Top 13 secure email services that will protect your personal information

Emails have been in existence even before the inception of the internet for as far back as the early 80s. With the introduction of the internet and its popularity, emails followed suit with them being the most popular form of communication towards the late 90s and early 2000s.
But even with all the progress made in the technology used and the advancement of various security protocols, email remains quite vulnerable to various forms of attack, be it a simple Phishing attack or a complex Man-in-the-Middle attack.
In this article, we explore the concept of email security, along with the top 13 secure email services and a few pointers to pick the best service. We shall also be looking at a new threat to your email that can extract your credentials without your knowledge!
Table of Contents
Why secure emails?
In its early days, email was used for all sorts of communication, such as messaging friends, writing to relatives living far away, corporate communication.
Now, since there are many more applications for most other communication, email has reduced down to mostly corporate or professional communication.
Image source – “Security by Any Other Name:
On the Effectiveness of Provider Based Email Security” scholarly paper
[by Ian Foster, Jon Larson, Max Masich, Alex C. Snoeren, Stefan Savage, & Kirill Levchenko]
These days, even the actual email address is quite important with it being used to log into online accounts and services such as social media, bank accounts, and various other websites. Users also use emails to send and receive a lot of important communication from their workplace or even their friends.
The compromise of such an email account would allow the attacker to access confidential and sensitive user information for their benefit. This would potentially cause the loss of user privacy, finances, and even their identity.
Email security is of paramount importance just for this reason, so that no malicious attacker (or sometimes snoopers like state agents or data conglomerates) can view and access user data shared and stored using email accounts.
Image source – “What Email Servers Can Tell to Johnny:
An Empirical Study of Provider-to-Provider Email Security” scholarly paper
[by Georgios Kambourakis , Gerard Draper Gil, & Ignacio Sanchez]
In the upcoming sections, we shall be reviewing the top 13 secure email services available, as well as pointers for selecting a good secure email service.
Vendor
|
Price
|
Platforms
|
Rating
|
---|---|---|---|
EDITOR’S CHOICE- ProtonMail
|
Free
|
Web-based, Android, & iOS
|
10/10
|
15-day free trial $1/month per user
|
Windows, Mac, Linux, Web-based, Android, & iOS
|
10/10
|
|
Free
|
Windows, Mac, Linux, Web-based, Android, & iOS
|
9/10
|
|
10-day free trial with referral $4.83/month
|
Windows, Mac, Linux, Web-based, & Android
|
9/10
|
|
30-day free trial €1/month per user
|
Web-based
|
8/10
|
|
$2.95/month
|
Web-based, Android, & iOS
|
8/10
|
|
€1/month
|
Web-based
|
8/10
|
|
Free for invitations $8/month
|
Windows, Mac, Linux, Web-based, Android, & iOS
|
7/10
|
|
30-day free trial $1.66/month per account
|
Web-based
|
7/10
|
|
30-day free trial $5.4/month
|
Web-based
|
7/10
|
|
7-day free trial $35.99/year (Offer price)
|
Web-based
|
7/10
|
|
Free
|
Web-based
|
6/10
|
|
$8.95/month
|
Windows, Mac, Linux, Web-based, Android, and iOS
|
6/10
|
Picking the right secure email service
Before we go ahead and look at the various secure email services in the market, we need to know what to look for in a secure email service. I will be classifying the services listed in this article purely based on these points as well as my personal experience using them.
The few basic points to keep in mind while choosing a secure email service are as follows.
1. Price
The price of a service should always be of primary concern while picking a secure email service. You do not want to buy a secure email service if the price is too high and it doesn’t offer enough features to match, it is pointless to buy the service.
2. Free versions
Always go for the free version of a secure email service, as 8 times out of 10, the free version will have most of the basic features required to improve email security. If you can find such a free version, that saves you from having to pay for the email service.
3. Encryption
An email service may claim to be secure, but you can't trust it unless you know what security mechanisms or protocols they employ to provide this email security. The most common security mechanism used for email is PGP encryption along with SMTP, IMAP, & POP protocols.
4. User logs
The primary reason for using secure email services over the normal ones is the fact that the normal email services such as Gmail or Outlook store logs of the emails and user activity from user accounts. If an email service stores logs, it isn't secure and shouldn't be used for secure communication.
