Proton Mail review: encrypted email, in practice
- VersionDude
- Tooling
- 5 min read
What Proton Mail actually offers — end-to-end encryption, open-source apps and a Swiss privacy base — and where its trade-offs lie.
Proton Mail is an email service built around end-to-end and zero-access encryption, designed so that messages are stored encrypted in a way that, by design, Proton itself cannot read. This is the core difference from mainstream providers: rather than encrypting only the connection while keeping readable copies of your mail on its servers, Proton stores your mailbox in a form it has no key to. The provider's promise is therefore enforced by cryptography rather than by policy alone.
In daily use it behaves like a normal mailbox. There are web, desktop and mobile applications, folders and labels, search, and the everyday features you expect from email. The encryption largely happens invisibly in the background, so the learning curve for an average user is gentle. For most people, switching to Proton Mail feels less like adopting a security tool and more like changing email providers.
Mail between Proton users is automatically end-to-end encrypted, meaning only the sender and recipient can read it. For messages to people on other providers, Proton offers password-protected messages: the recipient receives a link and opens the message after entering a shared password, which extends end-to-end protection beyond the Proton ecosystem when you need it. This is an explicit, opt-in step rather than something that can happen automatically with an arbitrary external address.
The plans follow a familiar pattern. A free tier exists with limited storage and a single address, which is enough to evaluate the service or run a low-volume mailbox. Paid plans add more storage, custom domains, additional aliases, and access to the wider Proton suite. Pricing and exact limits change over time, so the sensible approach is to start on the free tier and upgrade only once you know the service fits your habits.
Proton Mail also fits into a broader ecosystem, which is part of its appeal. The same account can extend to Proton's calendar, drive, password manager and VPN, all sharing the privacy-first philosophy and a single login. For someone consolidating away from an ad-funded ecosystem, this gives a coherent set of tools rather than a single isolated app.
The honest trade-offs deserve to be stated plainly. End-to-end encryption only fully applies between Proton users or with password-protected messages; an ordinary email to a standard Gmail account cannot be magically end-to-end encrypted, because that is a limitation of how email works across providers. Some convenience features also differ from mainstream services precisely because of the encryption model, and a few integrations common elsewhere are handled differently here.
Encrypted search is a concrete example of the trade-off in action. Because the server cannot read your stored mail, certain operations that other providers perform server-side have to be approached differently, which can affect how features behave compared with what heavy Gmail users are used to. These are not flaws so much as the natural consequences of a design that prioritises the provider not being able to read your data.
It is also worth setting realistic expectations about metadata and recipients. Encrypting message bodies does not encrypt the fact that an email was sent, and a message to an external provider is only as private as that provider and recipient make it. Proton Mail protects what it can within the constraints of the email system; it cannot retroactively secure the other side of a conversation, and being clear about that boundary is part of using it well.
For anyone who wants email that the provider cannot mine, those trade-offs are usually worth it. Proton Mail is one of the most credible, openly auditable options available for people moving away from ad-funded email, and it manages to deliver strong privacy without demanding deep technical knowledge. If your goal is a mainstream-feeling mailbox whose contents stay genuinely private, it is one of the easiest credible starting points you can choose.
The service is based in Switzerland and operated by Proton AG, which places it under Swiss privacy law — a jurisdiction often chosen for its strong data-protection traditions. Just as importantly, its client applications are open source, which lets independent reviewers examine how the cryptography is actually implemented. The combination of a privacy-friendly legal base and auditable code is a large part of what gives Proton Mail its credibility.