Is Proton Mail safe? The provider's security practices and features explained

Is Proton Mail safe? Explore the provider’s security features and discover another privacy-first solution that might be more up to your standards.
With over 70 million users, Proton Mail is one of the world’s largest privacy-oriented email services. Besides secure email, it offers cloud storage, a calendar, and a free VPN. Such comprehensive coverage is the main driver of the provider’s wide adoption.While Proton Mail might seem a smart choice for those who care about the security of their online correspondence, you should get closely acquainted with its safety practices before signing up. Despite the service’s numerous security measures, it might not be for everyone due to several notable drawbacks.To help you decide if Proton Mail suits your needs, this guide will answer the most important questions:
  1. What makes an email provider secure?
  2. Is Proton Mail safe enough for privacy-conscious users?
  3. Which email service should you consider besides Proton Mail?
Opt for ultimate privacy with Skiff MailSkiff Mail's advanced end-to-end encryption and encrypted search index offer superior privacy protection
Sign up

What makes an email service secure?

A secure email provider should offer comprehensive security measures to keep your communication private. Common solutions include password protection or phishing and spam tools to catch malicious messages aimed at stealing your information.While such measures are useful, you shouldn’t rely solely on them—your data is still vulnerable while traveling through the network and sitting on the server.The best way to achieve complete safety of your online communication is through encryption. It transforms plain text into strings of unintelligible characters, making the message unreadable to unauthorized third parties. The encrypted text is deciphered with the decryption key owned by the recipient or a participating server.While most email service providers offer some sort of encryption, not all are equally effective.

Which type of encryption provides the best email security?

There are three encryption types used by email providers:
Encryption typeHow it works
Encryption in transitEncrypts the data while it’s traveling through servers
Encryption at restEnsures the data is secured while it’s stored on the device
End-to-end encryptionEncrypts the data at the point of origin and decrypts it when it reaches the intended recipient
With encryption in transit and encryption at rest, the email service provider creates and holds the key on its server. This makes your data vulnerable because any breach on the network or server level can lead to the keys being stolen and used to access your messages.Even if this doesn’t happen, your email provider still has unrestricted access to your emails’ contents, which is quite invasive. To enjoy more confidentiality and control over your data, services like Proton Mail use end-to-end encryption (E2EE).

How E2EE provides ultimate protection of your emails

End-to-end encryption combines encryption in transit and encryption at rest to ensure your online communication is secure at all points. Messages are encrypted and deciphered at the device level, ensuring that only the recipient with the decryption key can access them.With E2EE, the user creates and stores the decryption key on their device, making it impossible for any unauthorized third party—including the email service provider—to access their emails. The message leaves the device in the encrypted form and is only decrypted after reaching the intended recipient holding the decryption key.End-to-end encryption maximizes email security, as no one can read or change the content of the messages. Even if someone intercepts the encrypted message while in transit, it won’t be legible.Proton Mail’s E2EE implementation gives it an advantage over many competitors. While the service combines it with various advanced security features, it leaves a few vulnerabilities that might still put your data at risk.

How secure is Proton Mail? A detailed look into Proton Mail privacy features

Source: Proton MailProton Mail uses strong end-to-end encryption, safeguarding all correspondence among Proton users. If the recipient uses another provider, you can use the Password-Protected Email feature instead. It lets you send a protected link that loads the encrypted message, which the recipient can open with a passphrase you set.Signing up for the platform doesn’t require any personal information, and IP addresses aren’t tracked by default, so there’s no information that a third party could tie to your account—at least in theory. Proton’s IP tracking policies are somewhat of a gray area, as you’ll see a bit later in this guide.For more security, Proton Mail offers two-factor authentication (2FA). To enable it, you'll have to install an authenticator app on your phone. Once you set it up, a unique six-digit code from the authenticator app will be required to log into your account. Even if someone guessed your password, they wouldn’t be able to access your email without the code.Proton Mail also allows users to send self-destructing messages by putting an optional expiration time on them. Upon expiry, the message will automatically be deleted from the recipient’s inbox.Overall, Proton Mail is far more secure than a typical Big Tech platform like Gmail or even native providers touted for privacy features like Apple Mail. This still doesn’t make it a universally-accepted choice among users who prioritize security.

