Skip to content

Get The Best Email Encryption Software

Last updated: March 2022. For beginners. No tech skills required.

Email encryption

Choose a secure email service. While you are scouting for the best privacy email provider, carefully assess aspects such as available features, email encryption technologies, or server locations — privacy legislation changes from country to country. This chapter provides an (incomplete) overview of popular, privacy respecting email providers: Tutanota vs Protonmail (and more).


Encrypted email meaning

What is Protonmail used for?

Protonmail claims to be the world's largest secure email service, protected by Swiss privacy laws. It's amongst others funded by US investors (Charles River Ventures) and the European Union. While Protonmail's apps are open source, the server-side is not.

At the time of writing, the basic single user account offered 500 MB storage for free. For 4 to 24 EUR/month, you get access to more users and storage, as well as a plethora of features: calendar, contact and email imports, bitcoin payments, VPN, and more.

Some words of advice on encryption

Emails Encryption
Sent between Protonmail users Message body and attachments are end-to-end encrypted. Subject lines and recipient/sender addresses are not.
Sent from Protonmail users to other providers Message body and attachments are only end-to-end encrypted if the user selects the Encrypt for Outside option. Otherwise, only TLS encryption is applied if the receiving mail server supports it (which also means that the receiving provider can read the message). In any case, subject lines and recipient/sender addresses are not end-to-end encrypted.
Received by Protonmail users from other providers Message body and attachments are only encrypted with TLS, if the sender's mail server supports it. Subject lines and recipient/sender addresses are not end-to-end encrypted.

Protonmail clients (incl. Protonmail bridge)

Besides webmail access, Protonmail offers mobile apps for Android and iOS. On desktop environments, Protonmail works with Thunderbird via a so-called Bridge application. This feature is however only available to paid accounts. Alternatively, ElectronMail is a free and open source desktop client for Protonmail. Mind however that ElectronMail is an unofficial app. More detailed instructions below.

Show me the step-by-step guide for Android

Simply download the Protonmail app from Google's Play Store or Aurora Store. It contains 0 trackers and requires 14 permissions. By comparison: for Gmail it's 1 tracker and 55 permissions; for Outlook it's 13 trackers and 49 permissions; and for Hotmail it's 4 trackers and 31 permissions.

Show me the step-by-step guide iOS

Simply download the Protonmail app from the App Store.

Show me the step-by-step guide for ElectronMail on Windows (no paid account needed)

Instructions Description
Download ElectronMail Download and run the ElectronMail installer for Windows.
Create a master password Open ElectronMail and provide a strong, unique master password to protect your emails.
Login Provide your Protonmail credentials, including two-factor authentication if activated.
Domain Choose a domain from the list. There is even an Onion option to use Tor. Then click on Close.

Show me the step-by-step guide for Thunderbird on Windows (paid accounts only)

Install Thunderbird on Windows

Navigate to Thunderbird's download page and click on the "Free Download" button. Once the installer is downloaded, click on the "Run" button and follow the installation wizard.

Install Protonmail Bridge on Windows

Thunderbird integrates nicely with Protonmail, making sure emails stay encrypted when they enter and leave your computer. This is handled by the so-called Bridge application, a software available to paid users only. Download Protonmail Bridge for Windows. Once the installer is downloaded, click on the "Run" button and follow the installation wizard.

Configure Protonmail Bridge on Windows

Open the freshly installed Protonmail Bridge application and follow the setup wizard:

Steps Description
1 Log into your Protonmail account.
2 Click on your account name and then the Mailbox configuration button.
3 A window with the title Protonmail Bridge Mailbox Configuration should pop up. It displays IMAP and SMTP settings, including a password, needed later on to configure Thunderbird.

