Table of contents
Start for free
Is Proton Mail safe? The provider's security practices and features explainedIs Proton Mail safe? Explore the provider’s security features and discover another privacy-first solution that might be more up to your standards.
With over 70 million users, Proton Mail is one of the world’s largest privacy-oriented email services. Besides secure email, it offers cloud storage, a calendar, and a free VPN. Such comprehensive coverage is the main driver of the provider’s wide adoption.While Proton Mail might seem a smart choice for those who care about the security of their online correspondence, you should get closely acquainted with its safety practices before signing up. Despite the service’s numerous security measures, it might not be for everyone due to several notable drawbacks.To help you decide if Proton Mail suits your needs, this guide will answer the most important questions:
- What makes an email provider secure?
- Is Proton Mail safe enough for privacy-conscious users?
- Which email service should you consider besides Proton Mail?
Opt for ultimate privacy with Skiff MailSkiff Mail's advanced end-to-end encryption and encrypted search index offer superior privacy protection
What makes an email service secure?A secure email provider should offer comprehensive security measures to keep your communication private. Common solutions include password protection or phishing and spam tools to catch malicious messages aimed at stealing your information.While such measures are useful, you shouldn’t rely solely on them—your data is still vulnerable while traveling through the network and sitting on the server.The best way to achieve complete safety of your online communication is through encryption. It transforms plain text into strings of unintelligible characters, making the message unreadable to unauthorized third parties. The encrypted text is deciphered with the decryption key owned by the recipient or a participating server.While most email service providers offer some sort of encryption, not all are equally effective.
Which type of encryption provides the best email security?There are three encryption types used by email providers:
With encryption in transit and encryption at rest, the email service provider creates and holds the key on its server. This makes your data vulnerable because any breach on the network or server level can lead to the keys being stolen and used to access your messages.Even if this doesn’t happen, your email provider still has unrestricted access to your emails’ contents, which is quite invasive. To enjoy more confidentiality and control over your data, services like Proton Mail use end-to-end encryption (E2EE).
|Encryption type||How it works|
|Encryption in transit||Encrypts the data while it’s traveling through servers|
|Encryption at rest||Ensures the data is secured while it’s stored on the device|
|End-to-end encryption||Encrypts the data at the point of origin and decrypts it when it reaches the intended recipient|
How E2EE provides ultimate protection of your emailsEnd-to-end encryption combines encryption in transit and encryption at rest to ensure your online communication is secure at all points. Messages are encrypted and deciphered at the device level, ensuring that only the recipient with the decryption key can access them.With E2EE, the user creates and stores the decryption key on their device, making it impossible for any unauthorized third party—including the email service provider—to access their emails. The message leaves the device in the encrypted form and is only decrypted after reaching the intended recipient holding the decryption key.End-to-end encryption maximizes email security, as no one can read or change the content of the messages. Even if someone intercepts the encrypted message while in transit, it won’t be legible.Proton Mail’s E2EE implementation gives it an advantage over many competitors. While the service combines it with various advanced security features, it leaves a few vulnerabilities that might still put your data at risk.
How secure is Proton Mail? A detailed look into Proton Mail privacy features
Source: Proton MailProton Mail uses strong end-to-end encryption, safeguarding all correspondence among Proton users. If the recipient uses another provider, you can use the Password-Protected Email feature instead. It lets you send a protected link that loads the encrypted message, which the recipient can open with a passphrase you set.Signing up for the platform doesn’t require any personal information, and IP addresses aren’t tracked by default, so there’s no information that a third party could tie to your account—at least in theory. Proton’s IP tracking policies are somewhat of a gray area, as you’ll see a bit later in this guide.For more security, Proton Mail offers two-factor authentication (2FA). To enable it, you'll have to install an authenticator app on your phone. Once you set it up, a unique six-digit code from the authenticator app will be required to log into your account. Even if someone guessed your password, they wouldn’t be able to access your email without the code.Proton Mail also allows users to send self-destructing messages by putting an optional expiration time on them. Upon expiry, the message will automatically be deleted from the recipient’s inbox.Overall, Proton Mail is far more secure than a typical Big Tech platform like Gmail or even native providers touted for privacy features like Apple Mail. This still doesn’t make it a universally-accepted choice among users who prioritize security.
Flaws in Proton Mail’s protectionProton Mail has several vulnerabilities that undermine its security features. It uses the Pretty Good Privacy (PGP) encryption standard, in which address-related metadata is part of the message header and must remain unencrypted to allow a message to reach its destination.This means your email’s subject lines aren’t encrypted, which puts Proton at a disadvantage compared to other solutions that keep the subject concealed, such as Tutanota.PGP is also an outdated standard that several providers have moved away from due to vulnerabilities. While it’s more secure than basic protocols like TLS (Transport Layer Security) used by Big Tech platforms, it may not be enough to fend off sophisticated attacks.An even bigger concern is the level of anonymity you get with Proton Mail. The provider makes it clear that if they receive a court order, they will have to turn over whatever information they have on a user to the authorities.Such an incident happened in October 2021, when Proton Mail collaborated with the authorities by revealing the IP information of a French climate activist under criminal investigation. While they didn’t reveal any encrypted mailbox contents, this scandal made many users afraid of their email activity being traced back to them.
Upgrade to a more secure alternativeSkiff Mail's comprehensive security practices ensure your data remains safe and confidential
Security measures and features in Proton Mail’s plansProton Mail offers a free plan and two premium tiers:
- Mail Plus—$4.99/month ($3.99 with an annual commitment/$3.49 with a two-year commitment)
- Proton Unlimited—$11.99/month ($9.99 with an annual commitment/$7.99 with a two-year commitment)
Skiff Mail—superior security standards and advanced features at no costSkiff Mail is a privacy-first email service using end-to-end encryption to ensure your emails can’t be seen by anyone besides the intended recipient. The platform implements two separate keys:
- Public key—Used for encryption and shared among users to enable safe email transfer
- Private key—Used for decryption and securely stored on the user’s device
- 10 GB of storage—This is well above the industry standard and more than enough for an average user
- Four email aliases—Allows multiple Skiff email addresses to go to the same inbox for added convenience
- Fast email and text search—Go through your files and conversations swiftly to find what you need
- Crypto integrations—You can connect Skiff to various crypto wallets, including Coinbase, Brave, and MetaMask
- 50 MB attachment limit
- 200 messages per day
- Five folders and labels
- Essential—From $3 per month
- Pro—From $8 per month
- Business—From $12 per month
Sign up for Skiff Mail and safeguard your online communicationIt takes three quick steps to start using Skiff Mail:
- Go to the signup page
- Create your free account
- Explore Skiff Mail
|Skiff Pages||Create and edit unlimited documents and collaborate with your team in a secure environment|
|Skiff Drive||Store all types of files and sync them across your devices without privacy concerns|
|Skiff Calendar||Schedule and mark your events in a private calendar|