Flaws in Proton Mail’s protection

Proton Mail has several vulnerabilities that undermine its security features. It uses the Pretty Good Privacy (PGP) encryption standard, in which address-related metadata is part of the message header and must remain unencrypted to allow a message to reach its destination.This means your email’s subject lines aren’t encrypted, which puts Proton at a disadvantage compared to other solutions that keep the subject concealed, such as Tutanota.PGP is also an outdated standard that several providers have moved away from due to vulnerabilities. While it’s more secure than basic protocols like TLS (Transport Layer Security) used by Big Tech platforms, it may not be enough to fend off sophisticated attacks.An even bigger concern is the level of anonymity you get with Proton Mail. The provider makes it clear that if they receive a court order, they will have to turn over whatever information they have on a user to the authorities.Such an incident happened in October 2021, when Proton Mail collaborated with the authorities by revealing the IP information of a French climate activist under criminal investigation. While they didn’t reveal any encrypted mailbox contents, this scandal made many users afraid of their email activity being traced back to them.
Upgrade to a more secure alternativeSkiff Mail's comprehensive security practices ensure your data remains safe and confidential
Sign up

Security measures and features in Proton Mail’s plans

Proton Mail offers a free plan and two premium tiers:
  • Mail Plus—$4.99/month ($3.99 with an annual commitment/$3.49 with a two-year commitment)
  • Proton Unlimited—$11.99/month ($9.99 with an annual commitment/$7.99 with a two-year commitment)
All plans include end-to-end encryption, password-protected emails, and encrypted contact details.Security isn’t all you should focus on when looking for an email service provider, as other features can make or break the overall user experience. This is where Proton Mail’s free plan disappoints.It includes 1 GB of storage, with only 500 MB available out of the box—you must unlock the rest by completing various actions. This is quite low and may not be enough even for an average user. The free plan also limits the number of sent emails to 150 a day and caps the attachment size at 25 MB.Paid tiers provide more storage, custom domains, and unlimited folders, labels, and messages. While this expands the service’s usability, the storage problem remains—you can only get up to 500 GB, even with the highest tier.If you want to fortify your email security without compromising on other features, check out Skiff.

Skiff Mail—superior security standards and advanced features at no cost

Skiff Mail is a privacy-first email service using end-to-end encryption to ensure your emails can’t be seen by anyone besides the intended recipient. The platform implements two separate keys:
  1. Public key—Used for encryption and shared among users to enable safe email transfer
  2. Private key—Used for decryption and securely stored on the user’s device
This method ensures that no unauthorized parties can access your messages—not even Skiff’s team. For added security, the platform supports two-factor authentication and zero-knowledge login to let you stay anonymous.Skiff is open source and transparent about its source code, which you can examine on the platform’s GitHub. You can also read the whitepaper for a detailed insight into the service’s security measures.All of these features are packed in an intuitive, easy-to-navigate user interface that lets anyone enjoy next-level privacy regardless of their tech skills.Skiff offers a generous free plan with no time limit, which includes various features besides end-to-end encryption:
  • 10 GB of storage—This is well above the industry standard and more than enough for an average user
  • Four email aliases—Allows multiple Skiff email addresses to go to the same inbox for added convenience
  • Fast email and text search—Go through your files and conversations swiftly to find what you need
  • Crypto integrations—You can connect Skiff to various crypto wallets, including Coinbase, Brave, and MetaMask
  • 50 MB attachment limit
  • 200 messages per day
  • Five folders and labels
To unlock up to 1 TB of storage space and get custom domains, as well as unlimited messages, folders, and labels, upgrade to Skiff’s paid plans:
  • Essential—From $3 per month
  • Pro—From $8 per month
  • Business—From $12 per month

Sign up for Skiff Mail and safeguard your online communication

It takes three quick steps to start using Skiff Mail:
  1. Go to the signup page
  2. Create your free account
  3. Explore Skiff Mail
You can use the platform with any browser or download Skiff’s iOS, Android, and macOS apps.Besides a secure email service, Skiff offers three more end-to-end encrypted products:The following table explains how each product contributes to a secure and effective workflow:
Skiff PagesCreate and edit unlimited documents and collaborate with your team in a secure environment
Skiff DriveStore all types of files and sync them across your devices without privacy concerns
Skiff Calendar Schedule and mark your events in a private calendar

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required