Productivity Security

The 5 Most Secure and Encrypted Email Providers

James Frew Updated 13-02-2020

From hackers to businesses and overreaching governments, many people are looking to snoop on our communications. Free email providers surreptitiously use software to mine information from your emails and contacts to sell you ever more targeted advertising.


If you’re fed up with this state of affairs and want to secure your communications from prying eyes, it might be worth choosing a secure, encrypted email service instead.

Why Should You Use an Encrypted Email Service?

Google’s Gmail has over 1.5 billion users, while Microsoft’s Outlook sports 400 million. There’s a good chance, then, that you currently use a free email provider. These services feel like they are good value for money—they are free after all—but they do come at a cost; your privacy.

We use email for our most private conversations and documents, so it makes sense that you’d want to keep them private. However, as with many free services, if you aren’t paying, then your data is the product. Google famously used to scan the content of your emails to show you targeted ads. They have since disabled that feature, but your data is still freely available to the provider.

This is further complicated by the relationships these providers have, willingly or otherwise, with law enforcement agencies around the world. Many of the world’s most popular email providers are based in the US, leaving them open to requests from law enforcement and the NSA. If you choose to use these services, you should encrypt your webmail service How to Encrypt Your Gmail, Outlook, and Other Webmail Email accounts hold the keys to your personal information. Here's how to encrypt your Gmail,, and other mail accounts. Read More , too.

Encrypted email is the most secure alternative to free email providers, and allows you to keep your sensitive data private. Most encrypted email providers are located outside of the US, putting them out of reach of the NSA. Even if those agencies could gain access to your account, encryption means that only you can view your data.


1. ProtonMail

ProtonMail encrypted inbox

Price: Free. Premium accounts available.

Storage: 500MB. Up to 20GB for premium accounts.

Country: Switzerland


ProtonMail first launched in 2013 and was developed by researchers at CERN. Following a successful crowdfunding campaign, the open-source, encrypted email provider exited beta in March 2016. ProtonMail uses end-to-end encryption so that messages are only viewable by you and the recipient. Accordingly, it is widely considered one of the best private email services.

Although there are premium options, many of the service’s users are on free accounts. It is reasonable, then, to consider how they can sustain the service without leaning on targeted advertising. Fortunately, the company operates a Defence Fund which can support the service for up to a year without any other revenue.

Why ProtonMail?

All data is stored on the company’s servers in Switzerland—a country well known for its tough stance on privacy and data protection. Importantly, ProtonMail has open-sourced parts of their service. The code is available on ProtonMail’s GitHub for anyone to view and verify the security of the platform.

Although emails to and from other ProtonMail users are end-to-end encrypted, if you communicate with unencrypted services like Gmail, ProtonMail will scan these emails to protect against spam. However, these messages are scanned in memory, meaning that they aren’t kept and will be overwritten in very little time. As soon as the email has been examined, it is then encrypted. If all this talk of encryption is getting confusing, you may want to read up on encryption terms you should know 10 Basic Encryption Terms Everyone Should Know and Understand Everyone's talking about encryption, but if you find yourself lost or confused, here are some key encryption terms to know that'll bring you up to speed. Read More .


According to their Privacy Policy, IP logging is disabled by default, although you can enable this in your account settings. Your IP address can reveal your location, so the lack of logging is a benefit to your privacy.

ProtonMail also doesn’t store any of your data once it’s deleted. If you delete an email, it’s really gone. The only exception is when the data has been stored in a backup, in which case it may take up to 14 days to be entirely removed. There is no need to submit any personal information while signing up. The company will even allow you to pay for premium accounts in the cryptocurrency Bitcoin.

ProtonMail’s parent company, Proton Technologies AG, also develops ProtonVPN, a multi-platform VPN. As with the email service, ProtonVPN offers free and premium tiers. Some ProtonMail premium accounts also come with access to ProtonVPN’s premium features. We even listed ProtonVPN as one of the best unlimited free VPN services The Best Unlimited Free VPN Services (And Their Hidden Costs) Looking for a free unlimited VPN to protect your online privacy? Here are the top choices, along with their hidden costs. Read More .

Download: ProtonMail for Android | iOS | Web (Free)


2. TutaNota

Tutanota Secure Email inbox

Price: Free. Premium accounts available.

Storage: 1GB, upgradable.

Country: Germany

Tutanota was launched in 2011 by the German company Tutao GmbH. The service’s name comes from the Latin for secure message. It should be no surprise then that Tutanota is a free encrypted email service. Their servers are also based in Germany, making them subject to Germany’s rigorous Federal Data Protection Act.

While that sounds great in theory, it’s also worth noting that Germany’s Federal Intelligence Service collaborated with their American counterparts, the NSA, in their surveillance programs. While that impacts all data held in Germany, there’s no suggestion that Tutanota has ever been complicit. However, for the privacy-focused, it is worth keeping in mind as one of the best encrypted email services.

