ProtonMail is an encrypted email service that says it was founded in 2013 in Geneva, Switzerland by a group of scientists who met at the European Organization for Nuclear Research (CERN) and had a shared vision of a more secure and private internet.
It utilizes a combination of end-to-end encryption and zero-access encryption to maximize the privacy of emails sent between its users and emails sent from ProtonMail accounts to non-ProtonMail accounts.
Since it was founded, ProtonMail has become one of the most popular encrypted email providers and currently has over 20 million users.
Not only does ProtonMail utilize encryption technology to help keep your emails private but all of its code is open source and it has numerous features that make organizing and staying up to date with your emails a breeze.
End-to-end encryption and zero-access encryption
ProtonMail uses a combination of end-to-end encryption and zero-access encryption to keep your email content and some of your saved contact data private.
End-to-end encryption is generally used by ProtonMail to protect data within ProtonMail’s ecosystem (such as emails between ProtonMail users and saved contact data) while zero-access encryption is generally used to increase the privacy of emails that are sent to ProtonMail users from non-ProtonMail accounts.
ProtonMail utilizes open source cryptographic libraries and open standards such as Advanced Encryption Standard (AES), Rivest–Shamir–Adleman (RSA), and OpenPGP.
“By using open source libraries, we can guarantee that the encryption algorithms we are using do not have clandestinely built in back doors,” ProtonMail states. “ProtonMail’s open source software has been thoroughly vetted by security experts from around the world to ensure the highest levels of protection.”
Not only is ProtonMail’s utilization of end-to-end encryption open and subject to expert review but it also provides an extra layer of protection for your email messages when compared with email services that don’t offer end-to-end encryption or zero-access encryption.
Gmail, Yahoo Mail, Outlook.com, and many other popular email providers don’t provide end-to-end encryption or zero-access encryption by default and instead encrypt your emails at rest and in transit with encryption keys that they control. This means that they have the ability to decrypt and view the contents of your emails.
With end-to-end encryption, the email provider doesn’t hold the decryption key. Instead, only the email recipient has the private decryption key that can be used to read the contents of their emails.
According to ProtonMail, this means that when you use end-to-end encryption to send an email, “no one monitoring the network can see the content of your message — not hackers, not the government, and not even the company (e.g., ProtonMail) that facilitates your communication.”
End-to-end encryption provides this additional layer of protection and privacy via public and private keys. Participants in an email exchange hold a public key (which can be shared with anyone and is used to encrypt messages) and a private key (which only they have access to and is used to decrypt messages).
When someone wants to send an end-to-end encrypted email, they use the recipient’s public key to encrypt the email and the recipient can use their private key to decrypt the email. Since the recipient holds the private key, no other parties can decrypt and read the contents of the email.
With zero-access encryption, ProtonMail uses the account owner’s public key to immediately encrypt incoming emails that aren’t end-to-end encrypted (such as standard emails from Gmail, Yahoo Mail, or Outlook.com). After ProtonMail has encrypted these incoming emails, they can only be decrypted by the account owner with their private key.
ProtonMail notes that “end-to-end encryption is the stronger of these two types of encryption because ProtonMail never sees the unencrypted message” whereas with zero-access encryption, “those messages are accessible to ProtonMail servers for a split second before the message is encrypted.”
The main advantage of using end-to-end encrypted email is that it prevents third parties such as email service providers and their employees from being able to scan and read the contents of your emails. Zero-access encryption also greatly reduces the chances of third parties being able to see the contents of your emails but they are briefly accessible before the zero-access encryption is applied.
Both types of encryption also provide an additional layer of protection in the event of a hack or data breach. Even if bad actors get hold of your end-to-end encrypted or zero-access encrypted emails, they won’t have your private keys and therefore will be unable to decrypt the contents of your emails.
While ProtonMail does end-to-end encrypt and zero-knowledge encrypt a lot more data than the most popular Big Tech email providers, some data is not protected by these types of encryption.
This data includes email subject lines and the display names and email addresses of your contacts. Since this data isn’t protected by end-to-end encryption or zero-knowledge encryption, ProtonMail has the ability to access it. Any bad actors who gain access to this data and the encryption keys could also view this information.
