Email has been commonplace for decades; you can get free email accounts from numerous services. But, as is often said, if it’s free, then you’re the product. You may have read that, for example, Google has allowed other companies scan mail in Gmail accounts, scraping data for marketers. While the tools used to scan email may simply have been looking to see how much you paid for plane tickets, they also had access to your highly personal content.
Many journalists, activists, public figures, and others with a need for heightened digital security and privacy have to ensure the integrity of their personal data, and only the highest level of security is sufficient: end-to-end encryption. They also need two-factor authentication on their accounts, so no one can breach them.
Gone are the days of complex installations of third-party software to encrypt emails; many services now offer this feature automatically via their web apps, and some even provide mobile and desktop apps to make this level of security easily accessible.
The way email services handle metadata is also important. This includes your IP address, and information about your computer. And the most secure email services don’t store logs, so nothing can be traced back to you.
How these services work is also important: do they offer web access only, or do they have mobile apps? And some services offer email via IMAP and SMTP, allowing you to use standard email apps, if you wish, and, in some cases, you can still use encryption with such apps.
I’ve looked at three secure, private email services, all of which offer both free and paid tiers. All three offer encryption, two-factor authentication, and other security features to protect accounts. These services have free tiers as tasters, to get you to upgrade; those who use email a lot won’t find the free tiers sufficient. While one of them might be enough for you, it’s clear that for maximal security and features, you shouldn’t settle for free; the premium versions only cost a few dollars a month, and it’s worth paying for.
ProtonMail is one of the best-known secure email services. Located in Switzerland, ProtonMail offers end-to-end encryption. This means that emails are encrypted when you send them, remain encrypted on ProtonMail’s servers, and are only decrypted when the recipient reads them. ProtonMail uses open-source implementations of AES, RSA, along with OpenPGP to encrypt email. It’s worth noting, however, that the subject lines of emails are not encrypted. ProtonMail also strips IP addresses from emails, ensuring full privacy.
You can use ProtonMail on the web, or with iOS and Android apps. ProtonMail does not support IMAP, POP, or SMTP, but if you want to use ProtonMail with your normal email client on the desktop, you can use their Bridge app, which works with Apple Mail, Outlook 2011/2016/2019, and Thunderbird—though you’ll need a paid account to use this. This app handles the encryption and decryption of emails, and is transparent when used. ProtonMail also offers a secure calendar and encrypted file storage.
You can send unencrypted emails with ProtonMail, or you can set a passphrase to encrypt messages. When you send an encrypted email to another ProtonMail user, they can read it immediately, but when you email someone else, they receive an email with a link to view that email on the web. You need to set up and agree on a passphrase for the email; you set it when you send the email, and you can use a different passphrase for each message. You can send the passphrase to the recipient via a secure instant messaging/texting service, like Signal. You can also set a date for when the message link expires; by default, this is four weeks from when you send the email.
A free ProtonMail account gives you 500 MB storage for email, and up to 150 messages a day. For many people, this is sufficient, since you may only use ProtonMail for the occasional email that has to be secure. For €5 a month (€48 a year if you pay annually), you get 5 GB storage, up to 5 email aliases, 1,000 messages a day, the ability to use a custom domain, and more. And for €24 a month (paid annually), you get 20 GB storage, up to 50 email aliases, 10 domains, no sending limits, and more.
(Note that all prices in this article are in Euros, because all three of these services are based in Europe; however, you can, of course, pay for these services even if you’re in the U.S. or elsewhere. For reference, at current exchange rates at the time this article is being published, €1 is about US $1.18.)
While ProtonMail is easy to use on the web, I found the iOS app a bit problematic. It’s just the web app ported to iOS, and, while it works well, you can’t adjust the font size; for text only it’s just readable, but in HTML emails, it’s really tiny.
ProtonMail is a great service that balances some usage limitations with excellent security.
Tutanota, located in Germany, offers features similar to ProtonMail. Tutanota encrypts everything: emails, calendars, and contacts. Tutanota uses symmetric (AES 128) and asymmetric encryption (AES 128 / RSA 2048) to encrypt emails end-to-end. When both sender and recipient use Tutanota, emails are encrypted automatically. If you want to send an encrypted email to a non-Tutanota user, they receive a link to view it on the web, and, as with ProtonMail, you set a passphrase that you must exchange securely, via messaging.
As with ProtonMail, you can send both encrypted and unencrypted emails. To do the latter, you need to adjust a setting to send the default delivery to “not confidential,” but you can then set a passphrase for each email if you wish. Tutonata strips IP addresses from emails, and everything on their servers is encrypted.
Tutanota does not support IMAP, POP, or SMTP, but has a clean web app, along with mobile apps, and you can download a standalone desktop app for Mac and other platforms. I found the mobile app to be a lot more readable than ProtonMail, and the Mac app, which is just the web app in a wrapper, is easy to use.
