According to the Breach Level Index, over 13 million records have leaked or been lost in published cybersecurity breaches since 2013. A staggering 96 percent of those 13,000,000 records weren’t encrypted. This is the most common method hackers use to hack in, steal employees’ identities, and my trade secrets.
Email is ancient technology compared to modern team communication tools, and it has technical limitations that make its age a real barrier to security. Luckily for its four billion users, developers and security researchers are consistently coming up with ways to improve on this old technology for it to be viable and safe in the age of rapid and intelligent attacks.
This article will discuss what you should look for in a secure email service. Then, we’ll show you what we think is the most secure.
Security Features to look for in an Email Service
Most people already use Outlook or Gmail. These services are great. Are they not secure enough? It all depends on the threat model you use and who your adversary is.
Security-focused email is more effective if you are a large organization, the enemy of the state, or if you have a lot of users. However, everyday users may find this too much.
Server location may not be relevant if an activist can reasonably expect that their communications will be subpoenaed. On the other hand, end-to-end encryption can help both individuals and businesses keep their information secret: Unencrypted emails were to blame for at least four major breaches of the past few years, leaking millions of emails and causing millions of dollars of avoidable damage.
Here are some features that you might find the insecure email. We also have thoughts about why they may or may not matter to you.
Understanding encryption is the first step to understanding end-to-end encryption.
Encryption can be used to hide data. Every website that has
HTTP in their URL uses Secure Socket Layer to protect the data you send to it. SSL allows your computer to ensure that all data it sends and receives from SSL-enabled servers is encrypted. SSL is an encryption technology that protects users from having their passwords and input stolen by anyone “tapping the line”.
Email data is the same. Sending an email over encrypted networks means scrambling plain text content so that it’s impossible for anyone to read. This is called an encryption key. It functions as a password.
Modern encryption does such a good job that it would take a million computers working for sixteen million years to crack, but non-security-focused services like Gmail and Hotmail only encrypt the data as it travels from your computer to their servers. It can also be read easily. This requires users to believe that these organizations won’t use their encryption keys for reading your email – or that hackers won’t have access to the keys.
End-to-end encryption gives the user complete control. Your inbox must first be loaded from an end-to-end encrypted email service before it can de-scramble the encrypted content. This process happens automatically for all end-to-end encrypted software unless you are manually encrypting email messages.
It is difficult for computer scientists to solve encryption problems and can take a lot of time to implement. It’s only in recent years that end-to-end encryption has become standard thanks both to messaging apps like WhatsApp and the public’s increased paranoia after incidents like Snowden’s NSA leaks, which revealed the extent to which world governments monitor their citizens. Even Google’s systems weren’t safe from prying eyes.
This screenshot is from a leaked NSA document and shows how the agency was able to bypass SSL encryption to read user data in plaintext.
An email service that uses encryption end-to-end will be forced to give its data to the authorities. Without the private encryption key, the email service will not be able to provide any data that is useful to others.
Pretty Good Privacy (or PGP) was created in the 1990s to ensure the privacy and security of email communications over unsecured networks. The basic idea of PGP is the use of private and public keypairs. It’s implemented in secure communication tools such as Signal and ProtonMail.
You use your public key to secure your email with PGP. To unlock the padlock, the recipient uses their private key to read the message. Both private and public keys are just long strings of text that look like passwords.
Keys can be used to act as an email address. People can send emails using your public key. Some tools make it easy for users to see key functionality, while others hide it from them. Others just manage your keys in the background and take care of everything.
A PGP-encrypted message that is not encrypted can be read by anyone who does not have the private key.
The contents can be revealed by pasting the block into a decryption program that has your private key. You are correct: PGP can be performed manually without the use of any email program. As long as an adversary doesn’t crack your hundreds-of-characters-long password, it’s one of the most secure methods.
It used to be an old manual encryption method. However, most secure email services now include PGP in the back end. This means that your emails may arrive in plain text but are actually gibberish behind the scenes. It’s important to note that this doesn’t matter if someone else manages your password.