ProtonMail states that it doesn’t end-to-end encrypt email subject lines for two main reasons:
- Compliance with the OpenPGP standard (which ensures that all users of PGP encryption, even those without a ProtonMail account, can still send end-to-end encrypted email to ProtonMail users)
- To allow for subject line search (according to ProtonMail, the current encryption technology makes it difficult to search through large amounts of end-to-end encrypted email in the browser so not applying end-to-end encryption to subject lines is currently the best way to allow subject line search)
When it comes to the display name and email addresses of your contacts, ProtonMail states that this information isn’t end-to-end encrypted or zero-access encrypted so that it can provide advanced features such as auto-complete, spam filtering, and whitelists.
Here’s a summary of how ProtonMail encrypts your data and the potential third-party access points associated with each type of encryption:
End-to-end encrypted data (only the account holder and the recipient can decrypt the data):
- Email content and attachments sent between ProtonMail users
- Email content and attachments sent to non-ProtonMail users via the “Encrypt for non-ProtonMail users” option
- Email content and attachments sent to non-ProtonMail users via Pretty Good Privacy (PGP) encryption
Zero-access encrypted data (the data is briefly accessible to ProtonMail’s servers but can only be decrypted by the account holder after it has been zero-access encrypted by ProtonMail):
- Email content and attachments in your ProtonMail mailbox that weren’t sent end-to-end encrypted
- The “Phone numbers,” “Addresses,” and “Other information” sections of ProtonContacts (ProtonMail’s contacts manager)
Data that’s not end-to-end encrypted or zero-access encrypted (the data is encrypted but ProtonMail has the ability to access it):
- Email addresses of recipients and senders
- Email subject lines
- The “Display name” and “Email addresses” sections of ProtonContacts
Open source code
In addition to using open source cryptographic libraries and open encryption standards, ProtonMail’s web, Android, iOS, Bridge, and Import-Export apps are also open source.
ProtonMail states that its approach to open source is driven by its commitment to standards compliance and peer review. The standards compliance means that ProtonMail users can end-to-end encrypted emails to and receive end-to-end encrypted emails from non-ProtonMail users via PGP. The ability for ProtonMail’s code to be peer-reviewed means that outside experts can verify ProtonMail’s claims about its apps and that a large community of developers can ensure that the code is free from security flaws.
ProtonMail has also passed several independent audits with its open-source encryption libraries OpenPGPjs and GopenPGP, its Android app, its iOS app, and its Bridge app all passing their third-party reviews.
Additional privacy protections
Not only does ProtonMail’s end-to-end encryption and zero-access encryption help to keep your email contents private but the company also uses digital signatures which verify that an email’s author sent a message and ensure the email hasn’t been tampered with.
Digital signatures are enabled by default for emails sent between ProtonMail users. You can enable digital signatures for non-ProtonMail users via the “Sign external messages” toggle in the “Security & keys” section of ProtonMail’s settings. Alternatively, you can select the “Sign message” option in the dropdown menu when composing emails.
Another way ProtonMail enhances your privacy is by not loading remote content and embedded images by default. This ensures that no code or trackers are executed without your knowledge. If you want ProtonMail to start automatically loading remote content and embedded images, you can enable this via the “General” section of ProtonMail’s settings.
ProtonMail has also committed to “no tracking or logging of personally identifiable information.” The company claims that by default, it doesn’t record user metadata such as the Internet Protocol (IP) address that’s used to log in to accounts. It also doesn’t require any personally identifiable information from users when they register for an account.
Additionally, ProtonMail accepts cash payments for enhanced privacy and offers paid users a pseudonymous way to pay for their accounts via Bitcoin.
Being based in Switzerland gives ProtonMail several other privacy advantages. In its post on Swiss privacy laws, ProtonMail writes that “Switzerland, being outside of US and EU jurisdiction, has the advantage of being a neutral location.” ProtonMail also notes that “Switzerland also has a long history of privacy and security, dating back over a century, and its laws are much more protective of individual privacy rights.”
