Email is an integral part of our everyday lives. It is important to be aware of all secure email providers.
Hosting services like Kinsta have received hundreds of 5-star ratings. Every day.
Really love the level of experience and support Kinsta’s live chat engineers provide. The 24/7 support is a game-changer for large sites, especially ecommerce.
Find out why>
The average person spends over five hours per day checking their work and personal email.
But while email is valuable and efficient, it’s not very secure. At least not if you’re using a standard email provider like Gmail or Outlook.
Email is one of the easiest ways for hackers to access your company’s data. To protect your email and all the information sent daily, you need a secure email provider.
This article introduces the top 13 secure email providers and helps you pick the right one for your business.
What Are Secure Email Providers?
A secure email provider has features designed to keep your email account and the content of your emails secure.
Usually, this is done through end-to-end encryption. End-to-end encryption means that the email is encrypted on its entire journey from sender to recipient.
End-to-end encryption. (Source: Demand PreVeil)
However, there’s no standard definition of secure email — any email provider can call itself secure.
For that reason, when you choose a secure email provider, you have to pay attention to the type of encryption and other security practices used.
The average person spends over five hours per day checking their work and personal email.
You want to make sure that your provider is the best.
Click to Tweet
Why do you need a secure email provider?
Let’s take a look at what happens when emails are sent from a standard email provider such as Gmail to understand why secure mail is so important.
Gmail does not lack security features. Gmail and many other major providers use Transport Layer Security (TLS encryption to encrypt emails in transit between your computer (and the server)
Google encrypts data once they reach the server. Google has full access.
Google no longer scans your email to deliver ads to you, as it did in 2017. Google scans your emails for features such as Smart Reply.
Gmail and other providers can also give access to your email to third parties easily.
Now your email has left Google’s server and is traveling to its destination. TLS is used by most major email providers. The email will still be protected during transit if the recipient uses it.
If the recipient does not use TLS, then the email will not be encrypted and can easily be intercepted.
Even if an email is encrypted during transit, it might not be secure once it reaches its destination email server. Some email providers do not encrypt emails sent to them.
How can secure email providers protect your email?
End-to-end encryption is used to protect your email by the most secure email providers.
This means that even the email provider has no access. Only the recipient can see encrypted emails if they have authentication.
Providers may also use the Sender Policy Framework to authenticate your emails and protect you further.
SPF allows you to refuse an email sent by someone to your address that was not from a valid IP address.
To switch to a secure email provider, do you need to change your email address?
Most cases will require you to create a new address for your email provider.
You can forward your emails to your new email address as long as you have an old email account. Keep in mind, however, that forwarded emails are sent through the old provider’s servers so they don’t have an end-to-end encryption.
You can migrate from an old email provider to a secure email provider with additional features.
How to choose a secure email provider
Every secure email provider offers a unique set of features. These are some things to consider.
Some countries, including the United States of America, share intelligence data gathered via email servers.
If you are more concerned about hackers than the government agencies, this might not matter to you.
For activists and other people who wish to keep their email safe from government hands, an ideal provider of email would be one located in Switzerland or Germany, Norway, Sweden, Belgium, Norway or Norway. All have stricter privacy laws.
We have already talked about the differences between transport encryption such as TLS and end-to-end encryption.
There are many types of end-to-end encryption.
You can choose between symmetric and asymmetric encryption, for example. Symmetric encryption employs a single key to decrypt and encrypt data. This key must be available to both the sender as well as the recipient.
Asymmetric encryption, also known as public-key encryption or encryption, refers to two sets of keys that are used to encrypt data.
To encrypt the message, the sender uses the public key of the recipient. The public key is mathematically linked with a private key that the recipient only knows. A private key can decrypt the email.
Although symmetric encryption is slower and less straightforward than symmetric encryption it provides an additional layer of security.
Two-Factor Authentication (2FA)
It’s not enough to choose a provider that offers strong encryption. You also need to ensure your account credentials remain secure.
Two-factor authentication is a way to ensure that your password is not stolen in order to gain access to your email account. Another form of authentication is required.
