Email is a big part of our daily lives. It is essential to know about all the secure email providers out there.
The average person spends over about 2 hours a day checking their work and personal email.
But while email is valuable and efficient, it’s not very secure. At least not if you’re using a standard email provider like Gmail or Outlook.
Email is one of the easiest ways for hackers to access your company’s data. To protect your email and all the information sent daily, you need a secure email provider.
This article introduces the top 14 secure email providers and helps you pick the right one for your business.
What Are Secure Email Providers?
A secure email provider has features designed to keep your email account and the content of your emails secure.
Usually, this is done through end-to-end encryption. End-to-end encryption means that the email is encrypted on its entire journey from sender to recipient.
However, there’s no standard definition of secure email — any email provider can call itself secure.
For that reason, when you choose a secure email provider, you have to pay attention to the type of encryption and other security practices used.
Why Do You Need a Secure Email Provider?
To understand why secure email is essential, let’s look at what happens when you send emails from a standard provider like Gmail.
It’s not that Gmail has no security features. Emails sent from Gmail (and many other major providers) use Transport Layer Security (TLS) encryption to encrypt messages in transit between your computer and the server.
Once they reach the server, Google encrypts the data at a network level. But Google itself has access.
It no longer reads your emails to serve you ads, as it did before 2017. But Google still scans the content of your emails to provide features like Smart Reply.
It’s also easy for Gmail or other providers to give third parties access to your emails.
So now your email is leaving Google’s server and traveling to its destination. If the recipient’s email provider also uses TLS, the email will continue to be protected in transit as most major email services do.
However, if the recipient doesn’t use TLS, the email will be unencrypted and easy to intercept.
And even if the email is protected in transit, it may not be safe once it reaches the recipient’s email server. Some email providers don’t encrypt emails on the server at all.
How Do Secure Email Providers Protect Your Email?
The most secure email providers use end-to-end encryption to protect your email.
That means even the email provider itself has no access to your emails. The only person who can read the encrypted emails is the recipient, who has authentication.
The providers may also use the Sender Policy Framework (SPF) to authenticate emails and further protect you.
With SPF, when someone tries to send an email on your behalf that isn’t from a validated IP address, the receiver will be notified that the email came from a non-authorized user, and they will have the choice to reject it.
Do You Have to Change Your Email Address to Switch to a Secure Email Provider?
In most cases, you’ll have to create a new email address when you change email providers.
As long as your old email account exists, you can have your emails forwarded to your new inbox. But keep in mind that those forwarded emails go through the old provider’s servers, so they aren’t end-to-end encrypted.
Some secure email providers have additional features to help you migrate from your old email provider.
How to Choose a Secure Email Provider
Each secure email provider has a different set of features. Here are a few things you should consider.
Server Location
Some countries, including the United States, collect and share intelligence data gathered from email servers.
This might not be important to you if you’re more worried about hackers than government agencies.
But for activists and others who want to keep their emails out of government hands, an email provider located in Switzerland, Germany, Belgium, Norway, or Sweden would be ideal. They all have stricter privacy laws.
Encryption
We’ve already discussed the difference between end-to-end encryption and transport encryption like TLS.
Within end-to-end encryption, there are different types.
For example, you can have symmetric or asymmetric encryption. Symmetric encryption uses a single key to encrypt and decrypt data. Both the sender and the recipient need to have this key.
Asymmetric encryption (also known as public-key cryptography or encryption) means two unique sets of keys are used to encrypt the data.
The sender uses the recipient’s public key to encrypt the message. This public key is mathematically linked to a private key that only the recipient knows. The email can be decrypted with a private key.
Asymmetric encryption isn’t as straightforward or as fast as symmetric encryption, but it adds another layer of security.
Two-Factor Authentication (2FA)
In addition to choosing a provider with solid encryption, it’s important to make sure your account credentials are protected.
Two-factor authentication means that stealing your password won’t be enough to get into your email account. You’ll also need another form of authentication.
One factor is something you know, like a password. The other is something you have, like your mobile phone. One of the most common forms of two-factor authentication is texting you a one-time code to use together with your username and password.
Metadata Header Stripping
An email usually contains metadata about its recipient and the sender’s computer, browser, and network.
Many secure email providers strip this information out.
Open Source
Open source software makes its source code available for users and developers. This means that anyone can examine the product’s code to ensure it’s secure.
Other Encrypted Features
Your standard email provider might also provide other tools, like Google Calendar and Google Drive with Gmail.
Some secure email providers offer similar features, but they’re encrypted — for example, a secure calendar or secure cloud storage.
Usability on Desktop and Mobile
You’re switching to secure email for the data encryption, but that doesn’t mean the user experience isn’t important.
If you like to check your email on a mobile device, choose an email provider that works well on mobile. You can’t always add a secure provider to your favorite mail client app.