According to ProtonMail, the current interpretation of the Swiss Federal Act on the Surveillance of Postal and Telecommunications Traffic (SPTT) doesn’t subject ProtonMail to any mandatory data retention directives or enforce a full obligation for it to identify ProtonMail users. Additionally, ProtonMail claims that as a Swiss company, it cannot be compelled to engage in bulk surveillance on behalf of US or Swiss intelligence agencies.
ProtonMail adds that “while Switzerland is party to international assistance treaties, such requests for information must hold up under Swiss law, which has much stricter privacy provisions.”
ProtonMail publishes details of the legal requests it receives and complies with in its transparency report.
Security features
ProtonMail lets you enable several security-enhancing features via your Proton Account.
One of these features is an optional two password mode where you create a “Login” and “Mailbox” password. The first password verifies your user account and the second password decrypts your mailbox. According to ProtonMail, two password mode provides a “minor security benefit.”
Two-factor authentication is another security feature that can be enabled in your Proton Account. Currently, ProtonMail supports app-based authentication through authenticator apps such as Authy, FreeOTP, and Google Authenticator.
Research from Google has shown that this type of two-factor authentication greatly reduces the likelihood of account takeovers and protects against 100% of automated bot account takeover attempts, 99% of bulk phishing attack account takeover attempts, and 90% of targeted account takeover attempts.
Another feature that helps improve the security of your account is ProtonMail’s “Session management” panel. This panel shows all the active logged-in sessions for your Proton Account. If you notice any suspicious sessions, you can revoke them from this panel. You can also revoke all other sessions from this panels
In addition to this, all Proton Accounts have optional authentication logs that can be used to check for any suspicious sign-ins or sign-in attempts on your account.
By default, these logs are enabled in “Basic” mode and provide a time and date stamped record of all the previous successful sign-ins, successful authentications, failed sign-in attempts, and failed authentication attempts.
You can start recording IP addresses in these logs by switching to “Advanced” mode which is useful for detecting suspicious activity coming from other IP addresses. However, when you enable these Advanced logs, ProtonMail will have a record of your IP address until you delete these logs.
You can wipe these authentication logs at any time and also download them in a comma-separated values (CSV) file.
Importing your emails and contacts
ProtonMail provides several tools that help you quickly import your existing emails and contacts into the app.
If you want to import emails from your existing email provider, ProtonMail has an Import Assistant tool and provides detailed documentation on connecting your existing email accounts and transferring your emails to ProtonMail.
If you have your emails backed up locally in an MBOX or EML format, you can also import them via ProtonMail’s Import-Export app. Currently, this app is only available to paid users but ProtonMail plans to eventually make it available to all users.
To import your contacts into ProtonMail, you’ll need to save them as a CSV file or vCard file (VCF). ProtonMail provides documentation on how to export contacts from Gmail, Yahoo Mail, and several other popular email providers in these formats.
After you’ve saved your contacts in the relevant format, simply upload the file using ProtonMail’s Import Contacts tool to add them to ProtonContacts.
Using ProtonMail’s end-to-end encryption
If you’re emailing other ProtonMail users from your ProtonMail account, the contents of the emails are end-to-end encrypted by default.
If you’re emailing non-ProtonMail users from your ProtonMail account and you want the email contents to be end-to-end encrypted, you’ll need to either use ProtonMail’s Encrypt for Non-ProtonMail users option or PGP.
To use the Encrypt for Non-ProtonMail users option, select the “Encryption” padlock icon before you hit send and set a password for the message. You can also set an optional password hint.
By default, messages sent via the Encrypt for Non-ProtonMail users option will expire after 28 days but you can adjust the expiration time by selecting the “Expiration time” time-glass icon.
When you hit send, ProtonMail will email the recipient a link to the end-to-end encrypted message.
If the recipient can figure out the password based on the password hint, they can view the message and reply without any further action from you.
If the recipient can’t figure out the password based on the password hint, you’ll need to find a secure way to give them the password such as giving it to them in person, sharing it with them via a password manager, or sharing it with them via another end-to-end encrypted service that you both use.
When the recipient has the password, they’ll be able to view and reply to the message in their web browser.
Recipients can reply to each message that’s sent via Encrypt for Non-ProtonMail users up to five times.