The first factor is something that you are familiar with, such as a password. The second factor is something you already have, such as your mobile phone. Two-factor authentication is most commonly done by texting you a unique code that you can use along with your username or password.
Example of two-factor authentication. (Source: Imperva)
Metadata Header Stripping
An email usually contains metadata about its recipient and the sender’s computer, browser, and network.
Many secure email providers strip this information out.
Open source software makes its source code available for users and developers. This means that anyone can examine the product’s code to ensure it’s secure.
Other Encrypted Features
Your standard email provider might also provide other tools, like Google Calendar and Google Drive with Gmail.
Some secure email providers offer similar features, but they’re encrypted — for example, a secure calendar or secure cloud storage.
Usability on Desktop and Mobile
You’re switching to secure email for the data encryption, but that doesn’t mean the user experience isn’t important.
If you like to check your email on a mobile device, choose an email provider that works well on mobile. You can’t always add a secure provider to your favorite mail client app.
13 Top Secure Email Providers in 2021
Let’s break down the top 13 secure email providers, including their key features and pricing.
ProtonMail is the most well-known secure email provider.
It’s open source, based in Switzerland, and provides end-to-end asymmetric encryption. You can use ProtonMail for free if you’re sending fewer than 150 messages per day and don’t need a lot of storage.
One neat feature of ProtonMail is self-destructing emails. You set an expiration date for an email, and it’s deleted from the recipient’s inbox at that time.
With ProtonMail, your data is stored using zero-access encryption. That means ProtonMail itself doesn’t know your password and can’t decrypt your emails. (It also means they can’t reset your password).
ProtonMail also offers a mobile app for Android and iOS.
Servers based in SwitzerlandOpen sourceEnd-to-end encryptionZero-access encryptionSelf-destructing emailsMobile appCustom domains with paid plans
Free: 1 user, 500 MB storage, 150 messages per dayPlus: $5/month for 1 user, 5 GB storage, 1,000 messages per dayProfessional: $8/month/user for 1–5,000 users, 5 GB storage per user, unlimited messagesVisionary: $30/month for 6 users, 20 GB, unlimited messages
Mailbox.org is a secure email service aimed at business users looking for an alternative to Google or Microsoft tools. In addition to email, it offers encrypted cloud storage, video conferencing, an address book, a calendar, and a task planner.
This email provider uses PGP encryption, a public-key encryption program that has become standard for email encryption.
There’s no free plan, but Mailbbox.org is relatively affordable. You can register and make payments for the service anonymously.
Mailbox.org also prides itself on being powered by eco-friendly energy.
Server based in GermanyPGP encryptionEncrypted cloud storageVideo conferencingCalendarEco-friendlyNo free plan
Standard: €3/month for 10 GB mail storage and 5 GB cloud storagePremium: €9/month for 25 GB mail storage and 50 GB cloud storageLight: €1/month for 2 GB mail storage, no cloud storage
3. Zoho Mail
Zoho Mail has a free version that anyone can use, but the service is precious for business users. The Workplace plan offers a word processor, spreadsheet software, webinar platform, chat feature, and other collaboration tools.
It encrypts your emails in transit and on the Zoho servers using a type of asymmetric cryptography called S/MIME. A digital signature unique to each user ensures that the email isn’t spoofed.
Zoho Mail gets excellent reviews for its ease of use. Its control panel lets you manage the settings for all of your organization’s mailboxes from one place.
Servers located around the worldEnd-to-end encryptionCalendarContact portalCollaboration toolsEmail recallMobile apps
Mail lite: $1 or $1.25/month for 5 GB or 10 GB per monthMail premium: $4/month for 50 GB per userWorkplace: Custom pricing starting from $3/month
Tutanota is another open source secure email provider with end-to-end encryption and two-factor authentication.
Tutanota is very serious about privacy. Instead of PGP, it uses AES and RSA encryption. These systems use the same algorithms as PGP, but they add an extra layer of security by combining symmetric and asymmetric keys.