14 Top Secure Email Providers
Let’s break down the top 14 secure email providers, including their key features and pricing.
1. ProtonMail
ProtonMail is the most well-known secure email provider.
It’s open source, based in Switzerland, and provides end-to-end asymmetric encryption. You can use ProtonMail for free if you’re sending fewer than 150 messages per day and don’t need a lot of storage.
One neat feature of ProtonMail is self-destructing emails. You set an expiration date for an email, and it’s deleted from the recipient’s inbox at that time.
With ProtonMail, your data is stored using zero-access encryption. That means ProtonMail itself doesn’t know your password and can’t decrypt your emails. (It also means they can’t reset your password).
ProtonMail also offers a mobile app for Android and iOS.
Key Features
- Servers based in Switzerland
- Open source
- End-to-end encryption
- Zero-access encryption
- Self-destructing emails
- Mobile app
- Custom domains with paid plans
Pricing
- Free: 1 user, 1 GB storage, 150 messages per day
- Plus: $5/month for 1 user, 5 GB storage, 1,000 messages per day
- Professional: $8/month/user for 1–5,000 users, 5 GB storage per user, unlimited messages
- Visionary: $30/month for 6 users, 20 GB, unlimited messages
2. Mailbox.org
Mailbox.org is a secure email service aimed at business users looking for an alternative to Google or Microsoft tools. In addition to email, it offers encrypted cloud storage, video conferencing, an address book, a calendar, and a task planner.
This email provider uses PGP encryption, a public-key encryption program that has become standard for email encryption.
There’s no free plan, but Mailbox.org is relatively affordable. You can register and make payments for the service anonymously.
Mailbox.org also prides itself on being powered by eco-friendly energy.
Key Features
- Server based in Germany
- PGP encryption
- Encrypted cloud storage
- Video conferencing
- Calendar
- Eco-friendly
- No free plan
Pricing
- Standard: €3/month for 10 GB mail storage and 5 GB cloud storage
- Premium: €9/month for 25 GB mail storage and 50 GB cloud storage
- Light: €1/month for 2 GB mail storage, no cloud storage
3. HubSpot
HubSpot is typically known for its all-in-one business solution that offers everything from email hosting and marketing services to customer support and content management. When it comes to email security, HubSpot’s tools provide a ton of different security measures to ensure you and your customer’s data are safe and secure.
With HubSpot’s marketing email tool, you can authenticate mail using SPF, DKIM, DMARC, and the newest BIMI authentication standards. Whenever HubSpot transmits or stores your personal data, HubSpot encrypts your data while exchanging it with your computer and uses top security measures to prevent unauthorized or unintended access to their network.
Not only are your emails secure, but HubSpot also protects your entire suite of tools, whether you’re using their emails, CMS, website builders, and more.
Key Features
- Two-factor authentication (2FA)
- Single sign-on (SSO) for Enterprises
- SPF, DKIM, DMARC, and BIMI authentication standards
- Email recall
- All-in-one CRM solution
- Data sync with Marketing, Sales, Service Hubs
Pricing
- Free tools available
- Starter: $45/month, includes 1,000 marketing contacts
- Professional: $800/month, includes 2,000 marketing contacts
- Enterprise: $3,200/month, includes 10,000 marketing contacts
4. Zoho Mail
Zoho Mail has a free version that anyone can use, but the service is precious for business users. The Workplace plan offers a word processor, spreadsheet software, webinar platform, chat feature, and other collaboration tools.
It encrypts your emails in transit and on the Zoho servers using a type of asymmetric cryptography called S/MIME. A digital signature unique to each user ensures that the email isn’t spoofed.
Zoho Mail gets excellent reviews for its ease of use. Its control panel lets you manage the settings for all of your organization’s mailboxes from one place.
Key Features
- Servers located around the world
- End-to-end encryption
- Calendar
- Contact portal
- Collaboration tools
- Email recall
- Mobile apps
Pricing
- Mail lite: $1 or $1.25/month for 5 GB or 10 GB per month
- Mail premium: $4/month for 50 GB per user
- Workplace: Custom pricing starting from $3/month
5. Tuta
Tuta is another open source secure email provider with end-to-end encryption and two-factor authentication.
Tuta is very serious about privacy. Instead of PGP, it uses AES and RSA encryption. These systems use the same algorithms as PGP, but they add an extra layer of security by combining symmetric and asymmetric keys.
Other security features are image blocking, header stripping, and warnings about phishing attacks.
The free plan is only for private use and gives you 1 GB of storage and a single calendar.