To end-to-end encrypt the contents of your emails with non-ProtonMail users via PGP, the non-ProtonMail users will need to be using a PGP app, client, or plugin. The OpenPGP websites lists several apps, clients, and plugins that support PGP.
Next, you’ll need to share your public key with any non-ProtonMail users that you want to receive end-to-end encrypted emails from. You can do this by selecting the “Attach Public Key” option when composing emails in ProtonMail, exporting or copying your public key from the Security & keys section of ProtonMail’s settings, or selecting “Attach public key” in the Security & keys section of ProtonMail’s settings (this will automatically attach your public key to every message you send and is only recommended for advanced users).
The recipients will need to import this public key into their PGP client to send you end-to-end encrypted emails. Most PGP clients will automatically prompt users to do this.
After a recipient has imported your public key, you’ll need to import their public key into ProtonMail.
The easiest way to do this is by asking recipients to send you an email with their public key attached. When you receive a public key from non-ProtonMail users, ProtonMail will prompt you to trust the public key and you can enable encryption between your ProtonMail email address and their email address.
Alternatively, you can manually import non-ProtonMail users’ public keys and enable encryption between your ProtonMail email address and their email address via the “Email settings” in ProtonContacts.
After you and your contacts have imported the public keys and enabled encryption, the contents of any emails you send to each other will be end-to-end encrypted with PGP.
Sending and receiving email
ProtonMail has all the standard send and receive features that you’d expect from an email service. When you sign in, all your new emails are instantly displayed in your inbox and you can quickly reply to messages, forward messages, or compose new messages with one click or tap.
When you compose a new message, it’s automatically saved as a draft while you compose it and then saved to the “Sent” section after you hit “Send.”
The default composer mode is “Normal” which allows you to add links and formatting to your emails. However, if you prefer to compose plain text emails, you can change the composer mode to “Plain text” via the “Appearance” section of ProtonMail’s settings.
If you want to request read receipts, you can do that via the “Request Read Receipt” option in the dropdown menu when you compose your email.
Additionally, ProtonMail also has several advanced send and receive features including expiring emails, undo send, subject line prompts, auto-replies, email aliases, and catch-all emails.
To send an expiring email, select the Expiration time time-glass icon when composing an email and then set the time you want the email to expire. The maximum expiration time is 28 days.
Expiring emails sent between ProtonMail users are removed from the sender’s and recipient’s accounts at the expiry time. For expiring emails sent from a ProtonMail user to a non-ProtonMail user, the email is removed from the sender’s account and the content of the message contained within the link that’s sent to the non-ProtonMail users are removed at the expiry time.
Undo send is enabled by default and an “Undo” prompt temporarily appears at the top of ProtonMail whenever you send an email. If you click or tap this prompt, your email will not be sent.
By default, this undo send prompt appears for 10 seconds but you can extend the duration, reduce the duration, or disable undo send via the “General” section of ProtonMail’s settings.
Subject line prompts appear whenever you attempt to send an email without writing a subject and give you the option to “Cancel” (so that you can include a subject before sending) or “Send anyway” (which sends the email without a subject).
Auto-reply is currently only available to paid ProtonMail users and lets you send automatic replies based on several parameters. You can send an auto-reply based on the subject, the sender, the recipient, or whether the email contains an attachment. For example, if a specific contact sends you an email and mentions a project that you’re both working on in the subject, you could set up an auto-reply to send them the latest update on the project.
Alternatively, you can send auto-replies to all incoming emails within a specific time period by setting a start and end date for auto-replies and setting windows for the auto-replies to repeat.
If you want to segment your incoming emails based on the recipient, ProtonMail’s aliases are a great feature. You can create an unlimited number of ProtonMail email aliases by adding a “+” symbol followed by custom text between your ProtonMail username and the “@” symbol in your email address. For example, if your ProtonMail email address is “[email protected]” then you can create aliases such as “[email protected]” and “[email protected].”
Aliases can only be used to receive email. To receive email via an alias, simply create the alias and then give this alias to the contacts, companies, and services that you want to be associated with that alias.
If you have a “Professional” or “Visionary” ProtonMail account, you can also enable catch-all email on custom domains. This means that you’ll receive all emails that are sent to that custom domain, even if it’s sent to an email address that you haven’t set up.