Configure Thunderbird on Windows

Now launch Thunderbird, navigate to Menu ‣ New ‣ Existing Email Account and follow the setup wizard:

Setting Description
Your name Enter the name you want others to see.
Email address Enter your Protonmail email address.
Password Copy and paste the password from the Protonmail Bridge Mailbox Configuration window (do not enter your Protonmail password, it won't work).
Remember password Check the Remember Password box to avoid re-entering the password each time you fire up Thunderbird.
Manual config Click on the Manual config button, and fill out the IMAP and SMTP settings provided in the Protonmail Bridge Mailbox Configuration window (for Authentication, select Normal password).
Re-test Click on the Re-test button to verify your connection settings.
Advanced config Click on the Advanced config button. A new window appears. Just click on the OK button, do not modify any settings in this window.
Add Security Exception Click on the Confirm Security Exception button in the pop-up window. This confirms that your computer (127.0.0.1) can run the Bridge app. You might have to confirm a second security exception later on, once you send your first email.

Show me the 3-minute summary video for Thunderbird (paid accounts only)

Courtesy of Protonmail. Instructions should similarly apply to macOS or Linux.

Show me the step-by-step guide for ElectronMail on macOS (no paid account needed)

Instructions Description
Download ElectronMail Download the ElectronMail disk image, open it and drag the ElectronMail icon on top of the Application folder. For easy access, open the Applications folder and drag the ElectronMail icon to your dock.
Create a master password Open ElectronMail and provide a strong, unique master password to protect your emails.
Login Provide your Protonmail credentials, including two-factor authentication if activated.
Domain Choose a domain from the list. There is even an Onion option to use Tor. Then click on Close.

Show me the step-by-step guide for Thunderbird on macOS (paid accounts only)

Install Thunderbird on macOS

Navigate to Thunderbird's download page and click on the Free Download button. Once the installer is downloaded, it should open by itself and mount a new volume containing the Thunderbird application. If not, open the downloaded Thunderbird .dmg file and drag the appearing Thunderbird icon on top of the Application folder. For easy access, open the Applications folder and drag the Thunderbird icon to your dock.

Install Protonmail Bridge on macOS

Thunderbird integrates nicely with Protonmail, making sure emails stay encrypted when they enter and leave your computer. This is handled by the so-called Bridge application, available to paid users only. Download Protonmail Bridge for macOS. Once the installer is downloaded, it should start by itself and mount a new volume containing the Protonmail application. If not, open the downloaded Protonmail Bridge .dmg file and drag the Protonmail icon on top of the Application folder. For easy access, open the Applications folder and drag the Protonmail Bridge icon to your dock.

Configure Protonmail Bridge on macOS

Open the freshly installed Protonmail Bridge application and follow the setup wizard:

Steps Description
1 Log into your Protonmail account.
2 Click on your account name and then the Mailbox configuration button.
3 A window with the title Protonmail Bridge Mailbox Configuration should pop up. It displays IMAP and SMTP settings, including a password, needed later on to configure Thunderbird.

Configure Thunderbird on macOS

Now launch Thunderbird, navigate to Menu ‣ New ‣ Existing Email Account and follow the setup wizard:

Setting Description
Your name Enter the name you want others to see.
Email address Enter your Protonmail email address.
Password Copy and paste the password from the Protonmail Bridge Mailbox Configuration window (do not enter your Protonmail password, it won't work).
Remember password Check the Remember Password box to avoid re-entering the password each time you fire up Thunderbird.
Manual config Click on the Manual config button, and fill out the IMAP and SMTP settings provided in the Protonmail Bridge Mailbox Configuration window (for Authentication, select Normal password).
Re-test Click on the Re-test button to verify your connection settings.
Advanced config Click on the Advanced config button. A new window appears. Just click on the OK button, do not modify any settings in this window.
Add Security Exception Click on the Confirm Security Exception button in the pop-up window. This confirms that your computer (127.0.0.1) can run the Bridge app. You might have to confirm a second security exception later on, once you send your first email.

Show me the 3-minute summary video for Thunderbird (paid accounts only)

Courtesy of Protonmail. Instructions should similarly apply to macOS or Linux.

Show me the step-by-step guide for ElectronMail on Ubuntu Linux (no paid account needed)

Instructions Description
Download ElectronMail Download the latest ElectronMail .deb package. The file should be named something like electron-mail-X-XX-X-linux-amd64.deb. For the purpose of this tutorial, let's suppose the file was downloaded to the folder /home/gofoss/Downloads. Make sure to adjust these file paths according to your own setup. Now open the terminal with the Ctrl+Alt+T shortcut or click on the Applications button on the top left and search for Terminal. Finally, run the following commands:

cd /home/gofoss/Downloads
sudo dpkg -i electron-mail-X-XX-X-linux-amd64.deb
Create a master password Open ElectronMail and provide a strong, unique master password to protect your emails.
Login Provide your Protonmail credentials, including two-factor authentication if activated.
Domain Choose a domain from the list. There is even an Onion option to use Tor. Then click on Close.