Other security features are image blocking, header stripping, and warnings about phishing attacks.
The free plan is only for private use and gives you 1 GB of storage and a single calendar.
Sign Up For the Newsletter
Want to know how we increased our traffic over 1000%?
Join 20,000+ others who get our weekly newsletter with insider WordPress tips!
Server located in GermanyEnd-to-end encryptionTwo-factor authenticationMetadata strippingEncrypted contacts and calendarsAdd an encrypted contact form to the websiteCustom domains on paid plansUnlimited messages, even in the free version
Free: 1 GB of storagePremium: €1/month for 1 GB of storageTeams: €4/month for 10 GB of storageNumerous add-ons available
Posteo is popular with activists and journalists who need to remain anonymous, as it allows you to register and pay anonymously.
Posteo encrypts your data in transit and at rest. Although Posteo doesn’t use end-to-end encryption by default, you can choose to enable it. Support for POP and IMAP allows you to use Posteo in an email client like Outlook.
If you’re switching from another email provider, Posteo’s migration service makes it painless by migrating your archived emails, folder structure, contact list, and calendar.
According to Posteo, its servers and offices run entirely on green energy from Greenpeace Energy.
Server located in GermanyEnd-to-end encryption availableOpen sourceEncrypts subject, headers, body, metadata, and attachmentsSupports POP, SMTP, and IMAP protocolsAllows anonymous cash paymentsNo free plan
€1/month for 2 GB storageAdditional storage: €0.25/GB/monthOther add-ons available
Thexyz is a lesser-known secure email provider. It doesn’t have built-in end-to-end encryption, but you can use OpenPGP end-to-end encryption with a browser add-on called Mailvelope. Your email is also protected with spam filters and firewalls.
Thexyz is Canadian, with a lot of its servers located in the U.S. — not the best if you’re looking for privacy from government agencies.
The migration service will help you move your email, calendar, and contacts from Office 365, Gmail, and other email providers.
Servers primarily based in the U.S., with a few in EuropeIMAP, POP, and OpenPGP supportTwo-factor authenticationCalendarsSpam filterSSL encryptionDeleted email restorationMobile appsNo free plan
Premium Webmail: $2.95/month for 25 GB of storageAdd-ons available
PrivateMail offers end-to-end OpenPGP encryption and other security features like self-destructing emails.
PrivateMail sets itself apart from other secure email services in its cloud storage. Your data is secure in the cloud, thanks to AES 256 encryption. When you download your files, you can decrypt them locally or leave them encrypted.
PrivateMail also provides secure file sharing with end-to-end encryption.
The downside to PrivateMail is that it’s based in the U.S. It’s also more expensive than most of the other options.
All Kinsta hosting plans include 24/7 support from our veteran WordPress developers and engineers. Chat with the same team that backs our Fortune 500 clients. Check out our plans!
Servers based in the U.S.End-to-end encryptionSecure cloud storageSelf-destructing emailsAES 256 file encryptionEncrypted file sharingNo free plan
Standard Plan: $8.95/month for 10 GB email storage and 10 GB cloud storagePrivateMail Pro: $15.95/month for 20 GB email storage and 20 GB cloud storage
StartMail is a secure email service managed by the same people who operate the private search engine Startpage.
Startmail uses PGP encryption and can work with other PGP clients. You can send encrypted messages to non-PGP users if they know the answer to a secret question.
While Startmail doesn’t have a free plan, it does offer a 30-day free trial.
Servers based in the NetherlandsEasy PGP encryptionIMAP and SMTP supportObscures IP address and hostnameCan use your domainNo free plan
Personal account: $35.99/yearBusiness account: $59.95/year
Hushmail is one of the oldest secure email providers and is known for being simple to use. It uses OpenPGP encryption.
Hushmail is popular in healthcare due to its focus on HIPAA compliance. The Hushmail for Healthcare plan lets you encrypt emails containing personal health information. To help in an audit, it creates a separate archive account that keeps track of all emails sent or received by all users in your domain.