Email organization features
ProtonMail has numerous features that make it easy to manage your emails including folders, labels, and filters.
By default, ProtonMail stores your email in seven standard folders but you can create additional folders and labels to organize your emails in a way that matches your preferences via the “Folders & labels” section of ProtonMail’s settings or the dropdown menus that are displayed at the top of all ProtonMail’s folders, labels, and emails.
You can add custom folders to a parent folder and get notifications whenever new emails are added to the folder.
When you create new labels, you simply choose the name and the color of the label. The label name and color then appears in the header of any emails it’s applied to.
You can navigate to custom folders or labels at any time via the left-hand menu of your ProtonMail mailbox.
Emails can only be stored in one custom folder but you can apply multiple labels to an email.
By default, labels will only be applied to emails when you manually label them or when a custom filter automatically labels them. However, you can automatically apply the same label to all future emails in a conversation by enabling “sticky labels” via the Appearance section of ProtonMail’s settings.
Free ProtonMail accounts can create three custom folders, create three custom labels, and have one active custom filter but you can increase these limits with a paid account.
Moving emails between folders, labeling emails, and managing them in other ways is quick and easy. The dropdown menus that are displayed at the top of all of ProtonMail’s folders, labels, and emails let you move emails to your preferred folder, label them, delete them, archive them, mark them as read or unread, and mark them as spam. These dropdown menus can be used to manage emails individually or in bulk.
If you want to automate some aspects of your email management, you can use ProtonMail’s custom filters and spam filters.
You can create custom filters from scratch via the “Custom filters” section of ProtonMail’s settings or you can use an existing email as a template via the dropdown menu that appears at the top of all ProtonMail emails.
Custom filters let you automatically organize emails based on the subject, the sender, the recipient, or whether the email contains an attachment. You can chain together multiple conditions when creating custom filters and tell the filter to take action when any or all of these conditions are met.
After you’ve established the conditions for a custom filter, you can then instruct it to label emails, move emails to a specific folder, mark emails as read, mark emails as starred, or send an auto-reply based on the conditions.
If you’re an advanced user, you can also create custom filters with Sieve (a programming language that filters emails). ProtonMail has a detailed guide that documents how to set up Sieve filters.
You can use spam filters in conjunction with custom filters to further automate your email management. If there’s an email address or domain you want to whitelist, add it to the “Allow” list in the “Spam filters” section of ProtonMail’s settings to ensure that all future emails from that address or domain go to your inbox. Adding an email address or domain to the “Block” list sends all future emails from the address or domain to spam.
The email addresses of any messages you mark as spam are automatically added to the Block list while the email addresses of any messages you mark as not spam are added to the Allow list.
Search is another feature that makes it easy to stay on top of your email. You can also use ProtonMail’s advanced search dropdown menu and advanced search syntax to perform a more granular search based on criteria such as the date the email was sent or received, the email address it was sent from or to, and whether the email has attachments.
However, as we noted, since ProtonMail end-to-end encrypts the contents of your emails, only the subject lines can be searched by keyword.
Keyboard shortcuts are also a useful ProtonMail web app feature that make it easy to manage and organize your emails. You can press the “?” key at any time to display a list of all the keyboard shortcuts.
Additionally, you can use ProtonMail’s toolbar to quickly organize your emails based on several different parameters including read status (show all emails, show unread emails, or show read emails), size (small to large or large to small), and date (new to old or old to new).
If you want to keep a local backup of your ProtonMail emails, you can use ProtonMail’s Import-Export tool to export them in an MBOX or EML format. Currently, this tool is only available to paid users.
Contact management features
By default, ProtonMail saves the email address of anyone you email to ProtonContacts but you can disable this behavior in the “General” section of your ProtonContacts settings.
You can also add new contacts manually via the “New contact” button in ProtonContacts.
For each contact, you can store multiple email addresses, multiple phone numbers, multiple addresses, and multiple pieces of other information such as photos, birthdays, notes, URLs, timezones, and geolocation.
There are several ways to keep the data in your ProtonContacts up to date. You can delete any contact data you no longer need individually or in bulk and you can edit contact details to add new information or update existing information.