Show me the step-by-step guide for Thunderbird on Ubuntu Linux (paid accounts only)

Install Thunderbird on Linux

If you run a Linux distribution such as Ubuntu, open the terminal with the shortcut CTRL + ALT + T, or click on the Applications button on the top left and search for Terminal. Run the following command to install Thunderbird:

sudo apt install thunderbird

Install Protonmail Bridge Linux

Thunderbird integrates nicely with Protonmail, making sure emails stay encrypted when they enter and leave your computer. This is handled by the so-called Bridge application, available to paid users only. Download Protonmail Bridge Linux. The file should be called something similar to protonmail-bridge_X.X.X-X_amd64.deb. Let's assume it has been downloaded to the folder /home/gofoss/Downloads. Open the terminal with the shortcut CTRL + ALT + T, or click on the Applications button on the top left and search for Terminal. Then run the following commands (don't forget to adjust the filename and download folder path accordingly):

sudo apt install gdebi
cd /home/gofoss/Downloads
sudo gdebi protonmail-bridge_X.X.X-X_amd64.deb

Configure Protonmail Bridge Linux

Open the Bridge application with the terminal command protonmail-bridge, or click on the Applications button on the top left, and search for ProtonMail Bridge. Follow the setup wizard:

Steps Description
1 Log into your Protonmail account.
2 Click on your account name and then the Mailbox configuration button.
3 A window with the title Protonmail Bridge Mailbox Configuration should pop up. It displays the Protonmail server settings, including IMAP, SMTP and a password needed later on to configure Thunderbird.

Configure Thunderbird on Linux

Now launch Thunderbird, navigate to Menu ‣ New ‣ Existing Email Account and follow the setup wizard:

Setting Description
Your name Enter the name you want others to see.
Email address Enter your Protonmail email address.
Password Copy and paste the password from the Protonmail Bridge Mailbox Configuration window (do not enter your Protonmail password, it won't work).
Remember password Check the Remember Password box to avoid re-entering the password each time you fire up Thunderbird.
Manual config Click on the Manual config button, and fill out the IMAP and Protonmail SMTP settings provided in the Protonmail Bridge Mailbox Configuration window (for Authentication, select Normal password).
Re-test Click on the Re-test button to verify your connection settings.
Advanced config Click on the Advanced config button. A new window appears. Just click on the OK button, do not modify any settings in this window.
Add Security Exception Click on the Confirm Security Exception button in the pop-up window. This confirms that your computer (127.0.0.1) can run the Bridge app. You might have to confirm a second security exception later on, once you send your first email.

Show me the 3-minute summary video for Thunderbird (paid accounts only)

Courtesy of Protonmail. Instructions should similarly apply to macOS or Linux.


Is Tutanota safe

Tutanota review

Tutanota is a freemium hosted secure email service, registered in Germany. Everything is end-to-end encrypted. Tutanota uses its own encryption standard, and does not support PGP. While Tutanota's apps are open source, the server-side is not.

At the time of writing, the basic account offered 1 GB storage for free. For approximately 1 to 6 EUR/month, you get access to more users and storage, as well as a plethora of features: custom domains, unlimited search, multiple calendars, inbox rules, whitelabel, calendar sharing, etc. Email imports and anonymous payment are currently not supported.

Tutanota clients

Besides webmail access on the Tutanota login page, Tutanota offers mobile apps for Android and iOS. For desktop environments, Tutanota developed its own dedicated client. More detailed instructions below.

Show me the step-by-step guide for Android

Simply download the Tutanota app from Google's Play Store or Aurora Store. Tutanota is also available on F-Droid. Alternatively, visit Tutanota's download page or Github repository to download and install the .apk file. The app contains 0 trackers and requires 9 permissions. By comparison: for Gmail it's 1 tracker and 55 permissions; for Outlook it's 13 trackers and 49 permissions; and for Hotmail it's 4 trackers and 31 permissions.

