ProtonMail

You probably don't pay money for your webmail account, but that doesn't mean it's free. You pay with your privacy, allowing the provider to mine your messaging for data that helps target advertisements. Had enough of that? Consider switching to a security-first encrypted email provider like ProtonMail. You can use it for free, with some limits, or pay a small monthly fee to raise those limits and add features. ProtonMail stores your data using zero-access encryption, which means that nobody but you can access it—neither a disgruntled employee nor a lawyer waving a subpoena. And when you communicate with other users of the service, your messages are encrypted end-to-end. You can also apply password protection for messages to non-users.

Setting up a free account is a total snap. You start by picking a username. As with any webmail service, this name must be unique, but given the smaller pool of users you may be able to snag a name like billgates rather than billgates_123456. Most users will stick with protonmail.com as the domain, though a Swiss version, protonmail.ch, is also available. Add a strong password to protect your account, and an optional recovery email. As a final step, verify that you're human using a code sent by email or SMS. You can also prove your humanity by making a small donation. That's it.

Clearly you should start out with the free edition, to see how it suits you. If you like it fine, but run up against its limitations, or wish for premium-only features, it's not expensive. You can pay $5 per month or $48 per year.

If the ProtonMail name sounds familiar, you're probably thinking of ProtonVPN, a VPN service that's strongly focused on physical security. Both products come from the same company, Proton Technologies.

Wait, Isn't Gmail Encrypted?

You may remember a while ago when Google tweaked Gmail so it always uses a secure HTTPS connection. When it sends your messages, it uses the standard encrypted Secure Sockets Layer (SSL). As of a couple years ago, Google says it no longer reads your mail. However, it's easy to accidentally give mail-reading permission to third-party apps. And Google does read your messages sufficiently to do things like automatically put airline flight notifications in your calendar. Google has a policy for when it releases your email to government entities, clearly indicating that it can do so if compelled.

ProtonMail naturally uses HTTPS and SSL, but it doesn't stop there. Before it securely sends your messages, it actively encrypts them using public key cryptography. It stores your messages in zero-access encrypted form, meaning that the company can't give your messages to a government entity even if subpoenaed, and a sneaky employee can't weasel into your private message stash. When you communicate with another ProtonMail user, the connection is encrypted from end to end.

Note, too, that ProtonMail is based in Switzerland, which has stricter privacy policies than the US. And it's an open-source project, meaning that experts have an opportunity to look over and vet its security algorithms. So yeah, Gmail and its ilk have some security features, but ProtonMail goes way beyond.

Hands On With ProtonMail

When you open your new account, you'll find that you already have a few messages of welcome and explanation from ProtonMail. Feel free to explore these, or just start using the service. If you've used Gmail, Yahoo, or any other webmail system, you already know how to use ProtonMail.

Emailing with this product is dead simple, because it works like every other webmail service you've experienced. Compose messages, view replies, forward mail, everything works just as you'd expect. Just poking around, I discovered the handy option to enable a shorter version of your secure email, replacing @protonmail.com with @pm.me.

There are some minor differences, mostly aimed at security. For example, ProtonMail doesn't render pictures in messages by default. If you click a link, it displays a warning and requires confirmation before actually opening that link.

The little lock icon next to each From address indicates the security level. If the sender is also a ProtonMail user, pointing to the lock displays a floating tip saying, "End-to-end encrypted message." For other senders the tip says, "Stored with zero access encryption."

If you're sick of all the email you get, you could just start fresh with an empty contacts list, but most people probably don't want to lose connection with their existing contacts. ProtonMail can import from CSV files exported by Outlook, Hotmail, Yahoo, and others. Google isn't on the list, but it can export to Outlook's CSV format. Getting my Gmail contacts into ProtonMail was a snap.

You can use define a signature, with formatting, that ProtonMail will apply to all your messages. It also adds a note, "Sent with ProtonMail Secure Email." Only paid users can modify that note.