If you have any duplicate contacts, you can use the “Merge” option to quickly combine them into a single contact.
You can also organize your contacts into groups of up to 100 contacts per group but this feature is currently only available to paid ProtonMail users.
After you’ve added individual contacts or created contact groups in ProtonContacts, you can quickly email these contacts and contact groups in the main ProtonMail app by searching for their display name when composing emails.
ProtonContacts also makes it easy to quickly copy email addresses, phone numbers, and addresses in ProtonContacts via the “Copy” icons that are displayed next to these fields.
If you want to keep a backup of your ProtonContacts data, you can export all your contact data as a VCF via the “Import & export” section of ProtonContacts’ settings or export individual contact data as a VCF via the “Export” icon for each contact.
Display options
ProtonMail has a light and dark mode and you can toggle between both display modes via the “Display Mode” toggle in your user account dropdown menu or via the Appearance section of ProtonMail’s settings.
You can also use the Appearance section of ProtonMail’s settings to customize other aspects of your mailbox such as:
- The default size of the email composer (“Popup” displays a small composer in the bottom right, “Maximized” displays a large full-screen composer)
- The layout of your mailbox (“Column” displays email contents in a separate right-hand panel next to the list of emails, “Row” displays email contents in a full-screen window)
- The way conversation threads are displayed (“Conversation group” groups emails in the same thread together, “Single messages” keeps each email separate)
- The density of your mailbox display (“Comfortable” has more padding between the text in the mailbox list, “Compact” has less padding between the text in the mailbox list)
- The composer text direction (“Left to Right” is the default mode but it can be changed to “Right to Left”)
- The read/unread display order in the toolbar (read before unread is the default but you can change it to show unread before read).
Paid upgrades
With a free ProtonMail account, you get access to one @protonmail.com address that you can send emails from and receive emails on, one @pm.me address that you can receive emails on, unlimited email aliases, and up to 500 MB of storage. You can send up to 150 emails per day, create three custom folders, three custom labels, and have one active custom filter.
With a paid ProtonMail account, you can:
- Get more @protonmail.com and @pm.me email addresses
- Enable sending on your @pm.me addresses
- Connect custom domains to your ProtonMail account
- Send unlimited emails
- Get more storage, folders, labels, and custom filters
- Get access to auto-replies
- Get access to contact groups in ProtonContacts
- Get access to ProtonMail’s Bridge app (which lets you use your ProtonMail account with several desktop email clients including Microsoft Outlook, Mozilla Thunderbird, and Apple Mail)
- ProtonMail’s Import-Export app (which lets you import emails from a local backup or backup your emails locally in an MBOX or EML format)
All paid plans let you send unlimited emails, have unlimited active custom filters, and give you access to auto-replies, contact groups, ProtonMail’s Bridge app, and ProtonMail’s Import-Export app. Each of the paid plans also let you progressively increase the limits on storage, folders, labels, and other ProtonMail features.
Here’s an overview of the current paid plans ProtonMail offers:
- Plus: $5 per month, one user, five @protonmail.com and @pm.me email addresses, one custom domain, 5 GB storage, 200 folders, and 200 labels.
- Professional: $8 per month per user, up to 5,000 users, five @protonmail.com and @pm.me email addresses per user, two custom domains, 5 GB storage per user, unlimited folders, unlimited labels, catch-all email, multi-user management, and priority customer support.
- Visionary: $30 per month, up to six users, 20 GB storage, unlimited folders, unlimited labels, catch-all email, multi-user management, priority customer support, and a ProtonVPN Visionary account.
You can get a 20% discount when you pay for a year upfront and a 33% discount when you pay for two years upfront.
You can pay for a ProtonMail subscription in US dollars, Euros, Swiss Francs, or Bitcoin. ProtonMail accepts credit and debit card, PayPal, and cash for US dollar, Euro, and Swiss Franc payments.
If you don’t want a paid ProtonMail subscription but you want to support the service, you can buy merch from the ProtonMail Shop. The ProtonMail store accepts several payment methods including credit and debit card, Bitcoin, Bitcoin Cash, Litecoin, Dai, and Ethereum.