The most secure email services of 2021
Email is not secure by design, but these email providers allow you to send emails with top-level security
Email was never meant to be safe. Most people don’t realize that others can easily see what you write in an email. That’s why it’s a good idea to use the most secure email service you can find.
Compared to more modern forms of communication, such as Zoom, Slack, or Teams, email is ancient and has limitations that can lead to security issues. However, over the years, security researchers have made email more secure in an age when hackers are never far away.
What to look for in a secure email service
Whether you’re a home user or work for a large corporation, it’s good to know what security features your email service has. Below, you’ll find some features you should look for in secure email service and how they may benefit you.
Encryption obscures to keep it safe from snooping hackers. Sending an email over an encrypted network essentially disguises the message’s text, making it impossible to read without a decryption key.
Some email services only encrypt data when it is traveling, leaving it in plain text at the other end. End-to-end encryption overcomes this by requiring the recipient to also have a private decryption key that allows them to view the email’s contents.
Pretty Good Privacy (PGP) arrived in the 1990s to secure emails over insecure networks using pairs of public and private keys.
Sending an email with PGP uses the recipient’s public key to secure the contents and a password to authenticate to an email service. A recipient decrypts this message using their private key to read it. Anyone who lacks the private key cannot read the contents.
This adds a security layer by requiring the user to enter a code from a text message or authentication token after entering their username and password.
This additional authentication limits a hacker’s access, as the chances of them having your username, password, and your cell phone or token is much lower.
An email server’s location has a bearing on how secure it is. Countries like the US and UK share intelligence data about citizens, and this data can be collected from servers based in those countries.
Other countries — Germany and Switzerland, for example — have tougher privacy laws, so many secure email services are based there to prevent snooping.
What secure email services are available?
There are plenty of secure email services available. Here are six of the most secure options.
Price: Free to €6.25 ($7.66) per user per month
One of the world’s largest secure email services, ProtonMail offers end-to-end encryption and a raft of other security features, such as encryption via secure implementations of AES (Advanced Encryption Standard), RSA, and OpenPGP.
You can also send end-to-end encrypted emails to non-ProtonMail users by sending the recipient a link that displays the encrypted message on their browser. You can then share a passphrase with the recipient to decrypt the message.
The company says it can’t read any emails it hosts because the data is encrypted so it’s inaccessible to the provider. The provider can’t decrypt the data either, so it can’t hand it over to third parties.
Plus, it’s based in Switzerland, which has some of the world’s strictest privacy laws. It also has a no-logs policy and offers self-destructing emails.
Price: Free to €72 ($88.26) base fee per year + €36 ($44.13) per user per year
Included storage: 1GB-10GB
Paid storage: Up to 1TB at €600 ($735.50) per year
This Germany-based secure email service provider offers a GDPR-compliant email service with built-in encryption and a secure calendar that allows no one but you to see your appointments. It also has desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android.
It uses AES-128 symmetric encryption or RSA-2048 asymmetric encryption, depending on the email recipient. The service also obfuscates email subject lines and attachment names.
Other security features include end-to-end encrypted mailbox, end-to-end encrypted address book, automatic end-to-end encrypted emails between users, end-to-end encrypted emails to any email address via a password.
It also has a secure password reset that gives the company no access at all. Users can execute a full-text search of encrypted data locally. There is also TLS with support for PFS, DMARC, DKIM, DNSSEC, MTA-STS.
Price: Free to €25 ($30.65) per month
MailFence is encrypted with a secure, open-source implementation of OpenPGP and offers cloud-based calendar, contact, and document tools. Existing PGP users can also import and manage their keypairs in the app.
It offers end-to-end encryption and digital signatures with data stored on Belgian servers. Customers can send encrypted messages to users who don’t use PGP. It also offers SSL/TLS, Perfect Forward Secrecy (PFS), MTA-STS, and HSTS for protecting your data while in motion.
This Belgium-based secure email service donates 15% of the Pro and Ultra plans revenues to support the Electronic Frontier Foundation and the European Digital Rights Foundation.
Price: $49.98 (personal); $5.99 per user per month (small businesses); $9.99-$39.00 per month (health care); $9.99 per month (law); and $3.99 per user per month (nonprofits)
Storage: 10GB (personal, small business, law); 10-15GB per user (health care); and 10GB per user (nonprofits)
Hushmail offers end-to-end encryption using open-source OpenPGP, but subject lines are unencrypted. User passwords are also hashed, and Hushmail uses a zero-knowledge model. Plus, the company can’t decrypt emails without a password.
However, if the provider gets an enforceable order under British Columbia law, they’ll have to reveal data in an unencrypted format.
Price: €1 ($1.23) per month to €25+ ($30.66) per month
Mailbox.org is a Germany-based secure email provider and is compatible with mobile devices and third-party clients. Mailbox.org also offers cloud storage and secure video conferencing features.
The service allows users to register anonymously without having to enter any personal details. SSL/TLS encryption protects data transmission, and it uses full PGP encryption. Users can choose to prevent sending mail to recipients without secure mailboxes.
The provider also uses (EC)DHE algorithms for Perfect Forward Secrecy (PFS), which prevents any possible decryption of recorded data traffic in the future. Mailbox.org secures its domain with DNSSEC and DANE/TLSA and uses HSTS, CAA, CSP, MTA-STS, and X-XSS to prevent man-in-the-middle attacks (MitM).
Price: €1 ($1.23) per month
Paid storage: €0.25 ($0.31) per month per GB (up to 20GB)
Posteo works on any device to enable cross-platform synchronization and includes spam and anti-virus filters. Plus, it strips identifying IP addresses from all emails. Users can sign up for and pay for the service anonymously. The firm is headquartered in Berlin, Germany, where it has been running since 2009.
Posteo also uses TLS with Perfect Forward Secrecy (PFS), DANE/TLSA, HTTP Strict Transport Security HSTS, SSH
Its servers’ hard disks are AES encrypted to prohibit data-theft and unauthorized access and are in a highly secure German data center. There is also optional on-server email encryption with RSA, AES, HMAC, and bcrypt hashing.
Emails sent using Posteo’s webmail interface contain neither a user's local nor public IP address. Users can secure Posteo accounts with two-factor authentication and set it up on all devices with free apps.
How to choose an AI vendor
Five key things to look for in an AI vendorDownload now
The UK 2020 Databerg report
Cloud adoption trends in the UK and recommendations for cloud migrationDownload now
2021 state of email security report: Ransomware on the rise
Securing the enterprise in the COVID worldDownload now
The impact of AWS in the UK
How AWS is powering Britain's fastest-growing companiesDownload now