You can’t have too much privacy in today’s all-seeing Internet of big corporations, nosey governments, and “14 Eyes.” (If you don’t know what that is, do your research!) You don’t need to be a criminal not to want your emails spied on, but to have a guarantee of that, you’ll need to find an email service with your privacy as its main concern.
These services are, thankfully, becoming more common, but even among them it’s important to pick out the ones that wouldn’t be able to spy on your data even if they received a government order to. Here are our favorite high-security, high-privacy email providers.
Committed to a strong encryption protocol, ad-free usage and a cast-iron promise of keeping your data in your hands, Criptext is a relatively new email service that’s worth the privacy-seekers attention. It’s also good news if you’re a fan of Gmail, because the UI is very much inspired by the elegant and colorful Material Design used in Google’s services.
Criptext uses a desktop client and doesn’t use remote servers for storage. The fact that it’s desktop-based also makes it more secure, and essentially impossible for your data to be handed over to authorities under court orders.
This Web, mobile and desktop-based email client has been around for a good while now and has kept up with the times by offering an underground bunker’s worth of security features in an elegant interface. Not even Hushmail itself has access to the contents of your email, all of which is protected by encrypted passwords.
You can send 2048-bit encrypted messages to users of other email providers such as Gmail and Outlook, and can also sync up with people who use other popular encryption methods like OpenPGP. All the usual spam-filtering, blacklisting and anonymity options are in place, too, including an unlimited number of email aliases to keep your identity private.
Unfortunately, Hushmail doesn’t have a free version anymore, although you can test whether it’s right for you with a fourteen-day trial. It’s completely ad-free and gives you 10GB of storage space to boot.
The developers of this privacy-focused email provider say that what makes it stand out from the competition is something called ‘Front-end encryption’, which means that at no point is there any clear-text/unencoded information being sent over the network.
Scryptmail encrypts all its meta-data too, providing security in the unlikely case of a database breach, as well as the usual bits like PGP-standard key exchanges, two-factor authentication, and ANSI passwords.
One point of contention could be that the servers are based in the US, potentially subjecting users toe US court orders and NSA snooping, though they plan on deploying more servers worldwide.
New kids on the block of privacy-centric email services should always be approached with caution, as you never quite know if the company will survive or what companies are pulling the strings above them. However, Disroot has in the past couple of years established itself as a great, independent and encrypted email option.
Disroot is ad-free, non-tracking, and doesn’t snoop around asking for your personal information such as your address or favorite color of boxer shorts. Their browser-based client, Rainloop, is easy to look at and use, but beneath the nice veneer it’s bolstered by the open-source and unbroken GPG encryption.
The same people who deliver one of the best VPNs out there are actually also pretty handy in the email department, offering a service that matches up to the privacy you’d hope for.
With TorGuard Email, you get PGP encryption (server-side, not end-to-end) and an email system that’s hidden away on hardware in Ukraine. Once you take all the steps to delete an email from your inbox, it’s gone forever.
TorGuard promises not to track your email usage in any way and does not have contact with any government agencies or third parties without a court order.
This is not the most well-known super-secure email provider, but in a business where anonymity is key, maybe that’s not such a bad thing. At every point of the process, Runbox has safeguards in place to keep your information away from those who may want to snoop. Every time you send emails, they’re sent over a secure encrypted connection, and anything sent between your email and Runbox servers is encrypted as well. The data isn’t encrypted when it’s sitting on the servers, but it’s locked away in a vault in Norway where personal data is protected by the Constitution. (they take that stuff seriously over there!)
You can pay the annual price plan using Bitcoin (the cheapest subscription is $20 a year) for extra anonymity, there are two different kinds of two-factor authentication, and there are no external tracking cookies, meaning that Runbox isn’t in bed with advertisers to harvest your data.
At the time of writing, Runbox is working on integrating a PGP (Pretty Good Privacy) encryption option which will require both the sender and recipient to generate an encryption key to open emails.
Mailfence does the whole business of privacy a little differently from other services on this list. It uses OpenPGP public key encryption which offers end-to-end encryption based on a key that you share with the recipients of your emails. This whole feature is optional, of course, so you don’t have to go through the whole rigmarole for every mundane email you send.
Mailfence can’t see into or scan your emails because of their encryption. This service, which also offers calendar, cloud storage and collaboration features, was made in the wake of the Snowden revelations by a group of developers who are passionate about your rights to online privacy.
Finally, in what must surely be a dig at Google, when you go to the Mailfence website and are asked if you want “Secure and private email service,” you can click “No,” at which point you will be redirected to Gmail. I like these guys!
ProtonMail is one of the most highly-regarded apps on this list. Forbes called it “the only email system NSA can’t access,” and with good reason. Their servers are located in Switzerland, which means the US government cannot forcibly shut them down or order them to produce information. In any case, the emails are encrypted end to end, which makes it impossible to intercept and decipher them. Also, ProtonMail does not log IP addresses, so you are truly anonymous by using this service.
Creating a ProtonMail account is free, though you can upgrade to a premium account to access more features.
Tutanota is a completely open source and free email service that offers end-to-end encryption of emails, including the ability for non-Tutanota users to securely respond to encrypted emails. Once the intended recipient receives your encrypted email, they will not be able to view the subject, attachment or message unless they can produce a password (which both must have agreed upon previously) that will unlock the contents of your message. You can also choose not to encrypt your emails, but that defeats the purpose of using Tutanota.
For free accounts, you get 1 GB of storage and no aliases, but you can upgrade to premium for just €1/month to add up to five aliases and map your own domain to Tutanota. Mobile apps are also available for Android and iOS.
Posteo.de is a Berlin-based service which is also held in high regard when it comes to protecting the privacy of its users. Unlike the above two, Posteo.de is not free and comes with plans starting at €1/month for 2 GB storage capacity with POP3 and IMAP support. Importantly, two-factor authentication is available, which prevents access to your account even if your password is compromised. Posteo.de does not request any personal information while signing up and even allows you to pay anonymously using bank transfer, cash or Paypal.
11. Kolab Now
Kolab Now is another open-source email service with its servers completely hosted and managed in Switzerland, just like ProtonMail, so your private data is never crawled. The service targets small- and medium-sized enterprises, especially those who want to pass privileged information through email. Just like Posteo.de, Kolab Now makes money by charging its users directly and has two plans starting at $4.99 for an individual account. Other features include an integrated note-taking app, email tagging support, contacts and calendar, shared folders and more.
CounterMail is another top email service provider that offers several unique features. It uses OpenPGP’s encryption protocol with 4096 keys to protect your data and also offers end-to-end encryption. Additionally, it offers a secure USB key option that makes it impossible to access your account without your USB key inserted into a USB port. CounterMail supports Linux, macOS and Windows and also has IMAP support in case you want to use your own email client. You can try CounterMail free of charge for a week, after which prices start at $6.33/month.
If you need a very high level of privacy in your email, all the above services have good reputations when it comes to protecting your data. Part of the reason they’re so great is that even if governments did want to snoop for whatever reason, and the companies did have to hand over information, it would be virtually impossible to break through their encryption systems.
This article was updated in July 2019.