The secure email has one distinct feature: the ability to control your encryption keys. This means that you can swap keys with ones that you have used in the past.
PGP is an open-source technology that has been used by many developers and organizations. It was discovered that these implementations have a security flaw that could allow hackers to decrypt HTML email messages if an account has been compromised. This vulnerability affected email clients like Thunderbird, Apple Mail, and Outlook. However, none of these services were affected.
Two-factor authentication adds an extra layer of security to your email accounts that make a cracked password useless and the hacking process exponentially more difficult. It relies on two factors:
- Do you have something to offer?know like a username or password
- Do you have something to offer? have you can use your backup key or mobile phone as a backup.
It is not a good idea to rely on your password’s integrity alone. Have I Been Pwned, a database of sensitive information captured from hacks all around the world, has over 320 million passwords on file? Passwords can be hacked and leaked to make victims’ accounts more vulnerable. However, the likelihood that a hacker has access to your password, as well as your phone’s backup or physical backup, is much lower.
There are many ways to implement two-factor authentication, but the most popular is the use of a unique token. To sign in to Google from a new computer by tapping the Google app, you send a unique token to Google that can only be used once. This is also true for getting a code via SMS to log in to Twitter. It prevents the code from being accessed for any other purpose or leaking. This makes it easier for you to access your account again if you lose access.
Open-source software is software that allows users to access its source code, as well as developers and the community, such as the Android operating system or Firefox browser. This is in contrast to Microsoft Outlook which comes as an executable file and cannot be inspected or audited.
What does the treatment of a tool’s source codes have to do with security?
You can trust that Microsoft’s email service, Outlook, is safe and secure.
Open-source software does not require such a leap of faith. Because they are open source, all projects are created with transparency. This is how they grow and improve. Bugs are publicized, and large projects have thousands of dedicated debuggers.
This type of scrutiny is great, and open source makes it possible. It’s actually one of the main reasons the Linux operating system was created so quickly and stably despite being the work of a group of volunteers and a small hacker in a bedroom.
Developer Eric Raymond presents a detailed analysis of the benefits of the open-source model in his book The Cathedral & the Bazaar.
Closed source software is not insecure. However, open-source email services and apps are desirable as you can access third-party proof and audits. We reached out to Brett Shavers, digital forensics analyst, and owner of incident response training firm DFIR Training, to clarify why it’s important that a tool is open-source: Open source means that the code can be inspected and inspected. This implies that it is safer. However, it is unlikely that anyone will ever inspect the
For closed-source projects, you have to take the developer’s word for it, and they could be implementing dodgy cryptography.
Did you know that emailing someone is also a way to broadcast information about your computer, web browser, and network?
These data are stored in the email header metadata. Secure email services often remove it. When you deal with security, you are also dealing with intelligent humans who may be able to mine information about you, your habits, and preferences. If you don’t think metadata matters, maybe the Electronic Frontier Foundation can talk you round:
To protect users’ privacy, secure email services should remove header metadata and collect as little data as possible.
Before it was revealed that servers were not considered a security concern, the United States, Australia, Canada, New Zealand, and Britain collaborated to share intelligence data about citizens gathered from servers within their respective territories.
The poster child for this alarming revelation was Lavabit, the now-defunct email service used by Edward Snowden to communicate with human rights activists from his confines in Moscow. Following the forced closure of Lavabit, the email service’s founder displayed this message on the site’s homepage
Not only does the U.S. have anti-user laws in this field, but some countries also have laws that protect and secure user data. Switzerland, Germany, and Sweden have favorable privacy laws.
Let’s now take a look at seven of the best email services. We will compare their performance.
