Privacy can be in short supply when it comes to popular free email services. Many of the major players offer great accessibility and a modicum of encryption, but to proffer you ads they need to be able to at least scan the contents of your conversations.
If you’re worried about someone being able to take a peek at your conversations, or need higher-grade encryption because you work with sensitive data or in parts of the world where the governments are more intrusive, an encrypted email service is the way to go. (You'll want to ensure your antivirus and VPN needs are also adequately covered.)
Here’s our pick of the five best options that will ensure your words are only visible to the intended recipient.
Tutanota derives its name from the Latin terms Tuta (Secure) and Nota (messages), which sums up its service very nicely indeed. While the language finds its origins in Italy, Tutanota is based in Germany, so it benefits from the tight EU regulation on data privacy.
Signing up for a free account gives you 1GB of storage on your Inbox or there are the Premium and Pro versions if you want additional options such as custom domains, larger storage, aliases and customer support.
All emails are encrypted locally on your device, with only the sender, recipient and date being potentially visible to outsiders. Tutanota employs AES128 symmetric and asymmetric encryption so that you can exchange emails with other users on the platform or with those who use another service that’s unencrypted. In the latter case, you send a password to the recipient who then uses it to access the emails. This only needs to happen once, as they are then added to your secure contact list.
Recently the service added an encrypted calendar feature (but you can only add additional ones on Premium and Pro tiers) plus there are plans to continually bring new capabilities to the platform.
Another trusted name in online privacy is ProtonMail. This Swiss company offers a comprehensive level of security, while also locating its data centres ‘underneath 1000 meters of solid rock’. Now, while this may seem like the lair of a Bond villain, its actually home to an impressive service that is protected by the firm legal privacy laws in Switzerland.
End-to-end encryption is the order of the day, and ProtonMail requires no personal data to create your account, including your IP address that could be used to track your location. The software is open-source, with SSL, AES, RSA and OpenPGP encryption technologies deployed throughout.
One of the problems often encountered with secure services is that they can suffer from a lack of convenience. ProtonMail sidesteps this by allowing you to choose from a variety of uses, included secure email to other ProtonMail users or third-party service (ie Gmail, etc.) via a password that you send separately to decrypt messages.
There’s also the option to send normal, unencrypted messages to third-party users if you’re not worried about the government finding out about Thursday’s five-a-side meetup. The choice is made in the email via the Encrypt button, making ProtonMail a very usable solution in most situations.
Another useful feature is the ability to create email addresses that end in pm.me rather than protonmail.com. This is free to all users, although to be able to reply with the former you’ll need to sign up to one of the paid plans.
At the time of writing this will cost you €4/£3.40/$4.40 per month for the Plus tier that allows you to send and receive 1000 messages per day, offers 5GB of storage, multiple folder support, an autoresponder feature, and customer support. You can also increase the storage for additional small fees, add a VPN, or try one of the other tiers for even more features.
The free tier grants 500MB of storage, limits the account to 150 messages a day, and only has support for three folders, but it’s a good way to try out the service before investing any money.
StartMail is the sister-product of StartPage, which is one of our favourite search-engines due to it not retaining any information about either the user or what they look for online. Now this privacy can be extended to your mail thanks to the Dutch company offering StartMail.
The layout is clean and simple, with the whole service based on a web-interface rather than apps for mobile or desktop. Emails can be encrypted in a couple of different ways, either via the Q&A route where the message requires the recipient to answer a question before the contents are decrypted (a password can also be arranged instead) or by sharing PGP encryption keys. The latter is only for those who use StartMail or another email service that offers PGP encryption.
Unlike some of the others on this list, StartMail doesn’t have a free tier, with only a 30-day trial available and then a step up to £45/$59.95 per year. For this you do get 10GB of storage, 10 custom aliases, support for IMAP so you can plug StartMail into other services like Outlook and Apple Mail, and the interesting feature of unlimited disposable aliases. These allow you to keep your actual email address private, so you can talk to people but retain your privacy and anonymity.
The cost does make it a service only for those who really need a secure email solution, and we wish there was a lower-priced tier or the option to pay monthly, but there’s plenty to like about the features and capabilities of StartMail.
Criptext is completely free and has a few interesting features built-in. If you’re sending emails to others users of the service, then you have the ability to unsend any messages for up to an hour – useful if you suddenly remember that details in the email were wrong or not meant to be shared. There’s also real-time tracking so you can see that your email has been received and read.
The service is a bit different to some of the others on this list, in that Criptext doesn’t store any of your messages on its servers but instead merely acts as a delivery service between your device and the recipient. All emails are stored locally on your PC, smartphone or tablet, which also means that the encryption is end-to-end and can’t be read by Criptext.
The company uses the open source Signal Protocol, which is the same one found in the Signal messaging app, so you know that the contents of any messages will remain private. Plus each email has its own individual key, so even if that one is acquired by hackers they won’t be able to read any other messages.
At the time of writing, Criptext was also preparing to launch a new Pro tier that costs £8/$10p/m and adds features such as custom domains, aliases, reminders, scheduled emails and customer support. So, if those are features you require then be sure to check it out.
One thing to bear in mind is that you’ll need to have at least one device logged into Criptext at all times (you’re allowed up to 10), as the lack of a web server means there’s nowhere for mails to go otherwise and they’d be lost.
Based in Belgium, Mailfence offers a wide-range of features for desktop-based email encryption. At the time of writing there are no dedicated mobile apps, although they are in development, but those who sign up to a paid tier can use ActiveSync for iOS or Android to get their messages.
With this in mind, Mailfence seems more suitable for PC users who are familiar with OpenPGP and are happy to manage their keys. The options available are impressive, as you can import mailboxes from Yahoo, Gmail, and Hotmail, and utilise SMTPS, POPS or IMAPS (on paid tiers).
Mailfence can’t read your emails, which are encrypted with your private keys and password, plus the company states that it doesn’t have a root key that can decrypt your messages even if it wanted to. It also points out that as it’s based in Belgium it will only comply with court orders from a judge within the country to hand over any data and is not subject to gag orders from the USA.
The free account comes with 500MB of storage for emails, two factor authentication and customer support via email. Should you require more features then the Entry tier costs £2/£3 per month and upgrades the storage to 5GB, allows for 10 aliases, 2FA, support via email or telephone, custom domains, and POPs, IMAPs, SMTPs, iOS, Android, Exchange ActiveSync compatibility.
Mailfence is a powerful service, but probably not the best for novices.