The 11 Most Secure Email Services for Better Privacy

You can’t have too much privacy in today’s all-seeing Internet of big corporations, nosey governments, and “14 Eyes.” (If you don’t know what that is, do your research!) You don’t need to be a criminal not to want your emails spied on, but to have a guarantee of that, you’ll need to find an email service with your privacy as its main concern.

These services are, thankfully, becoming more common, but even among them it’s important to pick out the ones that wouldn’t be able to spy on your data even if they received a government order to. Here are our favorite high-security, high-privacy email providers.

most-secure-email-services-scryptmail

The developers of this privacy-focused email provider say that what makes it stand out from the competition is something called ‘Front-end encryption’, which means that at no point is there any clear-text/unencoded information being sent over the network.

Scryptmail encrypts all its meta-data too, providing security in the unlikely case of a database breach, as well as the usual bits like PGP-standard key exchanges, two-factor authentication, and ANSI passwords.

One point of contention could be that the servers are based in the US, potentially subjecting users toe US court orders and NSA snooping, though they plan on deploying more servers worldwide.

best-secure-email-services-privacy-disroot-rainloop

New kids on the block of privacy-centric email services should always be approached with caution, as you never quite know if the company will survive or what companies are pulling the strings above them. However, Disroot has in the past couple of years established itself as a great, independent and encrypted email option.

Disroot is ad-free, non-tracking, and doesn’t snoop around asking for your personal information such as your address or favorite color of boxer shorts. Their browser-based client, Rainloop, is easy to look at and use, but beneath the nice veneer it’s bolstered by the open-source and unbroken GPG encryption.

Disroot’s partnered with all the right companies, too, offering secure cloud storage with Nextcloud and a cloud word processor in the form of EtherPad.

most-secure-email-services-torguard

The same people who deliver one of the best VPNs out there are actually also pretty handy in the email department, offering a service that matches up to the privacy you’d hope for.

With TorGuard Email, you get PGP encryption (server-side, not end-to-end) and an email system that’s hidden away on hardware in Ukraine. Once you take all the steps to delete an email from your inbox, it’s gone forever.

TorGuard promises not to track your email usage in any way and does not have contact with any government agencies or third parties without a court order.

most-secure-email-services-hushmail

This Web, mobile and desktop-based email client has been around for a good while now and has kept up with the times by offering an underground bunker’s worth of security features in an elegant interface. Not even Hushmail itself has access to the contents of your email, all of which is protected by encrypted passwords.

You can send 2048-bit encrypted messages to users of other email providers such as Gmail and Outlook, and can also sync up with people who use other popular encryption methods like OpenPGP. All the usual spam-filtering, blacklisting and anonymity options are in place, too, including an unlimited number of email aliases to keep your identity private.

Unfortunately, Hushmail doesn’t have a free version anymore, although you can test whether it’s right for you with a fourteen-day trial. It’s completely ad-free and gives you 10GB of storage space to boot.

secure-email-services-better-privacy-runbox

This is not the most well-known super-secure email provider, but in a business where anonymity is key, maybe that’s not such a bad thing. At every point of the process, Runbox has safeguards in place to keep your information away from those who may want to snoop. Every time you send emails, they’re sent over a secure encrypted connection, and anything sent between your email and Runbox servers is encrypted as well. The data isn’t encrypted when it’s sitting on the servers, but it’s locked away in a vault in Norway where personal data is protected by the Constitution. (they take that stuff seriously over there!)

You can pay the annual price plan using Bitcoin (the cheapest subscription is $20 a year) for extra anonymity, there are two different kinds of two-factor authentication, and there are no external tracking cookies, meaning that Runbox isn’t in bed with advertisers to harvest your data.

At the time of writing, Runbox is working on integrating a PGP (Pretty Good Privacy) encryption option which will require both the sender and recipient to generate an encryption key to open emails.

secure-email-services-better-privacy-mailfence

Mailfence does the whole business of privacy a little differently from other services on this list. It uses OpenPGP public key encryption which offers end-to-end encryption based on a key that you share with the recipients of your emails. This whole feature is optional, of course, so you don’t have to go through the whole rigmarole for every mundane email you send.

Mailfence can’t see into or scan your emails because of their encryption. This service, which also offers calendar, cloud storage and collaboration features, was made in the wake of the Snowden revelations by a group of developers who are passionate about your rights to online privacy.

Finally, in what must surely be a dig at Google, when you go to the Mailfence website and are asked if you want “Secure and private email service,” you can click “No,” at which point you will be redirected to Gmail. I like these guys!

secure-email-services-better-privacy-protonmail

ProtonMail is one of the most highly-regarded apps on this list. Forbes called it “the only email system NSA can’t access,” and with good reason. Their servers are located in Switzerland, which means the US government cannot forcibly shut them down or order them to produce information. In any case, the emails are encrypted end to end, which makes it impossible to intercept and decipher them. Also, ProtonMail does not log IP addresses, so you are truly anonymous by using this service.