Why Tutanota?

Like ProtonMail, Tutanota uses end-to-end encryption to ensure the privacy of your emails. Where things differ slightly is in how the service handles external emails. If you send a message to another email service like Gmail, Tutanota sends a link to a temporary account where the recipient can view the message.

Tutanota is open-source, too, with the code available on the Tutanota GitHub page. All data stored in your inbox is encrypted, with only metadata like sender, recipient, and date visible. However, their FAQ states that they are looking into encrypting metadata too.

The company uses 2048-bit RSA and 128-bit AES encryption methods. However, they do not support PGP, a feature often used to judge secure email providers. That said, they believe their encryption offers advantages over PGP, like encrypting the subject line. There’s also room for them to build more encrypted services in the future, like the available-to-all calendar and planned cloud storage.

According to their Privacy Policy, they do collect mail server logs. Although these are only kept for seven days, they do contain sender and recipient email addresses, but no customer IP addresses.

While you can open a Tutanota account for free, they too offer paid-for options. A Premium account costs just 12€ per year and allows you to add an additional user, use up to five aliases, and enables support for custom domains.

Download: TutaNota for Android | iOS | Web (Free)

3. Mailfence

Mailfence inbox

Price: Free. Premium accounts available.

Storage: 500MB of emails, 500MB of documents as standard.

Country: Belgium

Mailfence is a free secure email service from the creators of ContactOffice. Following the Snowden revelations documenting US government surveillance, ContactOffice felt there was a need for a privacy-focused email service.

Their servers are in Belgium, and, as with many European countries post-GDPR, the country has strong privacy laws. These regulations usually favor the consumer rather than the company, strengthening protections. Unlike some countries—namely the Five Eyes nations—there is no evidence to suggest Belgium collaborated in the NSA surveillance schemes.

Why Mailfence?

One concern when choosing a new digital service is whether it will remain operational for years to come. ContactOffice was started in 1999, and so the company has proven longevity. They also earn operational funds for Mailfence by licensing the software to businesses. To do so, they need to keep their software proprietary, so, unfortunately, Mailfence is not open-source.

Unlike the other services in this list, Mailfence is more than just a secure email provider. An account also provides access to calendars, contacts, and document storage. Free accounts come with storage space for 500MB of emails, 500MB of documents, and one calendar. Entry and Pro accounts upgrade this storage and add additional features. Bolstering their privacy-focused credentials, you can even opt to pay for your account using Bitcoin.

Disappointingly, there is no Mailfence mobile application. However, the company has stated one has been in development since at least 2017. If this is a deal-breaker, you could send encrypted email on Android using OpenKeychain How to Send Encrypted Email on Android Using OpenKeychain Fancy sending encrypted emails and messages on your Android phone? Check out how OpenKeychain makes this easy. Read More instead. For the time being, though, if you want to manage your Mailfence mail on your smartphone, you’ll need to pay for a premium account. This gives you access to Exchange ActiveSync, POP, IMAP, and SMTPS.

Mailfence is end-to-end encrypted and supports OpenPGP. You can generate a key on your computer, which is then encrypted using 256-bit AES and stored on Mailfence’s servers. They also support two-factor authentication to prevent unauthorized access to your account.

Taking a stand for your principles is admirable in itself, but alongside that ContactOffice donates 15 percent of the income from their Pro plans to the pro-privacy organizations. Currently, donations go to the Electronic Frontier Foundation (EFF) and the European Digital Rights Foundation (EDRi).

Download: Mailfence for Web (Free)

4. Disroot

Rainloop email interface

Price: Free

Storage: 1GB, upgradeable.

Country: Netherlands

Disroot is a free secure email provider based in the Netherlands. Although free email services, especially those without premium options, are generally not recommended, Disroot is an exception. The service was set up in response to the lack of similar services and is run by volunteers, supported by donations.

There’s not just email here; Disroot has a comprehensive range of productivity and communications tools bundled in an Office-style web service. Unlike many of their peers, Disroot is open-source, decentralized, and some of their services are federated, too.

Why Disroot?

Although there are many reasons to use open-source software, most people do so because of what it stands for. To them, the open-source community represents the freedom and ideals of the early internet, before large companies came to dominate the sector. Disroot is part of this movement, expanding beyond open-source into decentralization and federalization.

Federalization is a popular feature of alternative social networks, allowing different services to communicate with one another. However, Disroot’s email service remains resolutely private. The service has been operational since 2015, although usage is hard to pin down as the company doesn’t keep track of active users.

In fact, the company hopes to know as little about you as possible. Disroot’s Privacy Policy explicitly states that they only collect essential data needed to provide you with their services. They do not sell it, analyze it, or access any of your stored data. Where Disroot falls short of the other providers on this list is encryption.