5. IP Stripping
When sending an email securely, you want your IP address not attached to the email that ensures no attacker who steals your email can track your IP from it. IP stripping is the process where the email service provider removes the attached IP address and sometimes even the metadata associated with the email.
6. Reputation
This might not be as important as the previous point, but it is always a good idea to make sure the secure email service provider has a good reputation and a good opinion among various users in the community. This ensures that the service provider is worth using and is not a scammer.
Top 13 email services of 2022
- 1. ProtonMail
- 2. Zoho Mail
- 3. Tutanota
- 4. CounterMail
- 5. Mailbox.org
- 6. Thexyz
- 7. Posteo
- 8. CTemplar
- 9. Runbox
- 10. Kolab Now
- 11. Startmail
- 12. Mailfence
- 13. PrivateMail
1. Editor’s Choice – ProtonMail
Pros
|
Cons
|
---|---|
|
|
- Price – Free for personal use
- Platform – Web-based, Android, & iOS
- Verdict – 10/10
Image source – protonmail.com
ProtonMail is one of the most secure, if not the best, email services available in the market. It was even marketed at its release as “the only email system the NSA can’t access” and uses the Pretty Good Privacy (PGP) encryption standard to end-to-end encrypt all emails sent.
ProtonMail stores any no logs about user activity and even allows sending encrypted emails to users who don't use the ProtonMail service.
The fact that I liked about ProtonMail is that the company stores all its servers in a nuclear bunker over 3000 feet below ground. If that doesn't speak about their value for a security, I don't know what will.
A free version of the service is available for personal use with 500GB of free storage. The service is also available as android & iOS apps for your smartphone with a very sleek design.
2. Zoho Mail
Pros
|
Cons
|
---|---|
|
|
- Price – 15-day free trial & $1/month per user
- Platform – Windows, Mac, Linux, Web-based, Android, & iOS
- Verdict – 10/10
Image source – zoho.com
Zoho mail is a secure email service that offers a multiplatform email solution for personal as well as enterprise use. The service also offers an "Encryption Level Indicator" that informs the user of the encryption level at the recipient interface and whether or not they use encryption at all.
The email has additional security features such as 2-factor authentication, OTP, QR codes, and Touch ID. However, unlike ProtonMail, Zoho has a pleasing user interface on the web-based application and the mobile application.
The service does not, however, provide a free version, with the basic Zoho Mail Lite planning offering most of the personal use email features at only $1/month per user that comes with a 5GB storage space.
If you want to try the service first before purchasing it, Zoho mail offers a 15-day free trial that you can use to try out the Zoho mail service.
3. Tutanota
Pros
|
Cons
|
---|---|
|
|
- Price – Free for personal use
- Platform – Windows, Mac, Linux, Web-based, Android, & iOS
- Verdict – 9/10
Image source – tutanota.com
Based in Germany and created by a group of privacy enthusiasts, Tutanota is a secure email service that is almost as good as ProtonMail, even though it is not as widely known. Tutanota runs a hybrid encryption system that overcomes the drawbacks of PGP and can be even strengthened to defend against quantum computer attacks, as claimed by its creators.
While emails to Tutanota users are asymmetrically encrypted, the emails to a non-user are encrypted symmetrically and include a link to the message along with a decryption key.
Even though it is one of the most secure email services, it is quite lacking in various other features and offers no support for PGP, POP3, SMTP, or IMAP, making it quite difficult to integrate with other technologies.
The software does have a free version but only offers 1GB of storage. Even the 'premium' plan comes with only 1GB storage for €1 per month, and if you need larger storage, you need to opt for the 'teams' plan for €4 per month.
4. CounterMail
Pros
|
Cons
|
---|---|
|
|
- Price – 10-day free trial with referral & $4.83/month
- Platform – Windows, Mac, Linux, Web-based, & Android
- Verdict – 9/10
Image source – countermail.com
CounterMail is one of the most secure email services that offers quite advanced email protection protocols and services. CounterMail runs PGP encryption using the 4096-bit encryption keys.
CounterMail also employs RSA and AES-CBC encryption along with SSL to improve the security of the email system and also prevent Man-in-the-Middle attacks or any other form of identity attacks on the user.