Key Features
- Server located in Germany
- End-to-end encryption
- Two-factor authentication
- Metadata stripping
- Encrypted contacts and calendars
- Add an encrypted contact form to the website
- Unlimited messages, even in the free version
- Custom domains on paid plans with the ability to add an unlimited number of email addresses using their domain at no additional cost
Pricing
- Free: 1 GB of storage
- Revolutionary: €3/month for 20 GB of storage
- Legend: €8/month for 500 GB of storage
- Numerous add-ons available
6. Posteo
Posteo is popular with activists and journalists who need to remain anonymous, as it allows you to register and pay anonymously.
Posteo encrypts your data in transit and at rest. Although Posteo doesn’t use end-to-end encryption by default, you can choose to enable it. Support for POP and IMAP allows you to use Posteo in an email client like Outlook.
If you’re switching from another email provider, Posteo’s migration service makes it painless by migrating your archived emails, folder structure, contact list, and calendar.
According to Posteo, its servers and offices run entirely on green energy from Greenpeace Energy.
Key Features
- Server located in Germany
- End-to-end encryption available
- Open source
- Encrypts subject, headers, body, metadata, and attachments
- Supports POP, SMTP, and IMAP protocols
- Allows anonymous cash payments
- No free plan
Pricing
- €1/month for 2 GB storage
- Additional storage: €0.25/GB/month
- Other add-ons available
7. Thexyz
Thexyz is a lesser-known secure email provider. It doesn’t have built-in end-to-end encryption, but you can use OpenPGP end-to-end encryption with a browser add-on called Mailvelope. Your email is also protected with spam filters and firewalls.
Thexyz is Canadian, with a lot of its servers located in the U.S. — not the best if you’re looking for privacy from government agencies.
The migration service will help you move your email, calendar, and contacts from Office 365, Gmail, and other email providers.
Key Features
- Servers primarily based in the U.S., with a few in Europe
- IMAP, POP, and OpenPGP support
- Two-factor authentication
- Calendars
- Spam filter
- SSL encryption
- Deleted email restoration
- Mobile apps
- No free plan
Pricing
- Premium Webmail: $2.95/month for 25 GB of storage
- Add-ons available
8. PrivateMail
PrivateMail offers end-to-end OpenPGP encryption and other security features like self-destructing emails.
PrivateMail sets itself apart from other secure email services in its cloud storage. Your data is secure in the cloud, thanks to AES 256 encryption. When you download your files, you can decrypt them locally or leave them encrypted.
PrivateMail also provides secure file sharing with end-to-end encryption.
The downside to PrivateMail is that it’s based in the U.S. It’s also more expensive than most of the other options.
Key Features
- Servers based in the U.S.
- End-to-end encryption
- Secure cloud storage
- Self-destructing emails
- AES 256 file encryption
- Encrypted file sharing
- No free plan
Pricing
- Standard Plan: $8.95/month for 10 GB email storage and 10 GB cloud storage
- PrivateMail Pro: $15.95/month for 20 GB email storage and 20 GB cloud storage
9. Startmail
StartMail is a secure email service managed by the same people who operate the private search engine Startpage.
Startmail uses PGP encryption and can work with other PGP clients. You can send encrypted messages to non-PGP users if they know the answer to a secret question.
While Startmail doesn’t have a free plan, it does offer a 30-day free trial.
Key Features
- Servers based in the Netherlands
- Easy PGP encryption
- IMAP and SMTP support
- Obscures IP address and hostname
- Can use your domain
- No free plan
Pricing
- Personal account: $35.99/year
- Business account: $59.95/year
10. Hushmail
Hushmail is one of the oldest secure email providers and is known for being simple to use. It uses OpenPGP encryption.
Hushmail is popular in healthcare due to its focus on HIPAA compliance. The Hushmail for Healthcare plan lets you encrypt emails containing personal health information. To help in an audit, it creates a separate archive account that keeps track of all emails sent or received by all users in your domain.
There are also plans for personal use, small businesses, and lawyers.
Key Features
- Servers based in Canada
- PGP encryption
- IMAP and POP support
- Two-factor authentication
- Spam filter
- Secure web forms
- Electronic signatures
- Private message center
- Mobile app
- Support for HIPAA compliance
Pricing
- Hushmail for Healthcare: From $9.99/month
- Hushmail for Small Business: From $5.99/month
- Hushmail for Law: From $9.99/month
- Hushmail for Personal Use: From $49.98/year
11. CounterMail
CounterMail is serious about security.
Like many of the providers on this list, CounterMail uses PGP encryption. It also enhances that encryption with AES and RSA algorithms. You can further protect your data by configuring a USB key for two-factor authentication.
CounterMail’s Sweden-based servers are unique in that they don’t have hard drives and instead start from a CD-ROM for extra security.
Safebox is CounterMail’s password manager. All of the usernames and passwords in the Safebox are protected with one master password, which can’t be retrieved if you forget it.
You can get a ten-day free trial if you already know someone who uses CounterMail.