ProtonMail (Web, Android, iOS)
An excellent end-to-end encrypted mail service with great mobile apps
ProtonMail’s servers are locked down under 1,000 meters of solid rock, in a Swiss bunker that can survive a nuclear attack. Its digital security is just as impressive. In the wake of the 2013 Snowden leak, a group of CERN Large Hadron Collider researchers began to develop it. It has since been the most popular secure email service with more than five million users.
ProtonMail was designed around the principle of zero access to zero knowledge. This means that email servers and staff who work with them cannot read or share your emails.
ProtonMail data, which is based in Switzerland, is protected under the Swiss Federal Data Protection Act and the Swiss Federal Data Protection Ordinance. These laws offer some of the most comprehensive privacy protections in the world. If ProtonMail were to be ordered to hand over user information, it would need to be subpoenaed either by the Cantonal Court of Geneva (or the Swiss Federal Supreme Court). ProtonMail’s encryption makes it impossible to decipher user data even if they were taken.
ProtonMail emails are encrypted before they reach the ProtonMail servers. This is unlike Outlook or Gmail. This means that hackers cannot read or decrypt your email messages sent by ProtonMail.
ProtonMail’s web interface and encryption are open-source, which allows experts to verify and audit its high-security levels.
ProtonMail’s highly secure encryption can sometimes prove to be a hindrance to your useability. ProtonMail cannot be added to mobile mail apps like iOS Mail and K-9 Mail. These generic apps don’t have the ability to encrypt emails on the client-side. ProtonMail will not allow you to connect.
ProtonMail can be downloaded for iOS and Android by users who don’t mind an app. On desktop, however, you’re free to use a variety of popular generic clients as long as you install ProtonMail Bridge, which acts as an encryption layer on top of the client.
ProtonMailPriceFree plan includes 500MB storage and 150 messages/day. Paid plans start at $4/month (billed annually), for 5GB storage and up to 1,000 messages/day
Anonymous and secure email for activists
For just over $1/month, Posteo offers 2GB of secure email storage–completely anonymously and protected by two-factor authentication. The poster is based in Germany and its values center around privacy, usability, and sustainability.
Poster, like many privacy products, came to the public’s attention after the Edward Snowden leaks. It was the first email service that launched DNS-based Authentication of Named Entities on its servers to protect users from hackers impersonating them and their email recipients. This is in response to the man-in-the-middle attacks described in leaked NSA documents.
Post doesn’t just refuse to collect its customers’ identities, it also routinely fights legal battles for the right to not turn user data over to the authorities.
Their 2017 transparency report reveals that Posteo received 48 requests for user data and mailbox seizure from German and international authorities, and three requests were successful. Post doesn’t store any identifying data nor an IP address so email content seized can’t be linked to users.
Posted encrypts the data you send to its servers while in transit but does not offer end-to-end encryption such as ProtonMail or Tutanota. Posteo’s DANE feature reduces this risk, but it still allows for any communications to be read in plain text.
It doesn’t use encryption at all, so you can add your Posteo account on Android, iOS, and desktop stock mail apps.
Posted PriceEUR1/month for 2GB storage
Tutanota (Web, Android, iOS)
Less expensive than ProtonMail, but just as secure
With over two million users, Tutanota is one of the most popular and regularly recommended secure email services. It has A+ SSL certificates, two-factor authentication, end-to-end encryption, and an A+ SSL certificate. These and the fact that it is an externally-audited open-source tool make its security ProtonMail equal to or superior to Posteo.
Like Posteo, Tutanota was one of the world’s first services to implement DNS-based Authentication of Named Entities (DANE) to secure users against hackers impersonating them or their email recipients.
Tutanota employs end-to-end encryption. This means that emailing someone using Gmail or another service is password protected. The recipient’s replies are encrypted through Tutanota’s one-time version.
The notification Tutanota sends to non-Tutanota recipients ensures security.
Webmail access is also available alongside native apps for iOS and Android. It is not compatible with generic apps such as iOS Mail and Android K-9, because end-to-end encryption cannot be achieved without a client that supports it.
