The most secure email services of 2021

Email is not secure by design, but these email providers allow you to send emails with top-level security

Email was never meant to be safe. Most people don’t realise that others can easily see what you write in an email, which is why it’s a good idea to use the most secure email service you can find.

Compared to more modern forms of business communication, such as Zoom, Slack, and Microsoft Teams, email is an ageing technology and has limitations that can lead to security issues. However, over the years, security researchers have made email more secure in an age when hackers are never far away.

What to look for in a secure email service

Related Resource

The state of ransomware in retail 2021

Insights into the current state of ransomware in the retail sector

Whitepaper front coverFree download

Whether you’re a home user or work for a large corporation, it’s good to know what security features your email service has. Below, you’ll find some features you should look for in secure email service and how they may benefit you.

End-to-end encryption

End-to-end encryption disguises data in order to prevent it from being read or changed, and sending an email over this secure communication system means only the device it’s sent to can decrypt it, with the use of a private decryption key.

This method is considered one of the safest because it prevents third parties from being able to access the secure file while it’s being transferred within the end-to-end system.

PGP encryption

Pretty Good Privacy (PGP) is seen as a fairly standard encryption service, but it’s extremely difficult to hack. This is a key reason why this email security tool is still used today, using a combination of data compression, private-key and public-key cryptography, since its conception in 1991.

The way it works is that each user of this system has an encryption key that is known publicly; this changes the contents of a secure text file or email into a complex code of characters. This code is then sent to the recipient who uses their private PGP encryption key to turn the characters back into a readable message.

Without access to the public and private encryption keys, others won’t be able to read the contents.

Two-factor authentication

Two-factor authentication, or 2FA, is a protective feature that means that in order to read a secure message or email, the recipient needs a password or code that’s sent to them to decrypt it; this can either be by text message or an authenticator app on your phone.

With this method, businesses can enable their employees to access messages from wherever they are, and decrease the chances for hackers to gain access without the authentication passwords.

Server location

An email server’s location has a bearing on how secure it is. Countries like the US and UK share intelligence data about citizens, and this data can be collected from servers based in those countries. 

Other countries — Germany and Switzerland, for example — have tougher privacy laws, so many secure email services are based there to prevent snooping.

What secure email services are available?

There are plenty of secure email services available. Here are six of the most secure options. 

ProtonMail

URL: www.protonmail.com

Price: From £0 up to £6.83 (€8.00 / $9.45) per user per month

Storage: 500MB - 20GB

One of the world’s largest secure email services, ProtonMail offers end-to-end encryption and a raft of other security features, such as encryption via secure implementations of AES (Advanced Encryption Standard), RSA, and OpenPGP.

You can also send end-to-end encrypted emails to non-ProtonMail users by sending the recipient a link that displays the encrypted message on their browser. You can then share a passphrase with the recipient to decrypt the message.

The company says it can’t read any emails it hosts because the data is encrypted so it’s inaccessible to the provider. The provider can’t decrypt the data either, so it can’t hand it over to third parties.

Plus, it’s based in Switzerland, which has some of the world’s strictest privacy laws. It also has a no-logs policy and offers self-destructing emails.

Tutanota

URL: www.tutanota.com

Price: From £0 to £4.10 (€4.80 / $5.67) per user per month

Included storage: 1GB - 10GB

Paid storage: Up to 1TB at £51.24 (€60.00 / $70.89) per month

This Germany-based secure email service provider offers a GDPR-compliant email service with built-in encryption and a secure calendar that allows no one but you to see your appointments. It also has desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android.

It uses AES-128 symmetric encryption or RSA-2048 asymmetric encryption, depending on the email recipient. The service also obfuscates email subject lines and attachment names.

Other security features include end-to-end encrypted mailbox, end-to-end encrypted address book, automatic end-to-end encrypted emails between users, end-to-end encrypted emails to any email address via a password.

It also has a secure password reset that gives the company no access at all. Users can execute a full-text search of encrypted data locally. There is also TLS with support for PFS, DMARC, DKIM, DNSSEC, MTA-STS.

