Recent posts

9 Most Secure Email Services of 2022 and the Problem with Server-Based Emails

9 Most Secure Email Services of 2022 and the Problem with Server-Based Emails#

The need for a good and reliable secure email service has drastically increased in the last couple of years so it’s a good thing that there are more and more such services to choose from these days.

In this article, we have compiled the 9 most secure email services you can check out if you’re looking to protect your online data. Make sure to read until the very end as we left a little warning about these services.

ProtonMail#

If you only heard yesterday that there is such a thing as a secure and private email provider, there’s a very high chance that you heard about ProtonMail.

ProtonMail is by far the most popular secure email service around and it is available on both desktop and mobile for different OS including Windows, macOS, Linux, Android, iOS, Tor, etc.

It’s an open-source service, based in Switzerland with strong end-to-end encryption and includes zero-access encryption, meaning that you are the only one who will know your password or have the decryption key for it (even ProtonMail doesn’t).

Features:

  • Open source
  • Servers in Switzerland
  • End-to-end encryption
  • Zero-access encryption
  • Self-destruct emails

Mailfence#

Mailfence is another popular private email, which started as a business email in 1999.

One feature that separates Mailfence from other similar providers is a built-in Keystore, which allows you to manage your OpenPGP encryption keys and send encrypted messages to non-PGP users.

In addition, Mailfence also provides digital signatures, to prove that whoever sent the email is the actual author, something that other providers lack.

Features:

  • Digital signatures
  • Built-in Keystore for managing encryption keys
  • Can send encrypted messages to non-PGP users
  • Can import contacts from Gmail, Outlook, CSV files and more
  • End-to-end encrypted

Tutanota#

Tutanota is different from the other private emails we mention here in that it doesn’t use PGP for end-to-end encryption.

Instead, it uses AES and RSA, which allows Tutanota to combine asymmetric and symmetric keys. You can read more about the differences between the two here.

Other than that, Tutanota offers everything you’d normally expect from a secure and encrypted email service.

Features:

  • Based in Germany
  • End-to-end encryption
  • Uses AES and RSA instead of PGP
  • 2-Factor authentication
  • Strips metadata
  • Unlimited messages in the free version

Hushmail#

Hushmail is a Canada-based secure email provider that is HIPAA-compliant and as such a very good choice for healthcare workers and patients who want to protect their private health information.

Of course, they also have plans for small business, law, or personal use, so you’ll be covered there as well.

Features:

  • Servers are in Canada
  • PGP E2EE
  • 2-Factor authentication
  • IMAP/POP3 support
  • HIPAA compliant
  • Secure web forms

StartMail#

StartMail is a PGP-based email provider that also allows its users to send encrypted messages to non-PGP users, provided they know the answer to a secret question.

Another good thing about StartMail is that it hides your IP, which can be used to track you online.

Features:

  • Based in the Netherlands
  • PGP encryption
  • Can send encrypted messages to non-PGP users
  • Hides your IP address

Runbox#

Runbox is a Norway-based secure email provider that uses renewable energy from hydroelectric power plants to power its servers.

It uses PGP encryption and 2-Factor authentication and also features IMAP, POP, SMTP and WAP support and allows you to whitelist IP addresses to access your email account to see the failed and successful login attempts

Features:

  • Norway-based
  • PGP encryption
  • 2FA
  • IP whitelisting
  • Support for IMAP, POP, SMTP and WAP protocols

Mailbox.org#

Mailbox.org is not just a secure email provider, for business users, but it also offers a calendar, cloud storage, address book, video conferencing as well as a task planner.

Of course, this is all encrypted using Pretty Good Privacy (PGP) and its servers, which are located in Germany, are also eco-friendly.

Features:

  • Servers located in Germany
  • Eco-friendly
  • PGP encryption
  • Encrypted cloud storage
  • Calendar
  • Video conferencing
  • Address book

Posteo#

Posteo is a popular choice with all those users who, for one reason or another, need to remain anonymous, such as whistleblowers, activists, journalists and so on.

It allows you to both sign up and pay completely anonymously and has a very good migration service so you can migrate your contact list, archived emails, calendar and folder structure from another email provider like Gmail or Outlook.

One thing that’s important to mention about Posteo though is that it doesn’t use E2EE by default, but you need to enable it in the settings.

Features:

  • Based in Germany
  • Open source
  • Anonymous registration and payment options
  • Includes end-to-end encryption, though not by default
  • Supports IMAP, POP and SMTP email protocols
  • Encrypts metadata, email subjects, headers and attachments

  1. PrivateMail#

    PrivateMail is a secure email provider that is based in the United States and that’s its biggest downside.

However, it does offer some useful features like end-to-end encryption for file sharing, secure cloud storage with AES 256 encryption and self-destructing emails.

Features:

  • Servers are located in the U.S.
  • E2EE
  • AES 256 file encryption
  • Secure cloud storage
  • Self-destruct emails

Problems with Server-based Email Providers#

So at the start of the article, we said we had a little warning about these.

What was it?

One thing that all these secure email services have is that they all use servers. There are a couple of issues with this:

  1. The provider is completely dependent on the laws of the country its servers are located in.

That means, even if two users who are located in different countries are using it, with the court (and sometimes without) order, the provider must deliver their emails, metadata and other data.

  1. Some secure email providers will store your encryption/decryption keys.

As such, they will have full access to your private and sensitive data and can give it to whomever they want. This defeats the whole purpose of a secure email provider, which is that only you have access to this sort of data.

  1. Providing backdoors to governments

Normally, the email provider can withhold giving up any user data without a valid court order. However, these companies are often subjected to a lot of pressure from governments to provide a backdoor into their servers.

  1. The carbon footprint

Lastly, data centers and servers can have a substantial carbon footprint and consume a lot of energy. For example, climate researchers from Go Climate measured the carbon footprint of a 2019 Dell R640 server (which is a relatively standard server) and found that it consumes 1760.3 kWh per year, with a manufacturing climate impact of 320kg of CO2e per year.

Now, it should be noted that more and more email providers have started to use green energy, so at least it’s an issue that’s being worked on.

Conclusion#

With a decentralized email service like Telios, you won’t run into these problems as we are using a peer-to-peer network to send emails between two Telios users.

Of course, this will only work if both users are online and both are Telios users. If one of them is offline or a non-Telios user, then the email will have to go through a server, but as Telios is using end-to-end encryption and doesn’t store your decryption keys, your emails are perfectly safe.

Looking for a secure email service? Download our decentralized email service today!