Message Expiration and Encryption

On a Windows or macOS desktop, ProtonMail's web interface is nice and simple. If you're using a mobile device, you just download the equally simple app for Android or iOS. When I loaded ProtonMail on an iPad and a Moto G, I discovered a couple of features that had flown beneath my radar in the webmail edition. On mobile, these features show up right below the subject line; in the web-based edition, they're down at bottom left, below the body text.

Clicking the hourglass icon lets you set an expiration time for the message, measured in days, and hours. Clicking the lock icon lets you define a password to encrypt the message for a non-user of ProtonMail. By default, encrypted messages expire after 28 days, though you can set a different expiration time.

When your correspondent receives the message, it comes with an explanation, and a link to view message content online. The recipient simply enters the password (which you've transmitted securely, perhaps by text) to see your important missive. A banner above the message body counts down to the message's expiration. StartMail, another encrypted email service, offers a similar method for secure communication with those who don't use the service, but it doesn't support automated message expiry.

The mobile apps do have a few features just not found in the web-based app. You can enable authentication by fingerprint, and define actions for left and right swipe; by default swiping to the right trashes a message, while swiping left marks it as spam. You can also set a mobile signature, distinct from the regular signature.

Security Features

One useful security feature offered with Gmail is two-factor authentication. Naturally, ProtonMail also includes this feature. You need to equip your smartphone with Google Authenticator, or with a work-alike that creates Time-based One Time Passwords (TOTPs) in the same way. Then open Settings, click Security, and click to enable two-factor authentication. As usual, you snap the QR code to add ProtonMail to your authenticator. Now even if a sneak thief gets hold of your password, your encrypted messages are safe.

While you're looking at the security settings, check out the list of all current ProtonMail sessions. If you suspect someone might misusing your account, or just want to secure a session you left open back at home, you can shut down all other sessions with the click of a button.

You only get automatic end-to-end encryption when corresponding with other ProtonMail users. However, if you have tech-savvy friends who've implemented PGP (Pretty Good Privacy) email encryption, you can set up fully encrypted communication with them. When you compose a message, there's a simple menu option to attach your public key. After that it's up to the recipient to enter that key into their PGP-aware email system. This definitely isn't for everyone, but it's available. As noted earlier, you can also use a password to encrypt messages sent outside the ProtonMail network.

Another simple menu choice lets you digitally sign an outgoing message. I'm accustomed to seeing a red badge in Outlook for digitally signed messages. When I sent a signed message from ProtonMail, it came with an attachment named signature.asc, and no badge. My contact at Proton explained that ProtonMail uses the OpenPGP signature, and that Outlook requires a plugin to provide the badge icon for such messages.

Premium Features

Possibly the biggest limitations on users of the free edition are the caps on storage space and messages per day. Without spending anything, you get 500MB of storage and 150 messages per day. For some, that may be plenty, especially if you're the type to deal with email right away and then delete it. Ponying up for a premium account gives you 5GB of storage and 1,000 messages per day. For comparison, a free Google account gets you 15GB of storage, shared between Gmail, Google Drive, and Google Photos; you can raise that to 100GB for $19.99 per year. With StartMail, you get 10GB of storage and no limit on number of messages.

ProtonMail lets you put messages in folders, tag them with labels, or both. The difference is clear; a message can only reside in one folder, but it can have multiple labels. However, those using the free edition can only define three folders and three labels, while paid users get 200 of each. I can't imagine needing more than 200.

What Outlook calls Rules, ProtonMail calls Filters. You can add one or more conditions based on the subject, sender, recipient, or attachments, combining them using And or Or. And you can apply actions such as moving messages that match the filter to a certain folder, tagging them with labels, or marking them as starred. I defined a rule stating that any message with "webinar" in the subject goes straight to the trash. Very freeing! But only premium users can have more than one filter.

You'll encounter warnings when you try to use other premium features. Only paying customers can define an Auto-Reply message for when you're out of town. Like StartMail, ProtonMail can be configured to support IMAP/SMTP, so you can use your preferred email client. That's another premium feature. Premium users can also have up to five ProtonMail addresses, where free users just get one. A StartMail subscription gets you one primary account and two feature-limited companion accounts.

