Privacy: Encrypted Email
What is Encrypted Email?
End-to-end encryted (also known as zero-knowledge or zero-access) email is a form of communication where the messages are encrypted in such a way that only the people involved in the conversation can read them. Additionally, the emails in your inbox are stored in such a way that your provider cannot access and read them. See Understanding Encryption for more information on this.
Why do I Need Encrypted Email?
Regular email providers like Google, Yahoo, and others regularly read your emails for a variety of purposes such as advertising and training their AI. The fact that these communications are readable by employees (even if only certain ones) means that any sensitive information is not safe and can be potentially stolen. Consider that most people have sensitive information in their email inboxes, like bank statements, medical reminders, and more. By using a zero-knowledge provider you are giving your inbox another layer of protection against data breaches and rogue employees.
What Should I Look For in an Encrypted Email Provider?
Make sure to see how the provider makes money. Running an email server is expensive and requires great technical resources. “If a product is free, you are the product.” Make sure the company has a viable business plan or else assume they are likely accessing and selling your data. If you want to take full advantage of encrypted email services, **be sure to pick a provider that is also being used by the people you email regularly. Having an encrypted inbox can prevent warrantless searches and data breaches, but once the email leaves your inbox it will be decrypted. If you want the email to be encrypted from start to finish, you’ll need to both be using the same service or protocol.
Listed in alphabetical order, not order of recommendation
Based on PGP
Offers a free tier
Includes a calendar, cloud storage, password manager, and VPN with all plans
Import/export emails available
No desktop app, web or third-party email client only.
Offers a free tier
Includes a calendar with all plans
Export emails available (individual emails only)
No PGP support
Import emails not available
Honorable Mention: PGP
Many of the services I listed work with PGP, meaning that even non-users can initiate secure conversations with you and vice-versa. PGP stands for Pretty Good Privacy and is an open-source encryption program. Generally speaking, it is most commonly used for encrypted email but it can be used to encrypt other files as well.
Explaining how PGP works is much more complicated than actually using it. When you use any type of encryption, including PGP, it creates two keys. One is called the “private key” and one is called the “public key.” The private key is private: it stays with you and should never be shared. The public key can be shared as much as you want. Think of the public key as your address and the private key as your door key. The more people you give your address to, the more people can write you. But only you can unlock the door and enter the house where you have some privacy. If it helps, you can watch my video explanation here. There are many programs and plugins that handle this process for you. While it is not advised, you can use PGP with your existing email provider. The first method is a browser plugin called Mailvelope. For most people, this will be the best solution. The second method is with Enigmail, an email plugin for certain email clients that enables PGP.
Tips & Tricks
I strongly encourage the use of custom email domains. This is the strongest way to ensure control over your email address, regardless of what happens to your provider or your account with them. A custom domain is incredibly cheap - usually anywhere from $10-25 USD per year depending on what you select - and your email provider should offer instructions and assistance in how to set it up to be used with your email address. If anything ever happens to your account or provider, you can simply point the domain to a new provider of your choice and continue to receive emails like normal. Some domain registrars we recommend include 1984hosting, NameCheap, and OrangeWebsite. Please note that some email providers may require a paid account to use a custom domain as a premium feature and may put a limit on how many email addresses you can have. One loophole around this to get a premium account with one of our recommended email aliasing services, which usually offer unlimited addresses and custom domains with a premium account, and it’s often significantly cheaper than a premium account with an email provider.
Never assume an email is secure. Email was never designed to be a secure communication method, and even with PGP or other encryption protocols you can never guarantee that an email won’t be screenshotted, printed, or otherwise shared with unauthorized people. Never put anything in writing you wouldn’t be willing to have publicly displayed.
Some email providers deactivate inactive free accounts. Providers such as Tutanota and Proton reserve the right to delete accounts that have not been logged into for more than 6 months. This does not apply to paid plans. Be sure to check the provider’s Terms of Service and be aware of this and other limitations. Have a plan in place to ensure continuity of your data and email addresses.