Disroot is not end-to-end encrypted, nor are your emails encrypted on the server. According to their Privacy Policy, all emails are stored in plain-text, unless you have manually encrypted them using PGP or GPG. There are no mobile or desktop applications either; you can only access your account through their webmail client. However, Disroot does support IMAP and POP3 so that you can access your emails through third-party apps.

Download: Disroot for Web (Free)

5. Posteo

Posteo secure email

Price: €1/month

Storage: 2GB, upgradeable.

Country: Germany

Posteo is an encrypted email provider based in Germany. In many ways, Posteo is the best alternative to ProtonMail and replicates many of the features found on other services. However, unlike ProtonMail, your data is centrally encrypted on Posteo’s servers, rather than end-to-end encrypted.

While that does mean that it isn’t the safest email provider, there are upsides to the lack of end-to-end encryption. For example, you can easily set up your Posteo account on any email software or app, giving you greater control over how you access your mail. Your account comes bundled with an Address Book and Calendar, too, smoothing the transition from Gmail or Outlook.

Why Posteo?

Posteo has been operational since 2009, making it one of the longest-running secure email services. However, its popularity and use increased dramatically after the Snowden leaks. Around the same time, Posteo introduced the DNS-based Authentication of Named Entities (DANE). This technology prevents man-in-the-middle attacks, and forces provider-to-provider encryption where available.

They also offer a one-click option to encrypt all of your emails, attachments, and other data using their Crypto Mail Storage feature. After activating the encryption, your emails will no longer be accessible on the server without your password. This prevents Posteo or any third-party from accessing your data on the server.

However, Crypto Mail Storage is an optional feature, which is off by default. To protect your data even without this encryption, all of Posteo’s servers, located in Frankfurt, are encrypted. They are hosted at a third-party data center, but this encryption prevents anyone at the data center from accessing your data.

Posteo is also focused on financial and environmental sustainability. All of their servers and offices run on green and renewable energy from Greenpeace Energy. To ensure the company can work independently, they have no debts, take out no loans, and are supported only by user subscriptions. Even their finances are conducted through Umweltbank, one of Germany’s environmental banks.

Download: Posteo for Web (Subscription required)

The Most Secure Email Provider

Many free email providers don’t take steps to protect your privacy, or they even take steps to undermine it. Switching to an encrypted email account is a change worth making and is a simple way to improve your security. When choosing, it’s essential to evaluate the provider on their encryption methods, how they finance the service, and where the servers are located.

Of course, no online service is entirely secure, no matter the ethics of the provider. There will always be hackers and surveillance agencies looking to expand their ever-growing databases. To increase your security, don’t forget the basics. That’s why you may want to consider improving your cyber hygiene and looking at our tips for handling data at work 5 Data Handling Tips to Avoid Security Breaches at Work Concerned that you might inadvertently cause a security breach at work? Check our data handling tips to ensure you stay secure! Read More .

Related topics: Desktop Email Client, Email Tips, Encryption, Online Privacy, Online Security, Surveillance.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. colin
    July 25, 2019 at 6:46 pm

    This is really important stuff James. I've been using proton mail myself and it's good to know there are alternatives.

    • James Frew
      July 25, 2019 at 6:48 pm

      Glad you found it useful, Colin. Personally, I think ProtonMail is great, but it won't work for everyone. So, definitely check out the other two as well!

  2. Godel
    July 23, 2019 at 9:20 pm

    While Proton Mail has totally free accounts as well as paid, you can also send a small donation each year to help keep them going.

    • James Frew
      July 25, 2019 at 6:49 pm

      That's true, and it may be a middle ground for those that want to support their development, but aren't able to pay for the premium account.

  3. Eeyore
    September 12, 2018 at 12:01 am

    You have convinced me. I need to give up the internet. Snail mail is more secure. Thank you.

  4. MJ
    January 30, 2018 at 5:15 pm

    I have used Protonmail for several years, feel like it is safe, they could add several simple features. I also like GMX.

  5. MJ
    January 30, 2018 at 5:11 pm

    I have used Protonmail for quite some time and like it and feel it is safe, even though they could add more simple features, I also use GMX

  6. JP
    August 20, 2017 at 11:09 am

    "If you email an account that isn’t encrypted like Gmail, ...."
    This line say that Gmail is encrypted. It is not.
    Learn to write.

    • James Frew
      August 20, 2017 at 12:23 pm

      I'm glad my writing inspired such passion.

      • Penfighter
        October 17, 2019 at 6:46 pm

        Your choice of words confused me, too. I just figured you had not fully proof read your article since I knew Gmail was not encrypted.

    • Mia
      March 13, 2018 at 1:08 pm

      How weird that he read that wrong and then responded so confidently.