If you own your own domain, you can configure ProtonMail to use your personal email address, but only if you upgrade to premium. As with the custom domain feature in Burner Mail, I don't think many consumers will use this feature.

Even if your webmail provider refrains from peeking at the contents of your messages, your contacts are fair game. Knowing who you exchange email with can reveal a lot about you. Access to the email address itself is a necessity, but premium users of ProtonMail can encrypt ancillary information such as phone number and home address using zero-access encryption.

Other Avenues

StartMail works in much the same way as ProtonMail. You can send encrypted messages to anyone, but you must define a secret question and answer for each message. The recipient clicks a link to answer the question and read the message. To get seamless encrypted communication, you must initialize PGP within the program. Once you've done that, your correspondence with other StartMail users is encrypted. As with ProtonMail, you can send your public key to tech-savvy friends who know how to use PGP.

StartMail also includes the option to create unlimited random disposable email addresses (DEAs), or up to 10 custom email aliases. You use these to interact with online merchants and such while protecting your real email address. With Burner Mail, disposable email addresses are the star of the show. You can let it gin up random disposable addresses or create custom ones, with no limits. In addition, it lets you forward mail from one burner address to multiple recipients. With either product, if you start getting spam on one of your disposable addresses, you simply…dispose of it!

ManyMe also protects your actual email address behind disposable addresses, which it calls FlyBy addresses. The big difference here is that you don't need to register the disposable address in advance. You can meet an ad rep at a conference and make up a FlyBy address for correspondence on the spot. ManyMe is free, with plans for a feature-enhanced premium version to pay the bills.

Keeping your true email account private is a great way to avoid drowning in spam, but there's more work to be done. In addition to masked email addresses, Abine Blur Premium lets you shop online using masked credit cards that can't be tapped for money beyond the individual purchase, and even mask your phone number. It's also a complete (if basic) password manager, and it actively prevents advertisers and others from tracking you online.

When you adopt ProtonMail, StartMail, or a similar encrypting email service, you're starting over with a brand-new address. Adding a disposable email address service lets you keep that shiny address from ever hitting the spam lists. If your email address has already been smeared promiscuously all over the internet, you can still get some benefit from using DEAs, but not as much. That's where Abine DeleteMe(129.00 20% Discount on any DeleteMe subscription with code PCMAG at DeleteMe) comes in. This service looks for your email and other private information on many dozens of legitimate data-aggregating sites and sends opt-out requests for you, following up as needed. Because the service requires human monitoring, it's relatively expensive.

Easy Encrypted Email

ProtonMail stores your message stash using zero access encryption, and messages with other users of the service receive end-to-end encryption automatically. You communicate securely outside the ProtonMail network by password-protecting messages, or by giving PGP-using correspondents your public key. You can set messages to expire after a time, and configure your account for two-factor authentication. It's free if you can live within certain limits, and still inexpensive if you need premium features. This is a secure, solid encrypted email solution.

Even so, ProtonMail doesn't provide the comprehensive privacy protection that you get from Abine Blur Premium. Blur handles password management and actively blocks web trackers. In addition to disposable email addresses, it gives you disposable credit card and phone number. In the varied field of privacy products, Blur remains our Editors' Choice.

Best Security Picks

• The Best Antivirus Protection for 2020
• The Best Parental Control Apps for Your Phone
• The Best Parental Control Software for 2020
• The Best Ransomware Protection for 2020
• More Security Reviews

Further Reading

• Got a Zoom-Bombing Problem? Zoom Will Soon Let You Report Attacks in Real Time
• Gamers Report Unauthorized Access to Their Nintendo Accounts
• Nonprofit Behind Tor Browser Cuts Staff, Citing COVID-19 Impact
• Google: We're Blocking 18 Million COVID-19 Phishing Emails a Day
• Login Credentials for Over 500,000 Zoom Accounts on Sale Via the Dark Web