ProtonMail is a Swiss email provider that places a strong emphasis on privacy and security.

Accounts can be set up without providing a single piece of identifying information. And all emails are stored in such a way that even the employees of ProtonMail are unable to read their contents.

If you’d like to send an encrypted email, ProtonMail is an excellent choice.

Emails between ProtonMail users are encrypted automatically. But the company also makes it easy to send encrypted emails to anyone regardless of provider.

What Is Email Encryption?

Email encryption is the process of encoding emails in such a way that only the intended recipient can read them.

There are two main protocols used to achieve this.

  • In transit encryption using TLS
  • End-to-end encryption

TLS, or Transport Layer Security, is a standard feature of all major email providers. It prevents emails from being read after they have been sent but before they have been received.

TLS is primarily designed to prevent man-in-the-middle attacks. It’s an important feature but it doesn’t protect emails once they have reached the recipients inbox.

This means that such emails can still be viewed by a third party if they manage to gain access to the recipients email server.

For this reason, TLS alone is not recommended for sensitive emails.

End-to-end encryption involves a more robust approach to email privacy.

Under this protocol, emails are encrypted right up until the point that they are opened by the intended recipient.

In this article, it's end-to-end encryption that we will be discussing.

Related: What Is End-to-End Encryption?

How Does Email Encryption Work With ProtonMail?

ProtonMail

ProtonMail uses a form of end-to-end encryption known as Pretty Good Privacy or PGP.

Under this protocol, all inboxes are equipped with both a public and a private key. The private key is available only to the owner of the inbox. All emails are stored in encrypted form. And they cannot be accessed by anybody except the owner of the inbox.

This is known as zero-access encryption. And it’s a big step up compared to TLS which leaves emails that are at rest wide open to compromise.

If ProtonMail was ever to get hacked, the contents of your inbox would remain off limits to whomever performed the attack.

How to Send Encrypted Emails to Other ProtonMail Users

All emails between ProtonMail users are automatically equipped with end-to-end encryption.

When you send an email, your public key is automatically included. When you receive an email, their public key is automatically imported. You don’t need to do anything else.

If you receive an email and you’re not sure if the sender is using ProtonMail, you can check the From field.

If the email is from another ProtonMail user, there will be purple lock displayed next to the sender's email address.

How to Send Encrypted Emails Using PGP

ProtonMail Public Key

PGP can also be used with non ProtonMail users provided they understand the concept and are themselves using an email client or plug in that accepts it.

To do so, you will first need to exchange public keys. To send the recipient your public key, you should do the following:

  1. Open the editor and compose a blank email
  2. Click on the drop down menu - this is located above the text editor and to the right
  3. Select the Attach Public Key option
  4. Send the email

To receive a public key from somebody else, they will have to send you an email.

To import a public key, you should do the following.

  1. Open the email with the public key attached.
  2. ProtonMail will display a yellow message directly above the emails contents. Click Trust Key
  3. ProtonMail will display a pop up window asking for your permission. Select Use for Encryption then Trust Key a second time.

Any emails that you exchange with that person will now be equipped with PGP end-to-end encryption.

Whenever you receive an email that is encrypted in this way, there will be a green lock next to the sender's email address.

How to Send Encrypted Emails Using Password Protection

ProtonMail Outside Encryption

If you’d prefer not to use PGP encryption, ProtonMail also allows you to send emails that are password protected.

This option is great if you want to send an encrypted email to somebody unfamiliar with PGP.

It offers a similar level of protection but keep in mind that it cannot be used to receive an email.

Here are the steps.

  1. Open the editor and compose an email as normal
  2. Once finished, click on the lock icon, (located below the text editor, to the left of the send button)
  3. Enter and confirm a password of your choosing - you have the option of including a password hint
  4. The recipient will receive a message from ProtonMail telling them that there is an encrypted email waiting for them, along with a link to read it
  5. By following the the link, they will be taken to ProtonMail and asked to enter the password to read the email
  6. If the recipient doesn’t click the link within 28 days, the email is automatically deleted

The obvious downside of this technique is that you will need to communicate with the recipient in advance to share the password.

The recipient is also required to click a link inside an email which is something that many people are rightfully weary about doing.

Is End-to-end Email Encryption Worth the Effort?

Pretty Good Privacy is a powerful and useful tool. But it’s not exactly known for being user friendly.

Password protection is easier to understand but it still requires you to contact the recipient in advance.

The need for end-to-end encryption is debatable because it all depends on how sensitive your emails actually are. What’s not open for debate, however, is that without end-to-end encryption, nothing that you send has any real guarantee of privacy.