The best encrypted email services

  • VersionDude
  • Tooling
  • 6 min read

What "encrypted email" really means, the difference between zero-access and end-to-end, and the services that do it credibly.

Ordinary email is far less private than most people assume. It is typically transmitted with transport encryption, which protects messages while they travel between servers, but the provider still stores your mail in a form it can read — and historically many providers have scanned that content to build advertising profiles. Transport security is necessary, but on its own it does nothing to stop the company holding your inbox from reading it.

'Encrypted email' usually refers to something stronger, and the term covers two distinct ideas worth separating. Zero-access encryption means the provider cannot read your stored mail, because it does not hold the key to your mailbox. End-to-end encryption means only the sender and recipient can read a particular message, with no readable copy existing on any server in between. A service can offer one, both, or neither, so it pays to know which you are actually getting.

— VersionDude

The distinction matters because it sets the limits of what a provider can protect. Zero-access encryption secures everything in your own mailbox against the provider and against a server breach. End-to-end encryption secures an individual conversation against everyone except the two endpoints. Strong encrypted-email services aim to give you zero-access storage by default and end-to-end encryption wherever the recipient's setup allows it.

Proton Mail is the most established option in this space. It offers zero-access storage so it cannot read your saved mail, end-to-end encryption between its own users, open-source client applications that allow the cryptography to be reviewed, and a Swiss legal base. That blend of an auditable implementation and a privacy-oriented jurisdiction is what has made it the default recommendation for people who want private email without becoming cryptography experts.

  • Transport encryption protects mail in transit but not from the provider itself
  • Zero-access encryption: the provider cannot read your stored mail
  • End-to-end encryption: only the sender and recipient can read a message
  • Proton Mail and Tuta are the leading open-source, auditable options
  • No service can end-to-end encrypt a message to a standard Gmail account

Tuta, formerly known as Tutanota, is another open-source, end-to-end encrypted provider that takes its own distinct approach. Notably, it encrypts not just message bodies but also subject lines and the broader mailbox, and it is based in Germany. Because its encryption model is built differently from Proton's, it also interoperates differently with the outside world, which is a reminder that 'encrypted email' is implemented in more than one way.

A laptop keyboard lit in blue, suggesting cyber security.
A laptop keyboard lit in blue, suggesting cyber security.

A limitation applies to every service equally, and no provider can engineer around it. No service can magically encrypt a message end-to-end to someone using a normal Gmail or Outlook account, because the recipient simply has no key with which to decrypt it. This is a property of how interoperable email works, not a shortcoming of any particular product, and any vendor claiming otherwise should be treated with suspicion.

The realistic goal, then, is twofold. First, keep your own stored mail private from the provider through zero-access encryption, so a breach or a curious company cannot read your inbox. Second, achieve true end-to-end encryption with the contacts who are on the same system, or by using password-protected messages for those who are not. Framed this way, encrypted email is about meaningfully reducing exposure rather than achieving an impossible absolute.

When evaluating a service, look past the marketing to a few concrete signals. Are the client apps open source and have they been independently reviewed? What exactly is encrypted — only message bodies, or subjects and metadata too? Where is the company based, and what is its track record on transparency? These questions separate services with genuine, auditable encryption from those that merely use the word in their branding.

There are also trade-offs to accept in exchange for privacy. Encrypted mailboxes can behave differently from mainstream ones in areas like server-side search, automatic filtering, and integrations, precisely because the provider cannot read your content. For most people these differences are minor next to the benefit of a mailbox the provider cannot mine, but going in aware of them prevents disappointment.

For most people who want a private mailbox that the provider cannot read, Proton Mail is the easiest credible starting point, with Tuta as a strong open-source alternative for those drawn to its full-mailbox encryption. Choose the model that fits how you communicate, set realistic expectations about messages to outside providers, and you will have meaningfully better email privacy than the default offered by ad-funded services.

#Toolingopen sourcewebVersionDude

Related project

A padlock on a circuit board representing digital security
Tooling

The best open-source password managers

Server hardware in a data centre
Tooling

Self-hosted password managers: full control of your vault

Program code displayed in a terminal
Tooling

Secrets management tools for developers