  7. Olof
    August 18, 2017 at 7:49 am

    Today Yahoo sent me a message that they will start sharing my email letters contents with their future "partners" that basicly can be anyone including the state. My second email provider, GMX, already does this I just realized. Scary!!
    Since I live in Sweden, a little socialistic/communistic state that is rapidly collapsing into a former East German DDR-like crook state with mass surveillance and prison for dissidents etc, this is even more scary.
    So, it is time to close down those accounts and step up my mail security.
    That is why I am so grateful for this site of yours, you are really needed - THANK YOU !

    • James Frew
      August 20, 2017 at 12:29 pm

      I'm glad we could help. Its for reasons exactly like you described that access to encrypted tools is so important.

  8. Cfeyecare
    August 16, 2017 at 2:50 pm

    Advice requested. I'm in the U.S., using Firefox on Windows. I axed Google a year ago for Duck Duck Go and Start Page. I now wish to dump Gmail. I own a domain name through Go Daddy and would like to use it for email ( but I found the Go Daddy Microsoft Outlook mail system to be too complex to setup and use. Is there a secure free or premium email service that will let me use my own domain name from Go Daddy?

    • James Frew
      August 16, 2017 at 8:46 pm

      Mailfrence supports custom domains as do ProtonMail and Tutanota on their premium plans.

  9. Ryan Turner
    August 14, 2017 at 10:20 pm

    Avira is GODAWFUL.

    I don't know who this author thinks he is, but he must not ever use a computer, or he is getting paid to big bucks from some of these companies to say this.

    I had Avira installed, and in order to even tolerate it, I had to install a separate add-on to block its pop-ups. Sometimes the program can use up to 98% of your CPU.

    This article is a joke.

    • sure man
      June 30, 2019 at 10:37 pm

      yeah alright

  10. Unlikely
    June 7, 2017 at 7:33 am

    I have used Outlook on my PC for 20 years, but I want to escape from using a Gmail email address.

    I'd like secure email, but it needs to be connected to Outlook (I am considering my own PC to be secure.) I have tried ProtonMail and Tutanota, but they force you to use a web client or Android app.

    Any recommendations for an email service provider that is not as "evil" as Google, but that can integratre with my Outlook 2013?

    • James Frew
      June 7, 2017 at 9:04 am

      The main reason these services don't integrate with Outlook is because they use end-to-end encryption. When using their official app or your web browser the data is decrypted locally within the app or browser.

      It depends on what your goal is here - are you looking to remove yourself from Google or do you want to secure/encrypt your email? If you want to change from Google there are a lot of services out there, and you can read their privacy policies to decide which is right for you.

      If your goal is to encrypt messages then you can follow Microsoft's advice ( to encrypt messages in Outlook.

      If you want to go to the more extreme end you could always host your own email provider by using a service like Mail-in-a-box (

    • hnb
      August 2, 2017 at 6:37 pm

      You want privacy protection and use a windows desktop app?
      And the worst one? LOL!
      You've just went full retard. Never go full retard.
      Get the Brave browser and use Proton mail via TOR
      And do that from a Linux distro, that also uses a firewall / ip filter
      Then you can deserve safety and privacy.
      Lazy bozo users like you are the reason there's spam and viruses.

      • James Frew
        August 3, 2017 at 6:19 am

        I agree with your recommendations about Linux/ProtonMail/Tor but your assumption that people use the defaults because they are unintelligent is unfair. There are many people who are casual technology users -- and even power users -- who don't necessarily base their decisions on privacy or have the time to fully research solutions. That's what articles like this and forums are useful to people for.

  11. WatM
    April 14, 2017 at 5:48 pm

    I'm computer illiterate and of the old school, and still uneasy about on-line purchases fearing ID theft. Will using one of these secured emails prevent such thing?

    • James Frew
      April 15, 2017 at 2:48 pm

      Thanks for the question. Email encrypted is more to do with privacy (Security does play its part though for sure). However, encrypted email on its own does little to protect you from online ID theft.

      If you are worried about the potential for ID theft then take a look at our article about preventing it and try and work your way through the steps. (//

      Without being flippant about how complex the issue of ID protection online can be - with specific regards to online shopping - use sites that you have heard of, don't click through on email links to deals and savings - go direct to the website in your browser, and look for the padlock icon in the address bar to show that the website is using HTTPS.

      • WatM
        April 15, 2017 at 6:19 pm

        Thank you for the information. I found the link to be very helpful, I will certainly start with the suggested steps. Thank God for people like you, dedicating their time to help others less knowledgeable such as I. Blessings

  12. Phil Clayton
    March 28, 2017 at 3:07 pm

    Nice article, but talking about Switzerland, Germany and Belgium having "strong privacy laws" is naÏve and meaningless. The European Union is an Evil Empire, just like the United States and the former Soviet Union. They all have their version of the "deep state", intelligence agencies for whom legal restrictions mean nothing. The only solution to private communication is strong end-to-end encryption, so that the message in transit can't be cracked for 100 years or more by the NSA or anyone else and can only be read by the intended recipient.