They also use 2-factor authentication as an added layer of security, which allows users to use a USB key or a 3rd party authenticator app that provides a Time-based OTP.
The higher price of the service is explained off by the creators as the price for the high-quality servers and stronger security measures implemented in the service. This is mainly a reference to the RAM-only servers that they use, which don’t store anything and only process the email transit.
5. Mailbox.org
Pros
|
Cons
|
---|---|
|
|
- Price – 30-day free trial & €1/month per user
- Platform – Web-based
- Verdict – 8/10
Image source – mailbox.org
Mailbox.org supports PGP encryption with SSL Perfect Forward Secrecy. It has a full productivity suite with more features and provides a balance between security and features. It, however, does not offer integration with 3rd party clients or any mobile apps.
The service comes with a 30-day free trial & the base plan is priced at €1/month per user with 2GB storage and 3 aliases.
6. Thexyz
Pros
|
Cons
|
---|---|
|
|
- Price – $2.95/month
- Platform – Web-based, Android, & iOS
- Verdict – 8/10
Image source – thexyz.com
Thexyz offers web-hosting and has a good base plan with 25GB storage and unlimited aliases. Thexyz uses systems like CloudMark or Message Sniffer for sender analysis & monitoring to block spam and threats.
Being based in Canada, Thexyz servers are mainly located in the US, making it quite vulnerable to snooping by various government agencies and even "Five Eyes”. Offers IP stripping along with IMAP, OpenPGP, & POP encryption to improve good end-to-end encryption to counteract possible snooping.
7. Posteo
Pros
|
Cons
|
---|---|
|
|
- Price – €1/month
- Platform – Web-based
- Verdict – 8/10
Image source – posteo.de
Posteo, being open-source, offers transparency to users and integrates well with PGP encryption to improve security. It also uses SSL with Perfect Forward Secrecy (PFS), HTTP Strict Transport Security (HSTS), and SSH for encryption by using the Mailvelope app.
The entire Posteo mailbox can be password encrypted, but it should be kept safe as it can’t be recovered if lost.
The email service is quite cheap as well, at just €1/month, which offers most of the basic secure email features.
8. CTemplar
Pros
|
Cons
|
---|---|
|
|
- Price – Free for invitations & $8/month
- Platform – Windows, Mac, Linux, Web-based, Android, & iOS
- Verdict –7/10
Image source – ctemplar.com
CTemplar comes with OpenPGP 4096-bit encryption, along with Icelandic servers using Iceland's privacy laws, which are some of the strongest in the world.
It stores passwords using the “Zero-knowledge password” technology and even offers self-destructing emails that get deleted after a set timer. The email service stores no logs about any user activity and employs IP stripping to remove user IP from emails.
It is free if you can manage an invite from someone who already uses the service or costs $8/month with 5GB storage.
9. Runbox
Pros
|
Cons
|
---|---|
|
|
- Price – 30-day free trial & $1.66/month per account
- Platform – Web-based
- Verdict – 7/10
Image source – runbox.com
Runbox uses SSL with Perfect Forward Secrecy, along with SMTP, POP, and IMAP, and complies with the GDPR standards for privacy. While there is no built-in mailbox encryption, it offers the user an option to add PGP encryption for added security.
The base account of Runbox offers 2GB for secure cloud storage and over 100 aliases for creating disposable email addresses.
10. Kolab Now
Pros
|
Cons
|
---|---|
|
|
- Price – 30-day free trial & $5.4/month
- Platform – Web-based
- Verdict – 7/10
Image source – kolabnow.com
An open-source secure email, Kolab Now offers end-to-end encryption with Perfect Forward Secrecy and includes a complete productivity suite as well. It uses different encryption keys for each session, allowing maximum transit email security.
However, it offers no security to emails at rest, stored in the mailbox.
The base option starts at $5.4/month and doesn't offer enough features for that price compared to the competition. The base version also comes with only 5GB of storage for the users.
11. Startmail
Pros
|
Cons
|
---|---|
|
|
- Price – 7-day free trial & $35.99/year (Offer price)
- Platform – Web-based
- Verdict – 7/10
Image source – startmail.com
Startmail runs PGP encryption along with SMTP & IMAP for an added layer of privacy. The email service also offers 2-factor authentication as an additional security layer, making stolen passwords useless.
