might locate me in Seattle, but the Hushmail cookie relocates me a mile from my home. Not cool. Time to move on, hence why I am here.

      Also, while Hushmail can and does AUTOMATICALLY encrypt/decrypt at both ends if the intended recipient also does so with a hush account, I had been doing this for several months….all of a sudden, Hushmail started asking for the encryption key or question/answer where it hadn’t before–meaning that it was beginning to read all supposedly encrypted emails just prior to that point;

      Countermail uses Java which is another geo- locator. The updated Javascript can never be erased from your system once downloaded (like Windows 10–which saves and reports your every move).

      I figure if these un-private corporations want to run my computer away from me, they mind as well refund the money I used to buy the machine in the first place.

      Me? I’m leaving and going to Linux and Protonmail. I’m definitely NOT doing, or intend on doing anything illegal, I just want ALL privacy, not just “some” privacy.

    • reb444

      CounterMail is also in Ontario, Canada, as is Hushmail, subject to Canadian court order.

    • reb444

      sorry, I meant CryptoHeaven for Ontario—look for location in terms of service and governing law.

  • CryptoCat

    STAY AWAY FROM HUSHMAIL!

    THEY TURN OVER PEOPLE, THEY SNOOP ON YOU!!!

  • Anon

    About the counter mail option. That’s not mandatory to leave some “paper trail” once you have options to pay anonymously for the service.

    And yes, hushmail does seem to be insecure, even if they say the contrary. Something is not secure if they for any reason has a way to give your information to agencies or whatever. Or even if they can see it. If the service can do these things they are insecure and their main concern is not just provide you a great service. But make money only.

    The real best service will want to make money, but not at the cost of the privacy of the client. Then again people can talk about criminality if a service is totally secure. Well, criminals exists even inside companies and governments unfortunately. That’s no point, for that the core of the society should change. The way human beings see the world and life should change. So there’ s no point their either.

    I do respect all the opinions. But I am stating verifiable facts here. That’s worthy. Thanks a lot for the opportunity. I am not divulging any service here. Any option that you find that is really secure you can use. One good thing is to go away from certain countries when it comes to the way certain services are handled because of their privacy policies, because in some countries privacy actually doesn’t really matter to the so called authorities! That are not really concerned about people most of the time! So choosing providers where privacy is better is an option. But if someone is able to maintain a great service inside a country, whichever it is, where not even the company can access your data. Then there is nothing authorities will be able to do when it comes to “ask” for data. If they want data all they’ll have will be encrypted data.

    That’s not about anything else but the right to privacy. To not be tracked and receive tons of ads, you already pay for your internet access and surely you’ll help in all legal and ethical ways those who provide good content, no need for intrusion and illegal activities just to make money. Or to only do it because you think you can. Some agencies and those responsible for such lines of thought should be ashamed of how they do things, their money could be better used to improve humanity.

    Anon

  • Jerry

    A question for Chris, if he’s still monitoring this thread.

    I use Thunderbird email app exclusively in my business. If I were to install Enigmail, using Open/PGP and S/MIME protocol (which I gather is the technology), shouldn’t it be possible for my recipients to be able to open and read the emails using any other compliant Open PGP mail app that also uses S/MIME? Presumably all OpenPGP apps have ways of sharing Public keys with one another, no matter who writes the code and what the product is called?

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.