The most important feature when talking about any encrypted email service is whether or not other people can access your messages, and the answer is a solid no when it comes to ProtonMail, as it features end-to-end encryption. Nobody can decrypt ProtonMail messages without your unique password—not even employees at ProtonMail, their ISP, your ISP, or the government. ProtonMail is so secure that it can’t recover your emails if you forget your password. The decryption happens when you log in, which means the service doesn’t have a means of decrypting emails without your password or a recovery account on file. ProtonMail also doesn’t keep your IP address information. With a no-log email service like ProtonMail, emails can’t be traced back to you. The free version of ProtonMail supports 500 MB of email storage and limits usage to 150 messages per day. Purchase the Plus or Unlimited service for more email storage, email aliases, priority support, labels, custom filtering options, the ability to auto-reply, built-in VPN protection, and the ability to send more emails each day. Business plans are also available for organizations. Additionally, the servers (which are based in Sweden) don’t store emails on hard disks. All data is stored on CD-ROMs only. This method helps prevent data leaks, and the moment someone tries to tamper with the server directly, the data is likely lost. With CounterMail, you can also set up a USB drive to further encrypt email. The decryption key is stored on the device and it, too, is required to log in to your account. This way, decryption is impossible even if a hacker steals your password. The added physical security of the USB device makes CounterMail less simple and convenient to use than other secure email services, but you do get IMAP and SMTP access, which you can use with any OpenPGP-enabled email program, such as K-9 Mail for Android. After the 10-day free trial, purchase a plan to keep using the service. The trial includes 100 MB of space. With this service, you can send encrypted messages to users of Hushmail as well as non-users who have accounts with Gmail, Outlook Mail, or other similar email clients. The web version of Hushmail is easy to use and provides a modern interface to send and receive encrypted messages from any computer. When creating a new Hushmail account, choose from a variety of domains to use in your address, such as @hushmail.com or @hush.com. There are both personal and business options when you sign up for Hushmail, but neither is free. The service includes an email address and web interface that incorporates OpenPGP public key encryption. Create a key pair for your account and manage a store of keys for people you want to email securely. This OpenPGP standardization means you can access Mailfence using IMAP and SMTP with secured SSL/TLS connections through the email program of your choice. You cannot use Mailfence to send encrypted messages to people who don’t use OpenPGP and have no public key available. For online storage, a free Mailfence account provides 500 MB, while paid accounts offer ample space as well as the option to use your own domain name for your Mailfence email address. Mailfence’s software is only available for inspection by auditing teams, academic researchers, and other reputed groups because it’s not open source, making it less secure and private. Mailfence stores your private encryption key on Mailfence servers but insists it can’t be read because it’s encrypted with your passphrase (via AES-256), and there’s no root key that would allow the service to decrypt messages encrypted with your keys. Mailfence uses servers in Belgium, so it’s only through a Belgian court order that the company can be forced to reveal private data. This email account is all that’s needed to exchange secure emails with other Tutanota users. For encrypted email outside the system, specify a password for the recipient to use when viewing the message in a browser. That interface allows them to reply securely, too. The web interface is user-friendly and there’s a search function so you can search for previous emails. Tutanota uses AES and RSA for email encryption. Servers are located in Germany, which means that German regulations apply. Free accounts can create an email account using a Tutanota domain, while paid plans can create custom domains. Tutanota domains are: @tutanota.com, @tutanota.de, @tutamail.com, @tuta.io, and @keemail.me. Several features in this service are only available on paid plans. For example, the Premium edition lets you purchase up to 5 aliases, while the Teams plan expands the storage to 10 GB.
Beware of keylogging software that captures what you type on the keyboard. These programs can thwart encryption if the password is all the hacker needs to access an account. Don’t leave mobile devices or computers unguarded. Also, make sure devices are protected with strong passwords or biometrics and don’t allow for guest accounts or similarly unprotected access. If supported, also add two-factor authentication. Be vigilant of social engineering. Phishing attempts often come by email, instant messages, VoIP, or social networking messages, and can be designed or tailored specifically to you. These communications are tricks to get you to hand out personal details such as passwords and banking information. Don’t write down or share passwords. Never make note of the password unless you store it in a secure password manager.