    • James Frew
      March 28, 2017 at 3:14 pm

      Thanks for taking the time to read and I'm glad you enjoyed the article. While I agree that you can't vouch entirely for any nation not to perform surveillance, the European Data Protection Directive ( is one of the strongest pieces of data protection legislation in the world.

      You can't guarantee security online - but you can minimize your risk. You always have to weigh up the pros and cons but the way I see it is that the US is known to use surveillance against its own citizens - and any internet user around the world. By choosing a European provider you are minimizing your risk.

      • Hans Berger
        April 3, 2017 at 10:33 pm

        Protonmail: "All data is stored on the company’s servers in Switzerland — a country well known for its tough stance on privacy and data protection." Seems you do not know the Swiss legal framework surrounding data protection / retention. Six months compulsory data retention has been introduced about a year ago and any type of surveillance can be performed (and is being performed) without any warrant - as opposed to the U.S.A. You should read about the illegal and unauthorized acquisition and use of the "Galileo" software by the police of the Canton of Zurich (KaPo). Also, Protonmail has nothing to do with the CERN at all nor are their servers located in Switzerland. Last but not least, I would like to draw your attention to the "special" role played by Protonmail when several e-mail providers got DDoS attacked. Only Protonmail paid and only Protonmail crowdfunded twice for the ransom money... In my opinion a snake oil merchant and dangerous at any speed. Disclosure: I use a small privately owned e-mail provider located in the U.S.A. and I am a Swiss national living in Switzerland, BTW. My small e-mail provider also got DDoS attacked at the same time but did not cough up a single penny, as opposed or supposed to Protonmail.

        • James Frew
          April 4, 2017 at 1:54 pm

          The co-founders of ProtonMail (Wei Sun & Andy Yen) do work at CERN as I mentioned in the article. The product itself is not affiliated with CERN. With regards to the DDOS attack - yes they did pay - and although there are moral arguments about whether to pay ransom demands I'm not clear how that equates to "snake-oil".

          ProtonMail is end-to-end encrypted so if there were any law enforcement data acquisition unless you surrendered your key they would be unable to access it.

        • Jose Terreiro
          December 3, 2017 at 1:18 am

          Hans, could you share with us that small e-mail provider?

          Thank you.

    • ldkd
      April 15, 2018 at 1:27 am

      Switzerland is not EU and it have STRONG privacy laws

  13. Timothy
    January 29, 2017 at 6:53 am

    How about guerilla mail?

    • James Frew
      March 28, 2017 at 3:17 pm

      Although it's a great service for preventing you from having to give out your real email address - it isn't end to end encrypted so it didn't make the cut. They are privacy conscious though - emails are only kept for 1 hour, and all access logs are deleted after 24 hours.

  14. Zhong
    January 23, 2017 at 2:56 am

    Tutanota is still early in accessing full features as they cannot retrieve your password if you forgot or typed it wrong when you changed it.

    • James Frew
      March 28, 2017 at 3:19 pm

      This is a feature of Tutanota. Your password is your encryption key. In order to protect your account should Tutanota ever be compromised they do not store your password as it would enable all your emails to be encrypted. This is the main difference between Tutanota and ProtonMail who use a separate decryption password.

  15. Matza
    January 23, 2017 at 12:06 am

    There's also Unseen:

  16. onlineemailaddress
    January 22, 2017 at 3:27 pm

    Please throw some light on "Posteo"?

    • James Frew
      March 28, 2017 at 3:22 pm

      Posteo is another privacy-focused email service based in Germany. Although it is commendable, it wasn't included as many of the security features can be found in Gmail for free.

  17. Stillsearching
    September 11, 2016 at 6:39 pm

    Not much here. The only one really is Hushmail who handed over everything when asked.

  18. R N
    August 6, 2016 at 7:13 pm

    Thanks for the article Christ. Is a new article that is more current forthcoming? One that considers the pay options as well and points out all the pros and cons?

    • James Frew
      March 28, 2017 at 3:22 pm

      We recently updated the article and so hopefully it should cover the points you were interested in.

  19. StephDRX
    July 30, 2016 at 12:52 am

    I see I'm not the only one using mailfence :) I have been using it for a month now and am very satisfied. Service is excellent as well, real pros.

  20. selecia
    July 11, 2016 at 1:04 am

    why is hushmail here? Hushmail has been known to give away personal information.