There are also plans for personal use, small businesses, and lawyers.
Hushmail encrypted email.
Servers based in CanadaPGP encryptionIMAP and POP supportTwo-factor authenticationSpam filterSecure web formsElectronic signaturesPrivate message centerMobile appSupport for HIPAA compliance
Hushmail for Healthcare: From $9.99/monthHushmail for Small Business: From $5.99/monthHushmail for Law: From $9.99/monthHushmail for Personal Use: From $49.98/year
CounterMail is serious about security.
Like many of the providers on this list, CounterMail uses PGP encryption. It also enhances that encryption with AES and RSA algorithms. You can further protect your data by configuring a USB key for two-factor authentication.
CounterMail’s Sweden-based servers are unique in that they don’t have hard drives, instead of starting from CD-ROM for extra security.
Safebox is CounterMail’s password manager. All of the usernames and passwords in the Safebox are protected with one master password, which can’t be retrieved if you forget it.
You can get a ten-day free trial if you already know someone who uses CounterMail.
Diskless servers based in SwedenEnd-to-end encryptionTwo-factor authenticationAnonymous email headersDoesn’t keep IP logsUSB key optionIMAP supportPassword managerNo free plan
$29/6 months, $49/year, or $79/2 yearsAdded storage available starting at $19 for 250 MB
Mailfence is a secure email provider offering end-to-end encryption and two-factor authentication. It has a free plan with 500 MB of storage.
Mailfence uses OpenPGP encryption and offers digital signatures. It also has a password manager.
It’s not the most secure solution out there, but it offers a suite of office tools like calendars and messaging. For users who have been using Gmail or Outlook and want something more secure with a similar level of usability, Mailfence is a strong choice.
Servers based in BelgiumEnd-to-end encryptionTwo-factor authenticationPOPS, IMAPS, and SMTPS supportPassword managerCalendarsMessagingDocument storage
Free: 500 MB of emails and 500 MB of documentsEntry: €2.50/month for 5 GB of emails and 12 GB of documentsPro: €7.50/month for 20 GB of emails and 24 GB of documentsUltra: €25/month for 50 GB of emails and 70 GB of documents
Runbox is a Norway-based email provider. It protects your email using PGP encryption and two-factor authentication.
You can allow IP addresses to access your Runbox account and see a list of the latest successful and failed login attempts.
Runbox is committed to being ethical and environmentally friendly, powering its servers with renewable energy from hydroelectric power plants.
Servers based in NorwayTwo-factor authenticationIP allowlistingVirus and spam filtersPOP, IMAP, SMTP, and WAP supportNo free plan
Micro: $19.95/year for 2 GB of email storage and 200 MB of file storageMini: $34.95/year for 10 GB of email storage and 1 GB of file storageMedium: $49.95/year for 25 GB of email storage and 2 GB of file storageMax: $79.95/year for 50 GB of email storage and 5 GB of file storage
13. Kolab Now
Kolab Now provides secure email and a collection of tools like calendars, notes, and video conferencing.
Based in Switzerland, Kolab Now offers the option of end-to-end encryption and is GDPR, HIPAA, and PCI compliant.
Servers based in SwitzerlandEnd-to-end encryptionOpen sourceCalendarsNotesContactsVideo conferencing
Just email: CHF 5.00/monthFull Kolab: CHF 9.90/month
The Best Secure Email Provider for Your Business
The best secure email provider for your business depends on your needs. Here are a few recommendations to consider:
For the best all-around secure email provider, try ProtonMail or TutanotaFor a top free secure email provider, try ProtonMail’s free planFor the most secure email provider, try CountermailFor a secure email provider with collaboration features for enterprises, try Zoho Mail
Email is one of the easiest ways for hackers to get access to your company’s data
This post will ensure your safety.
Click to Tweet
Email is vital for business communication but has its flaws. Consider switching to a safer provider if you are sending any private information via email.
Learn more about email strategy and how it can help your business. These email marketing software suggestions and tips will help you get started.
The post The Top 13 Most Secure Email Providers for 2022