Key Features
- Diskless servers based in Sweden
- End-to-end encryption
- Two-factor authentication
- Anonymous email headers
- Doesn’t keep IP logs
- USB key option
- IMAP support
- Password manager
- No free plan
Pricing
- $29/6 months, $49/year, or $79/2 years
- Added storage available starting at $19 for 250 MB
12. Mailfence
Mailfence is a secure email provider that offers end-to-end encryption and two-factor authentication. Its free plan includes 1 GB of storage.
Mailfence uses OpenPGP encryption and offers digital signatures. It also has a password manager.
Mailfence is an ideal secure email suite for teams and families. Its suite of tools, like calendars and drive, and its workspaces allow for data sharing and real-time collaboration. Mailfence supports all standard protocols, such as IMAP, SMTP, and POP, making it ideal for professional users who have been using Gmail or Outlook and want something more secure with a similar level of usability.
Key Features
- Servers based in Belgium
- End-to-end encryption
- Two-factor authentication
- POPS, IMAPS, and SMTPS support
- Password manager
- Calendars
- Messaging
- Document storage
- GDPR Compliant
- Custom domains with paid plans
- Mobile App
- Service-specific passwords
- Possibility to disable services like IMAP, POP, ActiveSync
- Group collaboration
Pricing
- Free: 1 GB (500 MB of emails and 500 MB of documents)
- Base: €2.50/month for 11 GB (5 GB of emails and 6 GB of documents)
- Entry: €3.50/month for 40 GB (10 GB of emails and 30 GB of documents)
- Pro: €9.50/month for 78 GB (30 GB of emails and 48 GB of documents)
- Ultra: €29/month for 225 GB (60 GB of emails and 165 GB of documents)
13. Runbox
Runbox is a Norway-based email provider. It protects your email using PGP encryption and two-factor authentication.
You can allow IP addresses to access your Runbox account and see a list of the latest successful and failed login attempts.
Runbox is committed to being ethical and environmentally friendly, powering its servers with renewable energy from hydroelectric power plants.
Key Features
- Servers based in Norway
- Two-factor authentication
- IP allowlisting
- Virus and spam filters
- POP, IMAP, SMTP, and WAP support
- No free plan
Pricing
- Micro: $19.95/year for 2 GB of email storage and 200 MB of file storage
- Mini: $34.95/year for 10 GB of email storage and 1 GB of file storage
- Medium: $49.95/year for 25 GB of email storage and 2 GB of file storage
- Max: $79.95/year for 50 GB of email storage and 5 GB of file storage
14. Kolab Now
Kolab Now provides secure email and a collection of tools like calendars, notes, and video conferencing.
Based in Switzerland, Kolab Now offers the option of end-to-end encryption and is GDPR, HIPAA, and PCI compliant.
Key Features
- Servers based in Switzerland
- End-to-end encryption
- Open source
- Calendars
- Notes
- Contacts
- Video conferencing
Pricing
- Just email: CHF 5.00/month
- Full Kolab: CHF 9.90/month
The Best Secure Email Provider for Your Business
The best secure email provider for your business depends on your needs. Here are a few recommendations to consider:
- For the best all-around secure email provider, try ProtonMail or Tuta
- For a top free secure email provider, try ProtonMail’s free plan
- For the most secure email provider, try Countermail
- For a secure email provider with collaboration features for enterprises, try Zoho Mail
Summary
Email is essential for business communication, but it has flaws. If you send any kind of private information over email, consider ditching your current provider for a more secure option.
Want to learn more about email strategy for your business? Check out these email marketing software recommendations and email marketing tips.
Thank you for this article… I had NO IDEA about any of this stuff. It has really opened my eyes. Definitely going to be switching my email provider. Also, just found your site and will be checking out some of the other information you have here. Thanks again!
It was mentioned “Some secure email providers have additional features to help you migrate from your old email provider.”
Could you tell me which secure email service provider offers this service.
Thanks for your article. I don’t know which to choose. I have AOL, which I’ve had for over a decade. I also have a school Gmail account. I need something new. I want a spam/phishing/virus filters, password manager, mobile app, deleted email restoration, contacts, email recall, video conferencing, as well as all the security features. It would just be for personal use. I’m not concerned with price, within reason. What is your advice?
privacy is too important. never know who is spying on you without you knowing.
I have used proton mail for several years and was happy with it until last week. I seems somehow a hack got past the security into my email account and proton mail froze access to my account until they could assure it was secure. So for almost a week I have had not access to my account. When I send inquires to proton mail I get an automatic reply that they are getting thousands of inquires and mine with be taken in order. So I am screwed. Beware. of proton mail.
Proton Email now offers 1 GB of storage for free accounts. I don’t know when this policy changed from the previous 500 MB of storage.
You’re right! Thank you for pointing that out. We’ve now updated the blog post to reflect the change.