Tutanota Price: Unlimited storage up to 1GB free; EUR1/month (billed annually); unlock premium features such as filters and custom domains.
Kolab Now (Web)
A better alternative to G Suite or Office 365
With email, calendar, contacts, and file storage, Kolab Now markets itself as a secure alternative to G Suite and Office 365.
Kolab Now was originally developed for the German Federal Office of Internet Security. It was mainly used in Germany before it became mainstream media attention following the leaks by the NSA. Groklaw founder Pamela Jones revealed she was moving to a Kolab Now email address on the same day she shuttered the site in 2013
Kolab Now is open-source and provides advanced security features. It does not support end-to-end encryption, but it does have perfect forward secrecy (PFS). This means that if encrypted content falls into the wrong hands it will be unusable with any other key than the one used during the session.
Mobile access can be achieved by using webmail from your browser on your mobile device or by hooking Kolab Now into an IMAP/POP3 client such as iOS Mail. Kolab Now supports SMTP, CalDav, and WebDAV protocols. If your business has one of these protocols already, this might be a benefit.
Kolab Now PriceBased on an estimated conversion from CHF, it is $4.41/month for individual accounts.
An alternative to G Suite or Office 365
Mailfence was launched in 2013 by ContactOffice, a company that has developed cloud collaboration software since the late 1990s. Its servers are situated in Belgium, which is one of the most privacy-friendly countries in the world.
Secure email is encrypted with an open-source implementation of OpenPGP. Mailfence also offers document, calendar, and contact tools in the cloud. It is a strong alternative to G Suite and cheaper than Kolab Now, which offers even greater security (end-to-end encryption).
Mailfence’s end-to-end encryption works with any OpenPGP compatible service such as ProtonMail and Tutanota. This means that mail sent outside of the Mailfence network is still encrypted and the recipient does not need to manually decrypt it. Existing PGP users have the ability to import and manage keypairs within the app.
Mailfence’s security is strong, but it isn’t as user-friendly as ProtonMail or Tutanota. End-to-end encryption can only be achieved after creating a keypair and uploading the recipient’s public key. This complexity makes Mailfence a poor choice for those who need encrypted email.
Mailfence does not yet have its own mobile apps, but they informed us that there are clients for iOS and Android in development.
Mailfence Price:500MB email storage, 500MB document storage are free; EUR2.50 per month for 5GB email storage and 12GB document storage
Time-tested secure emails operated by a privacy-conscious journalist
mailbox.org is operated by Peer Heinlein, a journalist and internet pioneer with a long history of providing secure network services, going back as far as 1989. You don’t have to be concerned about putting your inbox into the hands of a startup that isn’t well-established. Mailbox.org has proven its worth over the years.
Although its servers are located in Germany, it is subject to favorable privacy laws. However, it does not stop there when it concerns protecting its users. mailbox.org is dedicated to anonymity: It’s possible to sign up for an account with no personal information, using Bitcoin, on the service’s own Tor relay. To hide the identities and devices of recipients and users, mail headers can also be anonymized.
Mailfence and ProtonMail are compatible with OpenPGP. This allows users to send encrypted mail to recipients other than mailbox.org. Mails sent to users who don’t use mail.org or another OpenPGP-compatible service automatically get suspended in a guest mailbox. The user can then access the message and reply through a disposable link. Tutanota used the same method to solve the problem of communicating with users outside your encrypted network (with Gmail users or other plain-text service users).
Mailbox.org price as low as EUR1/month, you can get 2GB email storage and 100MB cloud storage.
As you make your decision about which secure email service to use, it’s worth also considering which tools security experts trust with their communications.
ProtonMail is the preferred email service for TV’s Mr. Expert in digital forensics and robot programming, Brett Shaver
Security consultant and “old-fashioned” PGP user Hamid Kashfi has a similarly skeptical viewpoint
Bruce Schneier thinks there is a limit on how many layers of security you can Frankenstein over an insecure protocol that dates back to the mid-’90s.