  21. Mick
    April 6, 2016 at 4:37 pm

    Indeed an informative list – but a short list that do not include some of the other remarkable players, that does everything on the client-side and truly provides end-to-end encryption (which by far is the only way that can ensure one’s online data confidentiality and integrity during transit).
    Following are two of those outstanding services.
    > (a pure end-to-end encryption service – that does not only provide confidentiality and integrity but also authentication via the capability of digital signatures, based on OpenPGP – it provides user full control over their keys and does it all in a very user-friendly manner)
    > (another nice end-to-end service – that provides great reliability and hot features like disposable email addresses etc, based on OpenPGP and has a nice descriptive interface)
    > (one of the most famous group of people who are not only providing great privacy solutions, but also helping like-minded people to grasp their OpenPGP understanding in a better and effective manner)
    Now, the ultimate tool when it comes to OpenPGP and end-to-end encryption – is always have been GnuPG, though the reason it never really get lifted up is due to its complexity in terms of usability from a typical user standpoint (however, implementations like Gpg4Win, GPGSuite, Seahorse does come in handy).
    Lastly, the article is not bad at all, the only loose-end is not mentioning some of the key players. Nevertheless, it always drops down to one’s preferences and requirements (I personally use mailfence which is free, interoperable, without ads, completely locally hosted and provides an entire collaboration suite i.e. messages, contacts, calendar, documents, polls, tags ….)
    Again, its a matter of personal preference and the extent to which one understand end-to-end encryption technologies (OpenPGP, S/MIME etc, which most of the people don’t) – that contributes in the rightness and wrongness of their online privacy decisions.

  22. Vickie
    March 12, 2016 at 5:23 am

    What is best for someone who is not very computer savvy and not always communicating with people who I would be able to exchange passwords with as easily?

    Hushmail sounds like the best option for that? Thanks.

  23. talat kabal
    February 15, 2016 at 8:45 am

    I personnaly use ! The reason why I decided to choose it instead of others private email, it's because mailfence are based in Belgium, and benefits a real data privacy compared to their competitors that are based often in USA and where the gov spy everything of your private life. I'm really satisfied.

  24. Drew
    February 10, 2016 at 10:11 pm


  25. James
    February 9, 2016 at 2:34 pm

    There is also MailFence on the market of "secure mail". It's nearly the same concept. When I come to choose a secure mail, I have hesitated which to choose. But finally I have choosen MailFence because it's really easy to use. I recommend it for all!

  26. Linleya
    November 14, 2015 at 12:35 am

    I found Invmail to be more secure when i compared against all etc its also they use 4096 bit RSA’s [Broken URL Removed] they are in open beta, they also offer private solutions as well as Video/Voice Calls, and Messaging over encryption channels.

  27. Anonymous
    August 23, 2015 at 8:43 pm

    One thing to be mindful of--in any free or paid email server--is to never use active web-based links within the email or signature line...while the raw text of your emails may be secure depending on your chosen server (those noted here and below) mindful that any hacker (read: government) can follow "leaked links" that go outside the boundary of the email you send or receive. They DO leak.

    for example, "Beautiful . com" should read "beautifuldotcom"

    always use basic raw text only in secure emails. IMHO

    • Steve
      January 2, 2016 at 8:37 pm

      Thanx for the post. This is one of those issues that many people might deem trivial. However, this is very sound advice.

  28. Irene
    May 20, 2015 at 5:54 am

    I have Hushmail. The only problem is with the 'passphrase". If you forget what it is, too bad! Part of the Hushmail security premise, is that only the user knows what the passphrase is.
    I like to think that I keep a very careful record of my user names, and passwords. But, I did it, changed the phrase and now I am locked out. I have gone over 30 days since logging in, so now even if I remember my passphrase, I have to buy the premium email, to get my account back.
    Be extremely careful! I really thought that I had been, but...

    • Anonymous
      August 23, 2015 at 8:30 pm

      I had the same issue, Irene...several times...but, as an annual subscriber, they are able to "recover" email from probably three weeks prior. Ask nicely. when I asked them how they could deliver it w/o me knowing my passphrase (password), I had to recreate my account. The best way you can do retrieval in the future is to download and save your emails to a desktop/laptop arrangement (like Thunderbird without the add-ons and geo-locators)

      Once there, I scan the emails for malware, trojans etc, and only then UPLOAD the emails (TB export/file folder) to Dropbox or similar "somewhat" secure cloud server. I do this because I do not trust Hushmail, and in the event of laptop breakdown, I have some sort of immediate access to recreate my emails and files in a day or two.

      I say "do not trust Hushmail" because now they want to install cookies which narrows your geo-location. Like many other on-line or web corporations (such as Go Ogle, Yahoo/Peekaboo, Hulu+NBC, etc.), Hushmail does not like VPN servers (virtual private networks) which bounce one around the world for privacy reasons).

      For ex., my VPN might locate me in Seattle, but the Hushmail cookie relocates me a mile from my home. Not cool. Time to move on, hence why I am here.