Show me the step-by-step guide for iOS

Simply download the Tutanota app from the App Store.

Show me the step-by-step guide for Windows

Simply download the installer, then click on the Run button and follow the installation wizard.

Show me the step-by-step guide for macOS

Simply download the installer, which should open by itself and mount a new volume containing the Tutanota application. If not, open the downloaded Tutanota .dmg file and drag the appearing Tutanota icon on top of the Application folder. For easy access, open the Applications folder and drag the Tutanota icon to your dock.

Show me the step-by-step guide for Linux (Ubuntu)

Simply download the installer, which should be called something like tutanota-desktop-linux.AppImage. Let's assume it was downloaded to the folder /home/gofoss/Downloads. Open the terminal with the CTRL + ALT + T shortcut, or click on the Applications button on the top left and search for Terminal. Then run the following commands (don't forget to adjust the filename and download folder path accordingly):

cd /home/gofoss/Downloads
chmod +x tutanota-desktop-linux.AppImage
Show me how to pin Tutanota to the Ubuntu dock

It's not straight forward, but Tutanota's launcher can be added to Ubuntu's application menu and pinned to the dock. Open the terminal with the CTRL + ALT + T shortcut, or click on the Applications button on the top left and search for Terminal. Run the following command:

sudo gedit /usr/share/applications/tutanota.desktop

Paste the following content into the newly created file. Make sure to point the Exec path towards the folder containing the downloaded AppImage:

#!/usr/bin/env xdg-open
[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
Exec=/home/gofoss/Downloads/tutanota-desktop-linux.AppImage
Name=Tutanota

Make the file executable:

sudo chmod +x /usr/share/applications/tutanota.desktop

Log off and back into your Ubuntu session. You should now be able to launch Tutanota from the application menu, and pin it to the dock.


Email encryption tools

Other providers

Info Description
Website disroot. org
Pricing Basic account is free (1 GB storage); extra storage for 0.15 EUR per GB per month.
Features Platform providing online services based on principles of freedom, privacy, federation and decentralization. Located in the Netherlands. Accepts bitcoin and faircoin. Full disk encryption & email encryption. Mobile app.
Anti-features Can potentially decrypt user data, as emails are reportedly stored in plain text.
Info Description
Website mailbox. org
Pricing 1 EUR/month, 2 GB storage.
Features German open source email provider, with servers located in Berlin. Offers security features such as encryption at rest, PGP, DANE, SPF and DKIM, as well as two-factor authentication, full text search, calendars, address books and task lists, CalDAV and CardDAV synchronisation.
Anti-features No mobile client, need for third party clients.
Info Description
Website posteo.de
Pricing 1 EUR/month, 2 GB storage.
Features German open source email provider, self-financed, encryption at rest, two-factor authentication, calendars and address books, CalDAV and CardDAV synchronisation.
Anti-features No spam folder, no trial or free version.
Info Description
Website kolabnow.com
Pricing 5 USD/month, 2 GB storage.
Features Swiss open source email provider, text search and tagging, filters, address books, calendars, CalDAV and CardDAV synchronisation.
Anti-features No built-in end-to-end encryption, not encryption at rest.


Forward Gmail to Protonmail

Transitioning towards encrypted emails

The transition to a new email account can take some time, similar to changing messanging apps. You'll probably want to keep your old accounts alive for a while to make sure you don't miss out on anything. Just forward any incoming message to the new account. For more instructions on how to forward emails refer to the documentation pages of Gmail, Outlook, iCloud, Yahoo and so on.

Use the transition period to scan your old email accounts for any active subscriptions and update your new personal email address!

Don't forget to communicate the new email address to your personal and professional contacts, bank, insurance, tax office, and so on. You might also want to set up an auto-reply message on your old account to keep folks informed about the change of address.

Over time, less and less emails will land in your old inbox. Eventually, it will become inactive. That's when you should consider terminating your old email account.


Protonmail Tutanota

Support

For further details or questions, refer to:


Is Protonmail safer than Gmail


Back to top