Email was never meant to be safe. Most people don’t realise that others can easily see what you write in an email, which is why it’s a good idea to use the most secure email service you can find.
Compared to more modern forms of business communication, such as Zoom, Slack, and Microsoft Teams, email is an ageing technology and has limitations that can lead to security issues. However, over the years, security researchers have made email more secure in an age when hackers are never far away.
What to look for in a secure email service
The state of ransomware in retail 2021
Insights into the current state of ransomware in the retail sector
Whether you’re a home user or work for a large corporation, it’s good to know what security features your email service has. Below, you’ll find some features you should look for in secure email service and how they may benefit you.
End-to-end encryption
End-to-end encryption disguises data in order to prevent it from being read or changed, and sending an email over this secure communication system means only the device it’s sent to can decrypt it, with the use of a private decryption key.
This method is considered one of the safest because it prevents third parties from being able to access the secure file while it’s being transferred within the end-to-end system.
PGP encryption
Pretty Good Privacy (PGP) is seen as a fairly standard encryption service, but it’s extremely difficult to hack. This is a key reason why this email security tool is still used today, using a combination of data compression, private-key and public-key cryptography, since its conception in 1991.
The way it works is that each user of this system has an encryption key that is known publicly; this changes the contents of a secure text file or email into a complex code of characters. This code is then sent to the recipient who uses their private PGP encryption key to turn the characters back into a readable message.
Without access to the public and private encryption keys, others won’t be able to read the contents.
Two-factor authentication
Two-factor authentication, or 2FA, is a protective feature that means that in order to read a secure message or email, the recipient needs a password or code that’s sent to them to decrypt it; this can either be by text message or an authenticator app on your phone.
With this method, businesses can enable their employees to access messages from wherever they are, and decrease the chances for hackers to gain access without the authentication passwords.
Server location
An email server’s location has a bearing on how secure it is. Countries like the US and UK share intelligence data about citizens, and this data can be collected from servers based in those countries.
Other countries — Germany and Switzerland, for example — have tougher privacy laws, so many secure email services are based there to prevent snooping.
What secure email services are available?
There are plenty of secure email services available. Here are six of the most secure options.
ProtonMail
URL: www.protonmail.com
Price: From £0 up to £6.83 (€8.00 / $9.45) per user per month
Storage: 500MB – 20GB
One of the world’s largest secure email services, ProtonMail offers end-to-end encryption and a raft of other security features, such as encryption via secure implementations of AES (Advanced Encryption Standard), RSA, and OpenPGP.
You can also send end-to-end encrypted emails to non-ProtonMail users by sending the recipient a link that displays the encrypted message on their browser. You can then share a passphrase with the recipient to decrypt the message.
The company says it can’t read any emails it hosts because the data is encrypted so it’s inaccessible to the provider. The provider can’t decrypt the data either, so it can’t hand it over to third parties.
Plus, it’s based in Switzerland, which has some of the world’s strictest privacy laws. It also has a no-logs policy and offers self-destructing emails.
Tutanota
URL: www.tutanota.com
Price: From £0 to £4.10 (€4.80 / $5.67) per user per month
Included storage: 1GB – 10GB
Paid storage: Up to 1TB at £51.24 (€60.00 / $70.89) per month
This Germany-based secure email service provider offers a GDPR-compliant email service with built-in encryption and a secure calendar that allows no one but you to see your appointments. It also has desktop apps for Windows, macOS, and Linux and mobile apps for iOS and Android.
It uses AES-128 symmetric encryption or RSA-2048 asymmetric encryption, depending on the email recipient. The service also obfuscates email subject lines and attachment names.
Other security features include end-to-end encrypted mailbox, end-to-end encrypted address book, automatic end-to-end encrypted emails between users, end-to-end encrypted emails to any email address via a password.
It also has a secure password reset that gives the company no access at all. Users can execute a full-text search of encrypted data locally. There is also TLS with support for PFS, DMARC, DKIM, DNSSEC, MTA-STS.
MailFence
Price: From £0 to £21.35 (€25 / $29.54) per month
Storage: 500MB – 50GB
MailFence is encrypted with a secure, open-source implementation of OpenPGP and offers cloud-based calendar, contact, and document tools. Existing PGP users can also import and manage their keypairs in the app.
It offers end-to-end encryption and digital signatures with data stored on Belgian servers. Customers can send encrypted messages to users who don’t use PGP. It also offers SSL/TLS, Perfect Forward Secrecy (PFS), MTA-STS, and HSTS for protecting your data while in motion.
This Belgium-based secure email service donates 15% of the Pro and Ultra plans revenues to support the Electronic Frontier Foundation and the European Digital Rights Foundation.
Hushmail
URL: www.hushmail.com
Price: £36.13 (€42.30 / $49.98) [personal account per year]; £4.33 (€5.07 / $5.99) per user per month [small businesses]; £7.22 – £28.19 (€8.46 – €33.01 / $9.99 – $39.00 per month [health care]; (€8.46 / $9.99) per month [law]; and £2.88 (€3.38 / $3.99) per user per month [non-profits]
Storage: 10GB (personal, small business, law); 10-15GB per user (health care); and 10GB per user (non-profits)
Hushmail offers end-to-end encryption using open-source OpenPGP, but subject lines are unencrypted. User passwords are also hashed, and Hushmail uses a zero-knowledge model. Plus, the company can’t decrypt emails without a password.
However, if the provider gets an enforceable order under British Columbia law, they’ll have to reveal data in an unencrypted format.
Mailbox.org
URL: www.mailbox.org/en/
Price: £0.85 (€1.00 / $1.18) per month to £7.69 (€9.00 / $10.63) per user per month
Storage: 2 GB- 25GB (50GB cloud storage)
Mailbox.org is a Germany-based secure email provider and is compatible with mobile devices and third-party clients. Mailbox.org also offers cloud storage and secure video conferencing features.
The service allows users to register anonymously without having to enter any personal details. SSL/TLS encryption protects data transmission, and it uses full PGP encryption. Users can choose to prevent sending mail to recipients without secure mailboxes.
The provider also uses (EC)DHE algorithms for Perfect Forward Secrecy (PFS), which prevents any possible decryption of recorded data traffic in the future. Mailbox.org secures its domain with DNSSEC and DANE/TLSA and uses HSTS, CAA, CSP, MTA-STS, and X-XSS to prevent man-in-the-middle attacks (MitM).
Posteo
URL: www.posteo.de/en
Price: £0.85 (€1 / $1.18) per month
Storage: 2GB
Paid storage: £0.21 (€0.25 / $0.30) per month per additional GB (up to 20GB)
Posteo works on any device to enable cross-platform synchronization and includes spam and anti-virus filters. Plus, it strips identifying IP addresses from all emails. Users can sign up for and pay for the service anonymously. The firm is headquartered in Berlin, Germany, where it has been running since 2009.
Posteo also uses TLS with Perfect Forward Secrecy (PFS), DANE/TLSA, HTTP Strict Transport Security HSTS, SSH
Its servers’ hard disks are AES encrypted to prohibit data theft and unauthorized access and are in a highly secure German data center. There is also optional on-server email encryption with RSA, AES, HMAC, and bcrypt hashing.
Emails sent using Posteo’s webmail interface contain neither a user’s local nor public IP address. Users can secure Posteo accounts with two-factor authentication and set it up on all devices with free apps.
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device program
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain security
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirements