Secure E-Mail Services

Don't stay safe. Stay free.

E-Mail Services With Encryption & Privacy Protection


Tutanota.com is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since 2011 and is based in Hanover, Germany. Accounts start with 1GB storage with their free plan. Tutanota doesn't allow the use of third-party email clients. There are plans to allow Tutanota pull email from external email accounts using the IMAP protocol. Email import is currently not possible. Emails can be exported individually or by bulk selection. Tutanota does not allow for subfolders as you might expect with other email providers. Tutanota is working on a desktop client and they have an app available in F-Droid. They also have their app in conventional stores such as App Store on iOS and Google Play for Android.

Operation outside the USA or other Five Eyes countries

Public-facing ownership

Privacy policy that meets the GDPR requirements

Strong, extensive and audited end-to-end-encryption (E2EE)

Protection of sender's IP address

Self hosted analytics, not from third party provider

DNSSEC support

Valid MTA-STS and TLS-RPT policy

Valid DANE records

Valid SPF, DKIM and DMARC, with policy p value set to none, quarantine or reject

Server suite preference of TLS 1.2 or later

No SMTPS submission, because SMTP isn't used

Functional range

Usability

Server speed


Mailbox.org is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since 2014. Mailbox.org is based in Berlin, Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.

Operation outside the USA or other Five Eyes countries

Public-facing ownership

Privacy policy that meets the GDPR requirements

Encryption at rest,
e.g. dm-crypt

Protection of sender's IP address

Self hosted analytics, not from third party provider

DNSSEC support

Valid MTA-STS and TLS-RPT policy

Valid DANE records

Valid SPF, DKIM and DMARC, with policy p value set to none, quarantine or reject

Server suite preference of TLS 1.2 or later

SMTPS submission

Functional range

Usability

Server speed


Posteo.de is an email provider that focuses on anonymous, secure, and private email. Their servers are powered by 100% sustainable energy. They have been in operation since 2009. Posteo is based in Germany and has a free 14-day trial. Posteo comes with 2 GB for the monthly cost and an extra gigabyte can be purchased for €0.25 per month.

Operation outside the USA or other Five Eyes countries

Public-facing ownership

Privacy policy that meets the GDPR requirements

Encryption at rest,
e.g. dm-crypt

Protection of sender's IP address

Self hosted analytics, not from third party provider

DNSSEC support

Valid MTA-STS and TLS-RPT policy

Valid DANE records

Valid SPF, DKIM and DMARC, with policy p value set to none, quarantine or reject

Server suite preference of TLS 1.2 or later

SMTPS submission

Functional range

Usability

Server speed


Disroot.org offers email amongst other services. The service is maintained by volunteers and its community. They have been in operation since 2015. Disroot is based in Amsterdam. Disroot is free and uses open source software such as Rainloop to provide service. Users support the service through donations and buying extra storage. The mailbox limit is 1 GB, but extra storage can be purchased 0.15€ per GB per month paid yearly.

Operation outside the USA or other Five Eyes countries

Public-facing ownership

Privacy policy that meets the GDPR requirements

Encryption at rest,
e.g. dm-crypt

Protection of sender's IP address

Self hosted analytics, not from third party provider

DNSSEC support

Valid MTA-STS and TLS-RPT policy

Valid DANE records

Valid SPF, DKIM and DMARC, with policy p value set to none, quarantine or reject

Server suite preference of TLS 1.2 or later

SMTPS submission

Functional range

Usability

Server speed


ProtonMail.com is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since 2013. ProtonMail is based in Genève, Switzerland. Accounts start with 500 MB storage with their free plan. Free accounts have some limitations and do not allow the use of the ProtonMail Bridge, which is required to use a recommended email client (e.g. Thunderbird) or to search email by body text. Paid accounts are available starting at €48/y which include features like ProtonMail Bridge, additional storage, custom domain support, and more.

Operation outside Fourteen Eyes countries (incl. the USA)

Public-facing ownership

Privacy policy that meets the GDPR requirements

Strong, extensive and audited end-to-end-encryption (E2EE)

Protection of sender's IP address

Self hosted analytics, not from third party provider

DNSSEC support

Valid MTA-STS and TLS-RPT policy

Valid DANE records

Valid SPF, DKIM and DMARC, with policy p value set to none, quarantine or reject

Server suite preference of TLS 1.2 or later

SMTPS submission

Functional range

Usability

Server speed


StartMail.com is an email service with a focus on security and privacy through the use of standard OpenPGP encryption. StartMail has been in operation since 2014 and is based in Boulevard 11, Zeist Netherlands. Accounts start with 10GB. They offer a 30-day trial.

Operation outside the USA or other Five Eyes countries

Public-facing ownership

Privacy policy that meets the GDPR requirements

Strong, extensive and audited end-to-end-encryption (E2EE)

Protection of sender's IP address

Self hosted analytics, not from third party provider

DNSSEC support

Valid MTA-STS and TLS-RPT policy

Valid DANE records

Valid SPF, DKIM and DMARC, with policy p value set to none, quarantine or reject

Server suite preference of TLS 1.2 or later

SMTPS submission

Functional range

Usability

Server speed


Watchlist Of E-Mail Services
(NOT RECOMMENDED YET)


Criptext.com email service utilizes the open source Signal Protocol library, which protects your privacy and security throughout your entire Criptext experience. All your emails are locked with a unique key that‘s stored on your device alone, which means only you and your intended recipient can read the emails you send.

Communication with external e-mail receivers and senders is not sufficinet protected yet (by MTA-STS, DANE and SMTP TLS).


E-Mail Services With Serious Security Issues
(THE USE IS STRONGLY DISCOURAGED)

Communication is not secure with the following services. Be aware of the danger of their use. With the below mentioned services, you have no control over which unauthorized or unwanted individuals or organizations may track your communications with certain or even full details. In addition, you give up the control over what happens to your private data and how they are used in favor of unknown groups and also against you. Furthermore, users expose themselves to dangers of cyber attacks and other criminal activities with the possibility of personal and financial damages. Please read the linked articles to learn more about the shortfalls.
The following list is not complete. It only shows a selection of popular services.