Creating a ProtonMail account is free, though you can upgrade to a premium account to access more features.

secure-email-services-better-privacy-tutanota

Tutanota is a completely open source and free email service that offers end-to-end encryption of emails, including the ability for non-Tutanota users to securely respond to encrypted emails. Once the intended recipient receives your encrypted email, they will not be able to view the subject, attachment or message unless they can produce a password (which both must have agreed upon previously) that will unlock the contents of your message. You can also choose not to encrypt your emails, but that defeats the purpose of using Tutanota.

For free accounts, you get 1 GB of storage and no aliases, but you can upgrade to premium for just €1/month to add up to five aliases and map your own domain to Tutanota. Mobile apps are also available for Android and iOS.

secure-email-services-better-privacy-poste-de

Posteo.de is a Berlin-based service which is also held in high regard when it comes to protecting the privacy of its users. Unlike the above two, Posteo.de is not free and comes with plans starting at €1/month for 2 GB storage capacity with POP3 and IMAP support. Importantly, two-factor authentication is available, which prevents access to your account even if your password is compromised. Posteo.de does not request any personal information while signing up and even allows you to pay anonymously using bank transfer, cash or Paypal.

secure-email-services-better-privacy-kolab-now

Kolab Now is another open-source email service with its servers completely hosted and managed in Switzerland, just like ProtonMail, so your private data is never crawled. The service targets small- and medium-sized enterprises, especially those who want to pass privileged information through email. Just like Posteo.de, Kolab Now makes money by charging its users directly and has two plans starting at $4.99 for an individual account. Other features include an integrated note-taking app, email tagging support, contacts and calendar, shared folders and more.

secure-email-services-better-privacy-countermail

CounterMail is another top email service provider that offers several unique features. It uses OpenPGP’s encryption protocol with 4096 keys to protect your data and also offers end-to-end encryption. Additionally, it offers a secure USB key option that makes it impossible to access your account without your USB key inserted into a USB port. CounterMail supports Linux, macOS and Windows and also has IMAP support in case you want to use your own email client. You can try CounterMail free of charge for a week, after which prices start at $6.33/month.

If you need a very high level of privacy in your email, all the above services have good reputations when it comes to protecting your data. Part of the reason they’re so great is that even if governments did want to snoop for whatever reason, and the companies did have to hand over information, it would be virtually impossible to break through their encryption systems.

50 comments

  1. The *best* is to use encryption on ones own system, on ones own MUA. This way one knows *for a fact* that there’s no lying or hanky-panky going on at the other end.

    I’m not saying any of the above is a setup by the Swiss government (or whomever/wherever based) collaborating with other government agencies like the NSA, ad nausea, but unless one gets to be there, look at their setup and see it working the way they’re saying it’s ‘supposed’ to be working.

    Gnupg, being open-source and on ones own system is *the* only true safe way to e-mail. The other ways above are for those who for one reason or another are just lazy or can’t seem to figure it out or don’t have enough paranoia.

    • Yochanon, I fully agree with you, the only to kno that there is no hidden “backdoor” or “hanky panky” going on is doing everything by yourself! But it does need a little effort in learning and setting the services up..

      • your own system means your own computer with the programs you want to keep your email private.

        I suggest not using anything by Microsoft including Windows.

        Get a program called Thunderbird that will let you encrypt any email you send. The only thing an outside party would know is the email header. Of course this also requires the person at the other end of the email has encryption.

  2. Okay so how do I find out about these other places to find greater security etc…the ‘backdoor drafts’ are making me very uncomfortable. ;o\ thanks, R

  3. Nice list of email providers! I think another one worthy is the one I have used for several years now and is going strong: thexyz.com

  4. I suggest you also consider Sub Rosa Secure Email at https://novo-ordo.com. Based in Panama, they offer many extra services such as anonymous email, self-destructing email, free aliases, and access through TOR for just a few. No Java script used. They have been around since 2007 and seem stable. While not free, $34 per year is reasonable.

  5. Indeed an informative list – but do not include some of the other remarkable players, that does everything on the client-side and truly provides end-to-end encryption (which by far is the only way that can ensure one’s online data confidentiality and integrity during transit).
    Following are two of those outstanding services.
    > https://mailfence.com/ (a pure end-to-end encryption service – that does not only provide confidentiality and integrity but also authentication via the capability of digital signatures, based on OpenPGP – it provides user full control over their keys and does it all in a very user-friendly manner)
    >https://scryptmail.com/ (another nice end-to-end service – that provides great reliability and hot features like disposable email addresses etc, based on OpenPGP and has a nice descriptive interface)
    Now, the ultimate tool when it comes to OpenPGP and end-to-end encryption – is always have been GnuPG, though the reason it never really get lifted up is due to its complexity in terms of usability from a typical user standpoint (however, implementations like Gpg4Win, GPGSuite, Seahorse does come in handy).
    Lastly, the article is not bad at all, the only loose-end is not mentioning some of the key players. Nevertheless, it always drops down to one’s preferences and requirements (I personally use mailfence which is free, interoperable, without ads, completely locally hosted and provides an entire collaboration suite i.e. messages, contacts, calendar, documents, polls, tags ….)
    Again, its a matter of personal preference and the extent to which one understand end-to-end encryption technologies (OpenPGP, S/MIME etc, which most of the people don’t) – that contributes in the rightness and wrongness of their online privacy decisions.

    • My specs for a secure email provider are a bit different.
      If the intended receiver of an email must have a key to read the text, then the only use for the secure provider is to communicate with those who are equipped with a key, those who may want to hear from us but as yet haven’t can’t be contacted. In business, communication is often made to those who want your service but haven’t yet been connected with.
      1) My main concern is that the email actually makes it to the intended server.
      2) Just like dear Uncle Sam has a no fly list, there is no doubt that there’s also an “Email no send list” that the giant US providers must comply with.
      3)) I’m not concerned about spam but if it doesn’t come fine.
      4) I’m not that concerned if my traffic is read until a relationship is developed with a client, then an encryption key can be shared.
      My question then is, if I pay for an encryption service and choose to send initial contacts without encryption am I guaranteed delivery to the prospective clients server?

      • 1) My main concern is that the email actually makes it to the intended server.
        > If the service provides “true” end-to-end encryption, then indeed it will make to the intended server (with security being intact). Mailfence has good standing when it comes to Spams, and using their services for more than an year now, I’ve never experienced my emails being listed as spams on the recipient side.
        2) Just like dear Uncle Sam has a no fly list, there is no doubt that there’s also an “Email no send list” that the giant US providers must comply with.
        > Certainly.
        3)) I’m not concerned about spam but if it doesn’t come fine.
        It will come fine (depending on the service).
        4) I’m not that concerned if my traffic is read until a relationship is developed with a client, then an encryption key can be shared.
        > True “end-to-end encryption” even doesn’t require any sort of prior secure connection establishment with your client, and simply encrypt/decrypt your emails on your machine.
        Your concern is indeed valid about having the (PGP Public) key of your recipient beforehand, and we do have public key servers (for e.g., http://pgp.mit.edu/) exactly for that – but they do not suffice in all situations.
        However, if privacy matters more to someone – then some compromises will come with the same package.
        P.S: mailfence.com has put on their roadmap the feature of sending encrypted emails to anyone with a shared secret (which might be of some use to users having similar concerns as yours)

  6. I have used Countermail for years, and they are very reliable. Especialy their USB key is a great feature, which means that if you dont have the USB their is no access ;-)

    • What happens when (not if) that USB device fails? If you can replicate the device, so can anyone who can read it over an open port. Does Countermail maintain a backup of your USB device? If so, and if they are located in the U.S., they can be compelled to turn that data over to the gubbermint by means of a FISA warrant. We all know how easily those are obtained this day and age.

      End-to-end encryption that does not rely on compromised or compromise-able methods would seem to me a better option.

  7. I’ve been using Topmail.com since last year and find them pretty good. Very good on spam – I never get any. The webmail is pretty basic but it suits me ok.

  8. I have recently signed up for Topmail.com and have no issues so far. My emails are encrypted and I receive no spam or adverts so all good. Pretty cheap too which is a bonus.

  9. Hello and thank you for this site and information. Thanks to you, I can get rid of my job invading my privacy along with emails such as Google and Yahoo who allow your privacy to be trashed as well!!

  10. Tutanota does not handle incoming spam well. They want you to create a rule for each spam email in order to block it. they won’t block spam on the much easier method of “you move it to the spam folder, they block it from that point on” method. I get over 80 spam mails a day and They want me to create a rule for each spam email that I receive. Tutanota has lost my business until they fix their horrible method of blocking spam.

  11. I have tried the above 5 emails but nothing compares to CSETMail.com. They have a responsive site for mobile and great desk top for Mac and PC. I contacted there admin and was advised that they will have an app developed I’m the next few weeks.

  12. protonmail would only let me sign up if i gave my phone number and got a text conformation, now that is not at all anonymous and concern of @honeypot’springs to mind

    • I suspect you probably tried to sign up with a smartphone vs. a pc, right? That is the only reason they would ask for a phone number.

      • No , I just signed up on a PC and they asked for my phone number to send a code because they said there was an unusual amount of activity from my location (can;t remember the exact wording) and it was needed to prove I wasn’t a robot.