However, Startmail offers PGP encryption only at the server-side which, & not at the client-side, which means only emails in transit will be encrypted and not those stored in the user mailbox.
While it offers no free version, it does offer a 7-day trial and a base plan for $35.99/year with 10GB storage space. This price is only an offer price and might change later on.
12. Mailfence
Pros
|
Cons
|
---|---|
|
|
- Price – Free for personal use
- Platform – Web-based
- Verdict – 6/10
Image source – mailfence.com
Mailfence uses an open-source implementation of OpenPGP encryption, along with RSA & ECC encryption algorithms. The email service also has a built-in digital signature feature that improves the privacy of the system.
However, the service is known to log user activity as well as IP addresses, which is quite worrying no matter the volume of the logs. This logging system can't be disabled in any way either.
The free version has capped storage at 500MB while the paid version, starting at €2.50/month, offers 12GB of storage space.
13. PrivateMail
Pros
|
Cons
|
---|---|
|
|
- Price – $8.95/month
- Platform – Windows, Mac, Linux, Web-based, Android, and iOS
- Verdict – 6/10
Image source – privatemail.com
PrivateMail, owned by the creators of TorGuard VPN, is a US-based service and is bound to be monitored by various government and law-enforcement agencies. It, however, does offer end-to-end encryption to protect against attempts at extracting email content.
It offers several aliases that allow the creation of disposable emails, and the base plan starts at $8.95/month offering 10GB storage and 5 aliases.
A new vulnerability & the need for secure email
A group of German academic researchers found over 40 flaws in the STARTTLS email protocol that is used by over 8 million systems worldwide. The security vulnerability was presented in the 30th USENIX Security Symposium by a group of researchers at the Münster University of Applied Sciences.
These flaws can be used to compromise quite a lot of popular email clients such as Apple, Google, Yandex, and much more.
In total, there were 40 different flaws with STARTTLS, a few of which allows mailbox spoofing, credential stealing, and even cross-protocol attack with HTTPS on IMAP. The most common form of attack was command injection which would allow an attacker to inject commands into the server, which can open several doors to more attacks.
Image source – “Why TLS is better without STARTTLS:
A Security Analysis of STARTTLS in the Email Context” scholarly paper
[by Damian Poddebniak, Fabian Ising, Hanno Böck & Sebastian Schinzel]
These command injection attacks are made possible using the MAIL, RCPT, and DATA commands which the attacker uses to send an email to themselves on an account created in the vulnerable server.
This allows any data sent by the victim to be extracted by the DATA command, which then reveals the victim credentials to the attacker.
The attacker can also perform command injection using the ability of STARTTLS to upgrade plaintext SMTP, POP3, or IMAP connections into encrypted ones. The attacker then injects plaintext commands which the victim server interprets as an encrypted connection allowing the attacker to steal victim credentials.
To prevent such flaws, the researchers have suggested that email clients should port to implicit TLS from STARTTLS. Users are also directed to configure email clients to use SMTP, POP3, and IMAP with implicit TLS on ports 465, 995, and 993, respectively.
This brings me to the topic at hand. Most of the secure email services listed in this article use SSL/TLS encryption for emails which is the implicit TLS protocol that the German researchers claim is more secure.
Furthermore, the secure email services that we looked at also use additional layers of encryption such as PGP, RSA, and ECC to protect your emails which make it impossible for an attacker to inject any sort of commands into it to extract user credentials.
Conclusion
Vulnerabilities are everywhere in the world, be they on the internet or in real life. These vulnerabilities are constantly being used by various malicious users to their benefit at the expense of another person.
When such vulnerabilities are exploited in your email, it is even worse since your email is the one place that connects all your various internet-based accounts and your whole internet identity.
In our article, we looked at the concept of email security, along with the top 13 most secure email services in the market. We also listed a few points to remember while picking a secure email service and finally looked at a new vulnerability threatening email clients all over the world.
If you enjoyed reading this article and/or have any suggestions or opinions regarding the secure email services in this article, do let us know by leaving a comment below.
✔️ Advanced information to protect your Internet connection
Your email address will not be published. Required fields are marked