Best Email Services for Security and Privacy

First of all, Email is a broken protocol and it is not going to be replaced anytime soon. You can make it “less” broken by choosing an alternative to Gmail, Yahoo and other services. We tested Email services that respects privacy and security of users and these are the best email providers to use.

ProtonMail

ProtonMail is based off Switzerland, a country offering strong privacy protection.

The good:

  • Supports end-to-end encryption between ProtonMail users and secure delivery of messages to people using other email services.
  • Data stored on servers (the mailboxes) is encrypted and can’t be accessed by ProtonMail staff or 3rd parties
  • Self Destructing messages
  • The team is transparent about their business and have a transparency report
  • Clean and easy to use interface
  • Daily email notification can be sent to an alternative address of yours, making this useful if ProtonMail is not your main email account

The bad:

  • Still in beta and invitation-based, making the service hard to join.
  • Email storage is 500MB and there is also a limit of 1000 messages / month.
  • Website’s SSL certificated is using SHA1. It should be SHA256
  • Not possible to see login history/failed login attempts, so you don’t know if anyone else can access your email account.

Tutanota

Tutanota is an email service from Germany, another country with strong privacy laws.

The good:

  • Open for signups, you can get an account in less than a minute. They don’t require personal information to sign-up.
  • Supports end-to-end encryption between Tutanota users and also for messages sent to 3rd party email services using a password that the recipient should know to decrypt the message.
  • Uncluttered, modern interface.
  • Support for smartphones: apps available for Android and iOS devices.
  • It is open source.
  • Audited by SYSS, a prestigious Pentesting company from Germany.
  • Outlook integration using addon.

The bad:

  • Only 1GB of storage by default. Can be upgraded to 5GBs.
  • The Security log doesn’t show the IP addresses of failed/successful login attempts only the date of the last login and number of failed attempts.
  • It’s not possible to view email headers (raw format).

Conclusions

There are some features that aren’t implemented with the secure email services listed above, one being Two-factor authentication. Without two-factor authentication, someone who can steal or guess your password will be able to access the private email account.

As noted in the beginning of this article, email is broken since it wasn’t designed with security and privacy in-mind. These services only “patch” some of the vulnerabilities of the protocol, but they are far from what we’d like to see in the post-Snowden / NSA surveillance Era. P2P, decentralized end-to-end encrypted communication protocols are what we really need.

Other email services that look promising but are not yet available for public sign-up: Dark Mail, Lavaboom.

3 Comments

  1. JuJuii May 3, 2015
    • TJ July 17, 2016
  2. Resto22 March 30, 2020

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.