      • Considering Proton Mail was created by CERN, which is funded by most of the western governments, compounded by the fact that the Proton Technologies AG has been heavily funded by multiple governments through grants, subsidies, and tax breaks…

        I am going to go with, I do not care that they are in Switzerland. It has the ripe old feel of government corruption like most things around the world. It is heavily secure, until one of the governments that fund them ask real nicely during the next Snowden type incident.

  13. ProtonMail is consistently updating. Sometimes they request your number & sometimes not. The same with an alternate email.

    Being another old timer who is not familiar with the fast moving technology. I question when providers request cookies to be enabled. Secure? Or, not secure?

  14. I use Tutanota and Protonmail . Just Mike sure your service is not US based – New bill on Senate floor to band encrypted email.

  15. How do these secure email services handle subscription emails or broadcast emails from known senders (airline tickets, amazon orders, etc)?

  16. Thank you Brian for the Top 5 Email Services suggestions, I love reading Forbes magazine online, next to Financial Post…and Switzerland do have some “High Security End-to-End Server Systems” afterall they invented the “Black Phone” which it is extremely secured (phone/data plan is offered by them only not and other carrier)

    Everyone has their own opinions or favorite email services they preferred to use whether it is for “FREE” or “PAY”, I’m sure there are many good providers out there. The writer of the article did his research back in 2015 then updated 2017, gave his opinion of his TOP 5 CHOICES!!! Some sites have a Top 8 or 10 but to me if it is Good, 5 choices is more than enough to choose from.

    For the people who live in the US who want more security, get a VPN! I thought most of everyone already have it, except me (in Canada). I will read more into CSETmail and Pronton Mail. Thanks

  17. I discovered MsgSafe.io about a year ago and love it. I own an online consignment shop and several years ago I started getting spammed like crazy to all my business email accounts. It became very difficult for me to sift through all the spam to find the legit messages from my customers. But spam email became the least of my problems when one day I mistakenly clicked on a link in my inbox from a malicious sender posing as my bank. My bank account was compromised and it took me months to get my money back. In efforts to protect myself and my email, I joined MsgSafe. I cannot express how happy I am with this service! I have the ability to import my customer’s contacts and choose only to receive mail from people I know, I can block any email address from ever contacting me again, and I can easily set up new email addresses using my shop’s domain for my employees. As someone who is not the most “tech-savvy”, MsgSafe is great because encryption is set up automatically with every new email address I create. My inbox is much lighter now and I’m thankful that I can spend less time worrying about spam and malicious emails, and more time on my business.

  18. After losing access to my yahoo account and not being able to create a gmail account without providing all kinds of identifying information I looked around and found incognify.org. Probably not the best service out there but it’s easy to use, didn’t ask me for anything that could be used to ID me, and accepted my payment by mail in cash which really wasn’t all that much I think I’m paying maybe $2 per month. When this is up I might try Proton mail as I’ve heard good things about it. Then again, why change unless I have problems, which I haven’t. We’ll see.

  19. Hi looking for top security for my gmail could you talk about what’s in my best interest asap. Thanks, A.Spears.

  20. After prof obvious’s point i am changing email from gmail. They really spooked me out the other day – telling me everywhere i had been4past 5 years. By using google maps, did i say they could pin a tracker 2 my car? Of course not. Then my entire list of contacts get imposed on things when i never authorised that either. In the past, it was illegal to read anyone else’s post. I feel seriously invaded, as if a burglar has had a good look round while i was out. In the uk here people keep puting up 2m fences lit.anywhere around the outside of their house. Why? They have given away so much of their privacy that nowhere feels private, least of all home. Beeky

  21. I have a slightly different problem. Somebody has hacked my email address and is sending stuff out that purportedly comes from me. I found out because I started getting replies from politicians that I did not write to. I changed my password with my provider and it only lasted about a month before it started happening again. My Congressman’s office said it had received 167 emails from me in a one month period.

  22. You didn’t comment on www. earthlink.net secure, which is encrypted as well as a spam blocker to keep it out of your mail box.

  23. For me, spam is a mere irritant. What worries me is Yahoo reading email messages with content from my CPA, broker, doctors, etc. I have used Yahoo mail for 17 years and have a LOAD of files that I would not want to disappear. I would like security for some kinds of messages but don’t care about others. Should I change my email provider? If so, how can I download existing messages for historic purposes?

    • I have the same issue. You can sync your email account to a desktop client on your computer. I did that with Yahoo mail and the Mail app on my Mac. You can also use Mozilla Thunderbird the same way. You have access to what you have filed in folders offline and you can turn off the sync . Of course, that’s only as secure as your desktop and you don’t have access from your phone. Switching computers can get a little sticky, but there are ways to keep those files. Also, I see that posteo.de allows you to migrate existing email accounts, including folder structure, which is very interesting. It isn’t free, though.

Leave a Comment

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.

Sponsored Stories