You can sign up for a free Tutanota account anonymously, but you’ll have to wait 48 hours for the account to become available. Tutanota says this is to prevent mass registration. Free accounts offer 1 GB storage, and a Premium account is just €1 a month, when paid annually, and offers the ability to use a custom domain, 5 email aliases, and more. For €4 a month (paid annually), you get 10 GB storage, but still only one custom domain and 5 aliases. If you want more, you need to look at the business plans, which cost up to €7 a month per user. You can, however, purchase add-ons: up to 1 TB of extra storage, and up to 100 additional email aliases.
For a free account, I find Tutanota a bit easier to use than ProtonMail, because of their apps.
Mailfence is a Belgian email service that offers features similar to ProtonMail and Tutanota, but with both additional features and some weaknesses. You can send and receive encrypted emails, and you can encrypt documents, calendars, and contacts.
With Mailfence, there are some extra steps to enable encryption. You create a personal key, using a passphrase, and you can set the duration of that key in days, months, or years, as well as choose between RSA and ECC – Curve2519. When you send emails, you can either use a passphrase, that you communicate to your recipient by secure messaging, or you can use OpenPGP. You can choose how long encrypted messages are available, from one day to four weeks. And Mailfence strips IP addresses from email headers, though the company does log IP addresses and some metadata. As with ProtonMail and Tutanota, recipients who are not Mailfence users will receive messages with a link to view the content on the web.
Mailfence provides a progressive web app (PWA) rather than mobile or desktop apps. This is essentially the web page that you view in your browser, and you can save an icon to the home screen of your iPhone or iPad. Mailfence only supports Safari, saying “Safari is the only browser we tested thus the only iOS browser supported,” so you might not be able to use this with other browsers. One advantage to using the browser instead of an app is the ability to adjust the font size and other settings in the browser.
Mailfence also supports IMAP, POP, and SMTP, making it a more flexible service. You could use it in your standard email client for your regular email, and switch to the web app when you need to send or receive encrypted emails.
Free Mailfence accounts give you 500 MB for email storage and 500 MB for document storage. For €2.50 a month, you get 5 GB for emails, 12 GB for documents, and 10 email aliases. Two other paid accounts are available for up to €25 a month, with up to 50 GB for email storage, 70 GB for documents, and 100 aliases, and business accounts are also available with more storage and user management.
Mailfence also offers secure groups, which allows you to set up a shared space for email, contacts, calendars and documents. The free tier offers one group, and paid tiers offer up to seven groups.
Because of its flexibility, Mailfence is the kind of service that may be the easiest to adopt (once you get past the initial setup process). You can continue to use your email client regularly, and when you do need to send secure emails, switch to your browser to use Mailfence’s encryption feature.
Software-based alternatives for email encryption: S/MIME and PGP
If you really don’t want to sign up for a new email service, but you like the idea of being able to occasionally send encrypted messages, there are a couple of ways to bolt on additional security to an existing email account. This doesn’t protect you quite as thoroughly as a service designed with security in mind, however.
One option is to send and receive encrypted emails in Apple Mail using S/MIME. The process is a bit complicated to set up; you have to obtain a personal certificate from a certificate authority, and you need to know what you’re doing to make this work. See our article about how to set up S/MIME:
A classic way to encrypt email is PGP (Pretty Good Privacy). One software-based encrypted email solution based on PGP is GPG Mail for Mac; it’s part of the open-source collection of GnuPG (GNU Privacy Guard) tools known as GPG Suite, and it integrates with Apple Mail. GPG Mail isn’t free; it currently costs US $23.90 per major version release. That last detail is important, because new versions of GPG Mail are often required for continued compatibility with the latest version of Apple Mail, due to changes in macOS and the Mail app as part of Apple’s yearly major OS update cycle—and sometimes it takes months for GPG Mail to get updated after a new macOS release. A disadvantage of GPG is that both parties (the sender and the recipient) need to have GPG installed and need to have created a public/private key pair in order to have a two-way encrypted conversation.
Given the relative ease of signing up for an email service designed with security and privacy in mind, for many people it probably makes sense to use a service like ProtonMail, Tutanota, or Mailfence rather than fuss with trying to set up a software solution. If you’re concerned about losing access to your old email or notifying everyone of your new address, don’t fret; you can always keep your existing email account as long as you like and gradually shift to the new one, or use them both in parallel for different purposes, or (with some email providers) you can set up permanent auto-forwarding of all emails to your new address to ensure you don’t miss anything important (but beware that you may need to pay for additional storage with your new provider if you get a lot of emails, especially ones with large attachments).
All three of the encrypted email services we’ve discussed, ProtonMail, Tutanota, and Mailfence, offer enhanced security and privacy features, and they are very easy to use. All three of them offer free accounts with limited features, but the paid accounts are inexpensive, and you may find it compelling to pay a minimal monthly fee for the enhanced features. None of them cost as much as a cup of coffee a month, so try out the free tiers and decide whether you need more.
How can I learn more?
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.
We talked about secure email providers and more in episode 198 of the Intego Mac Podcast.
You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, and YouTube.