      Also, while Hushmail can and does AUTOMATICALLY encrypt/decrypt at both ends if the intended recipient also does so with a hush account, I had been doing this for several months....all of a sudden, Hushmail started asking for the encryption key or question/answer where it hadn't before--meaning that it was beginning to read all supposedly encrypted emails just prior to that point;

      Countermail uses Java which is another geo- locator. The updated Javascript can never be erased from your system once downloaded (like Windows 10--which saves and reports your every move).

      I figure if these un-private corporations want to run my computer away from me, they mind as well refund the money I used to buy the machine in the first place.

      Me? I'm leaving and going to Linux and Protonmail. I'm definitely NOT doing, or intend on doing anything illegal, I just want ALL privacy, not just "some" privacy.

      • Anonymous
        August 23, 2015 at 8:34 pm

        CounterMail is also in Ontario, Canada, as is Hushmail, subject to Canadian court order.

        • Anonymous
          August 23, 2015 at 8:50 pm

          sorry, I meant CryptoHeaven for Ontario---look for location in terms of service and governing law.

        • Sal
          October 16, 2016 at 9:46 am

          I would avoid using ANY mail or vpn providers based or linked in any way to the US and its defacto territories:Canada and UK .

  29. CryptoCat
    May 14, 2015 at 8:51 am



  30. Anon
    April 20, 2015 at 12:32 pm

    About the counter mail option. That's not mandatory to leave some "paper trail" once you have options to pay anonymously for the service.

    And yes, hushmail does seem to be insecure, even if they say the contrary. Something is not secure if they for any reason has a way to give your information to agencies or whatever. Or even if they can see it. If the service can do these things they are insecure and their main concern is not just provide you a great service. But make money only.

    The real best service will want to make money, but not at the cost of the privacy of the client. Then again people can talk about criminality if a service is totally secure. Well, criminals exists even inside companies and governments unfortunately. That's no point, for that the core of the society should change. The way human beings see the world and life should change. So there' s no point their either.

    I do respect all the opinions. But I am stating verifiable facts here. That's worthy. Thanks a lot for the opportunity. I am not divulging any service here. Any option that you find that is really secure you can use. One good thing is to go away from certain countries when it comes to the way certain services are handled because of their privacy policies, because in some countries privacy actually doesn't really matter to the so called authorities! That are not really concerned about people most of the time! So choosing providers where privacy is better is an option. But if someone is able to maintain a great service inside a country, whichever it is, where not even the company can access your data. Then there is nothing authorities will be able to do when it comes to "ask" for data. If they want data all they'll have will be encrypted data.

    That's not about anything else but the right to privacy. To not be tracked and receive tons of ads, you already pay for your internet access and surely you'll help in all legal and ethical ways those who provide good content, no need for intrusion and illegal activities just to make money. Or to only do it because you think you can. Some agencies and those responsible for such lines of thought should be ashamed of how they do things, their money could be better used to improve humanity.


  31. Jerry
    March 21, 2015 at 11:16 am

    A question for Chris, if he's still monitoring this thread.

    I use Thunderbird email app exclusively in my business. If I were to install Enigmail, using Open/PGP and S/MIME protocol (which I gather is the technology), shouldn't it be possible for my recipients to be able to open and read the emails using any other compliant Open PGP mail app that also uses S/MIME? Presumably all OpenPGP apps have ways of sharing Public keys with one another, no matter who writes the code and what the product is called?

  32. purplerebel
    March 10, 2015 at 11:52 am

    Any take on ProtonMail?

    • fiddle2
      March 20, 2015 at 3:38 pm

      purplerebel, I have ProtonMail. Once you finally get your account it's smooth to work with. Like TylerD says, hands down the best!

      • Anonymous
        August 23, 2015 at 8:32 pm

        Corredct took me about three weeks to get endorsed--also, use an alias while on there

  33. JD
    February 24, 2015 at 1:38 am

    Well now great info...
    1. Hushmail will turn over email accounts with a Canidian Court order, just so you know. So if you just have to use it.... download ALL the emails as you get them.
    2. Then there is which is free for 49.5 (+ or - a meg or so. I download most of my "private law" info as I receive it, as their servers are in the USA. Their paid version is real cost effective if you are not totally on a "fixed" allowance.

    So just a bit of an update for you!

  34. MR. G. NOYB
    February 17, 2015 at 6:45 am


  35. TylerD
    February 5, 2015 at 7:51 pm

    Protonmail is the best hands down! It's so good that they have a waiting list for an email account because they ran out of room on their servers. The company is based out of Switzerland, which is probably the last country left that actually honors peoples privacy. They based it here specifically for their privacy laws. I'm not a computer whiz but from what I understand the complete email process is encrypted and only you have the key. The owner said in an interview that even if the federal government would demand access to accounts they would have no means to provide it to them because they have no access to the keys.

  36. Anony Mos
    December 24, 2014 at 5:19 am

    Hushmail should never be advertised as anything secure IMHO.

