The most secure email services of 2021

Email is not secure by design, but these email providers allow you to send emails with top-level security

Email envelope with a key in it

Email was never meant to be safe. Most people don’t realize that others can easily see what you write in an email. That’s why it’s a good idea to use the most secure email service you can find.

Compared to more modern forms of communication, such as Zoom, Slack, or Teams, email is ancient and has limitations that can lead to security issues. However, over the years, security researchers have made email more secure in an age when hackers are never far away.

What to look for in a secure email service

Whether you’re a home user or work for a large corporation, it’s good to know what security features your email service has. Below, you’ll find some features you should look for in secure email service and how they may benefit you.

End-to-end encryption

Encryption obscures to keep it safe from snooping hackers. Sending an email over an encrypted network essentially disguises the message’s text, making it impossible to read without a decryption key. 

Some email services only encrypt data when it is traveling, leaving it in plain text at the other end. End-to-end encryption overcomes this by requiring the recipient to also have a private decryption key that allows them to view the email’s contents.

PGP encryption

Pretty Good Privacy (PGP) arrived in the 1990s to secure emails over insecure networks using pairs of public and private keys. 

Sending an email with PGP uses the recipient’s public key to secure the contents and a password to authenticate to an email service. A recipient decrypts this message using their private key to read it. Anyone who lacks the private key cannot read the contents.

Two-factor authentication

This adds a security layer by requiring the user to enter a code from a text message or authentication token after entering their username and password. 

This additional authentication limits a hacker’s access, as the chances of them having your username, password, and your cell phone or token is much lower.

Server location

An email server’s location has a bearing on how secure it is. Countries like the US and UK share intelligence data about citizens, and this data can be collected from servers based in those countries. 

Other countries — Germany and Switzerland, for example — have tougher privacy laws, so many secure email services are based there to prevent snooping.

What secure email services are available?

There are plenty of secure email services available. Here are six of the most secure options. 

ProtonMail

URL: www.protonmail.com

Price: Free to €6.25 ($7.66) per user per month

Storage: 500MB-20GB

One of the world’s largest secure email services, ProtonMail offers end-to-end encryption and a raft of other security features, such as encryption via secure implementations of AES (Advanced Encryption Standard), RSA, and OpenPGP.

You can also send end-to-end encrypted emails to non-ProtonMail users by sending the recipient a link that displays the encrypted message on their browser. You can then share a passphrase with the recipient to decrypt the message.

The company says it can’t read any emails it hosts because the data is encrypted so it’s inaccessible to the provider. The provider can’t decrypt the data either, so it can’t hand it over to third parties.

Plus, it’s based in Switzerland, which has some of the world’s strictest privacy laws. It also has a no-logs policy and offers self-destructing emails.

Tutanota

URL: www.tutanota.com

Price: Free to €72 ($88.26) base fee per year +  €36 ($44.13) per user per year

Included storage: 1GB-10GB

Paid storage: Up to 1TB at €600 ($735.50) per year

This Germany-based secure email service provider offers a GDPR-compliant email service with built-in encryption and a secure calendar that allows no one but you to see your appointments. It also has desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android.

It uses AES-128 symmetric encryption or RSA-2048 asymmetric encryption, depending on the email recipient. The service also obfuscates email subject lines and attachment names.

Other security features include end-to-end encrypted mailbox, end-to-end encrypted address book, automatic end-to-end encrypted emails between users, end-to-end encrypted emails to any email address via a password.

It also has a secure password reset that gives the company no access at all. Users can execute a full-text search of encrypted data locally. There is also TLS with support for PFS, DMARC, DKIM, DNSSEC, MTA-STS.

MailFence

URL: www.mailfence.com/en/

Price: Free to €25 ($30.65) per month

Storage: 500MB-50GB

MailFence is encrypted with a secure, open-source implementation of OpenPGP and offers cloud-based calendar, contact, and document tools. Existing PGP users can also import and manage their keypairs in the app.

It offers end-to-end encryption and digital signatures with data stored on Belgian servers. Customers can send encrypted messages to users who don’t use PGP. It also offers SSL/TLS, Perfect Forward Secrecy (PFS), MTA-STS, and HSTS for protecting your data while in motion.

This Belgium-based secure email service donates 15% of the Pro and Ultra plans revenues to support the Electronic Frontier Foundation and the European Digital Rights Foundation.

Hushmail

URL: www.hushmail.com

Price: $49.98 (personal); $5.99 per user per month (small businesses); $9.99-$39.00 per month (health care); $9.99 per month (law); and $3.99 per user per month (nonprofits) 

Storage: 10GB (personal, small business, law); 10-15GB per user (health care); and 10GB per user (nonprofits)

Hushmail offers end-to-end encryption using open-source OpenPGP, but subject lines are unencrypted. User passwords are also hashed, and Hushmail uses a zero-knowledge model. Plus, the company can’t decrypt emails without a password. 

However, if the provider gets an enforceable order under British Columbia law, they’ll have to reveal data in an unencrypted format.

Mailbox.org

URL: www.mailbox.org/en/

Price: €1 ($1.23) per month to €25+ ($30.66) per month

Storage: 2-5GB

Mailbox.org is a Germany-based secure email provider and is compatible with mobile devices and third-party clients. Mailbox.org also offers cloud storage and secure video conferencing features.

The service allows users to register anonymously without having to enter any personal details. SSL/TLS encryption protects data transmission, and it uses full PGP encryption. Users can choose to prevent sending mail to recipients without secure mailboxes.

The provider also uses (EC)DHE algorithms for Perfect Forward Secrecy (PFS), which prevents any possible decryption of recorded data traffic in the future. Mailbox.org secures its domain with DNSSEC and DANE/TLSA and uses HSTS, CAA, CSP, MTA-STS, and X-XSS to prevent man-in-the-middle attacks (MitM).

Posteo

URL: www.posteo.de/en

Price: €1 ($1.23) per month

Storage: 2GB 

Paid storage: €0.25 ($0.31) per month per GB (up to 20GB) 

Posteo works on any device to enable cross-platform synchronization and includes spam and anti-virus filters. Plus, it strips identifying IP addresses from all emails. Users can sign up for and pay for the service anonymously.  The firm is headquartered in Berlin, Germany, where it has been running since 2009. 

Posteo also uses TLS with Perfect Forward Secrecy (PFS), DANE/TLSA, HTTP Strict Transport Security HSTS, SSH

Its servers’ hard disks are AES encrypted to prohibit data-theft and unauthorized access and are in a highly secure German data center. There is also optional on-server email encryption with RSA, AES, HMAC, and bcrypt hashing.

Emails sent using Posteo’s webmail interface contain neither a user's local nor public IP address. Users can secure Posteo accounts with two-factor authentication and set it up on all devices with free apps.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

NSA releases guidance on voice and video communications security
Voice over Internet Protocol (VoIP)

NSA releases guidance on voice and video communications security

18 Jun 2021
Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Four in five ransomware victims suffer repeat attacks
ransomware

Four in five ransomware victims suffer repeat attacks

16 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021