MailFence

URL: www.mailfence.com/en/

Price: From £0 to £21.35 (€25 / $29.54) per month

Storage: 500MB - 50GB

MailFence is encrypted with a secure, open-source implementation of OpenPGP and offers cloud-based calendar, contact, and document tools. Existing PGP users can also import and manage their keypairs in the app.

It offers end-to-end encryption and digital signatures with data stored on Belgian servers. Customers can send encrypted messages to users who don’t use PGP. It also offers SSL/TLS, Perfect Forward Secrecy (PFS), MTA-STS, and HSTS for protecting your data while in motion.

This Belgium-based secure email service donates 15% of the Pro and Ultra plans revenues to support the Electronic Frontier Foundation and the European Digital Rights Foundation.

Hushmail

URL: www.hushmail.com

Price: £36.13 (€42.30 / $49.98) [personal account per year]; £4.33 (€5.07 / $5.99) per user per month [small businesses]; £7.22 - £28.19 (€8.46 - €33.01 / $9.99 - $39.00 per month [health care]; (€8.46 / $9.99) per month [law]; and £2.88 (€3.38 / $3.99) per user per month [non-profits]

Storage: 10GB (personal, small business, law); 10-15GB per user (health care); and 10GB per user (non-profits)

Hushmail offers end-to-end encryption using open-source OpenPGP, but subject lines are unencrypted. User passwords are also hashed, and Hushmail uses a zero-knowledge model. Plus, the company can’t decrypt emails without a password. 

However, if the provider gets an enforceable order under British Columbia law, they’ll have to reveal data in an unencrypted format.

Mailbox.org

URL: www.mailbox.org/en/

Price:  £0.85 (€1.00 / $1.18) per month to £7.69 (€9.00 / $10.63) per user per month

Storage:  2 GB- 25GB (50GB cloud storage)

Mailbox.org is a Germany-based secure email provider and is compatible with mobile devices and third-party clients. Mailbox.org also offers cloud storage and secure video conferencing features.

The service allows users to register anonymously without having to enter any personal details. SSL/TLS encryption protects data transmission, and it uses full PGP encryption. Users can choose to prevent sending mail to recipients without secure mailboxes.

The provider also uses (EC)DHE algorithms for Perfect Forward Secrecy (PFS), which prevents any possible decryption of recorded data traffic in the future. Mailbox.org secures its domain with DNSSEC and DANE/TLSA and uses HSTS, CAA, CSP, MTA-STS, and X-XSS to prevent man-in-the-middle attacks (MitM).

Posteo

URL: www.posteo.de/en

Price: £0.85 (€1 / $1.18) per month

Storage: 2GB 

Paid storage: £0.21 (€0.25 / $0.30) per month per additional GB (up to 20GB) 

Posteo works on any device to enable cross-platform synchronization and includes spam and anti-virus filters. Plus, it strips identifying IP addresses from all emails. Users can sign up for and pay for the service anonymously.  The firm is headquartered in Berlin, Germany, where it has been running since 2009. 

Posteo also uses TLS with Perfect Forward Secrecy (PFS), DANE/TLSA, HTTP Strict Transport Security HSTS, SSH

Its servers’ hard disks are AES encrypted to prohibit data theft and unauthorized access and are in a highly secure German data center. There is also optional on-server email encryption with RSA, AES, HMAC, and bcrypt hashing.

Emails sent using Posteo’s webmail interface contain neither a user's local nor public IP address. Users can secure Posteo accounts with two-factor authentication and set it up on all devices with free apps.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
SMBs urged to update software ahead of Black Friday
e commerce

SMBs urged to update software ahead of Black Friday

25 Nov 2021
US adds dozen Chinese tech companies to trade blacklist
Policy & legislation

US adds dozen Chinese tech companies to trade blacklist

25 Nov 2021
Fifth of UK security pros discriminated against in 2021
Careers & training

Fifth of UK security pros discriminated against in 2021

23 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Jack Dorsey resigns as Twitter CEO
business management

Jack Dorsey resigns as Twitter CEO

29 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021