    TutaNote lacks certain features but is very secure, free, based in Germany (good privacy laws), and well programmed.

    • Django
      February 5, 2015 at 3:45 am is 404.

  37. Jimmy
    June 21, 2012 at 5:11 pm

    Hushmail isn't safe. The NSA has real-time access to their servers. Plus their backdoor that they grant to US law enforcement.

    I've been using Countermail and for years. I think Countermail is the absolute best.

    • smadha danyew
      August 6, 2012 at 2:30 pm

      Not only that, but if you do not log in to Hushmail regularly, they lock you out and charge to reopen it... totally crappy!

    • thanks for the theme!
      April 28, 2015 at 8:00 pm

      smadha danyew: exactly the same problem... would like to deactivate/delete my account now - no access to do it.

  38. BL
    April 7, 2012 at 4:00 pm

    Do recipients of emails sent using Enigmail have to have Enigmail installed as well? How does the key exchange process work?

  39. BL
    April 7, 2012 at 4:00 pm

    Is Enigmail transparent to the recipient if they don't have the tool? How does the key exchange process work? Will they need to install something on their end?

    I'm trying to look for free options that allow me to send / receive encrypted emails but my recipient has certain restrictions on the tools that she can download.

    • Chris Hoffman
      April 8, 2012 at 2:43 am

      Enigmail isn't transparent to the end user. They'll need Enigmail installed, too.

      The other options in the article can be sent to a user without a special email account or software, though.

      • BL
        April 8, 2012 at 5:31 pm

        Which service would you recommend the most? I was leaning towards the free version of Vaultlet Mail but it does not provide me with the attachment size limits that I need. Enigmail is not an option for me as my recipient won't be allowed to download anything.

        Would Hushmail be secure enough to transfer files of sensitive nature to another person?

        I've also read a little bit about eCrypt Me, but I guess is free to try but has a monthly fee subscription of $8.

        • Chris Hoffman
          April 9, 2012 at 12:43 am

          I'd lean towards Hushmail, if it has the file-size limits that work for you. Some people are paranoid about Hushmail, but I dealt with the concerns about it in the post.

          I haven't used any paid options, so I can't really comment on those. But it was hard to find enough free options to round out the article.

        • BL
          April 9, 2012 at 12:59 am

          Thanks a lot!

        • Henry
          May 15, 2012 at 2:49 pm

          CryptoHeaven works similarly to Hushmail, but offers more features. It does have a free option although it is not advertised on the website. When creating new account, leave the "activation code" blank and it will create a free account with limited storage.

        • Chris Hoffman
          May 16, 2012 at 12:16 am

          Very interesting! I might have included CryptoHeaven if they advertised that.

          Thanks for chipping in.

  40. Michel
    April 1, 2012 at 10:40 am

    The most secure email service is Countermail. It covers some of the vulnerabilities and limitations that Hushmail has.

    Some differences:
    * CM does not log IPs. Whatsoever.
    * CM has 100% MITM-protection.
    * CM has the ability to use double authentication.
    * CM stores all incoming and outgoing mail encrypted.

    Your solution in the article above to use Enigmail and so on has some huge limitations. For instance, enigmail does not provide good protection if the attacker has physical access to the computer (ie search & seize order) and depending on mail provider used with Enigmail the ip-address is revealed to the recipient.

    • Chris Hoffman
      April 1, 2012 at 10:59 am

      Thanks for sharing, Michel. That sounds like a great service.

      It costs money after the first month, though, and we try to focus on free services. That made writing the post hard -- I had to pass up some high-quality options.

      Still, if you really need encrypted mail, it may be a good idea to shell out some cash. (Then again, doesn't that create a paper trail? That could also be a concern.)

      • smadha danyew
        August 6, 2012 at 2:32 pm

        actually, if you dont log in to hushmail on a regular basis (they say 3 weeks, but it is more like a week) they lock you out and charge you to reopen it... CRAPPY!!

        • Chris Hoffman
          August 7, 2012 at 7:36 am

          Wow, really? That really sucks.

  41. blonde
    March 11, 2012 at 11:39 pm

    I always email my prescription and never had any problem with it.  ;)

  42. Chris Hoffman
    February 21, 2012 at 12:09 am

    Thanks for the recommendation. We tried to focus on free services, which is why many couldn't be included.

  43. Chris Hoffman
    February 21, 2012 at 12:08 am

    That's a good point. It isn't free, though. These services are.

  44. Anonymous
    February 16, 2012 at 5:22 am

     Good to know about the  3 Most Secure & Encrypted Email Providers Online.

  45. Matt
    February 16, 2012 at 5:00 am

    Enigmail is GREAT! I have used it for years. It definitely takes the pain out of using GnuPG. Thanks!

    • Chris Hoffman
      February 16, 2012 at 9:14 pm

      You're welcome! I definitely knew I had to include Enigmail.