Email encryption has been “just around the corner” for about thirty years. PGP was released in 1991. We’re in 2026 and the vast majority of email traffic is still unencrypted end-to-end. The technology exists. The adoption doesn’t.

The fundamental problem has never been the cryptography. It’s the usability. Every time someone tries to make email encryption easy enough for normal people, they either compromise on security or build something that still requires a PhD in key management.

That said, the open-source tools available today are genuinely better than they were five years ago. We tested the major options to see which ones are actually usable.

What We Tested

We evaluated five open-source email encryption approaches across three criteria: security strength, ease of setup, and real-world usability (can a non-technical person actually use this daily?).

GnuPG (GPG) with Thunderbird Proton Mail Bridge (open-source client, encrypted service) Delta Chat (email-based messaging with autocrypt) Tutanota Desktop (open-source client and service) Mailvelope (browser extension for webmail)

Each was tested for two weeks of actual daily email use.

GnuPG with Thunderbird

GPG is the gold standard for email encryption. Thunderbird integrated OpenPGP directly starting with version 78, eliminating the need for the old Enigmail extension.

Setup difficulty: Moderate. Generating a key pair is straightforward in Thunderbird’s settings. But exchanging keys with contacts remains awkward — you need to send your public key, they need to import it, you need theirs, and key verification is still a manual trust-on-first-use process.

Daily usability: Once configured, sending encrypted email is a checkbox. Receiving encrypted email works automatically if you have the sender’s key. The friction is entirely in the key exchange phase.

Compatibility: Works with any email provider. Encrypted messages display as garbled text in email clients that don’t have GPG configured, which creates friction when recipients haven’t set up encryption.

Verdict: Most secure and flexible option, but key management is still the barrier. If your contacts are technical enough to exchange keys, this works well. For communicating with general public? Forget it.

Proton Mail Bridge

Proton Mail encrypts all messages between Proton users automatically. The open-source Bridge application lets you use Proton Mail with desktop clients like Thunderbird or Apple Mail via IMAP/SMTP.

Setup difficulty: Easy for the Proton side. Bridge installation is straightforward. The catch is that full end-to-end encryption only works with other Proton users or people who’ve exchanged PGP keys. Messages to regular email addresses aren’t end-to-end encrypted (they’re encrypted at rest on Proton’s servers, but transit to the recipient’s server is standard TLS).

Daily usability: Excellent if your contacts are also on Proton. Normal email experience otherwise. Bridge sometimes has connectivity hiccups but is generally stable.

Compatibility: Limited end-to-end encryption with non-Proton users. You can send password-protected messages to external recipients, but they have to open them in a web browser — clunky for regular communication.

Verdict: Best option if you can get your contacts onto Proton too. The security architecture is strong and the usability is good. But the “walled garden” problem limits its effectiveness for general use. Organisations evaluating their broader security posture can benefit from AI strategy support to assess how encrypted communications fit into their overall data protection framework.

Delta Chat

Delta Chat takes a different approach entirely. It uses standard email as its transport layer but presents a messaging-app interface. It implements the Autocrypt standard, which handles key exchange automatically.

Setup difficulty: Surprisingly easy. Enter your email credentials (any provider) and it works. Key exchange happens automatically when you message someone who also uses Delta Chat.

Daily usability: Feels like a messaging app, not email. Fast, simple, works on mobile and desktop. But you’re limited to communicating with other Delta Chat users for encrypted messaging. Regular email contacts see your messages as normal emails (unencrypted).

Compatibility: Works with any email provider (it’s just email underneath). Encryption only with other Delta Chat users.

Verdict: Cleverest approach in the list. The usability is genuinely good and the Autocrypt key exchange removes the biggest pain point. But adoption is tiny — finding contacts who use Delta Chat is the challenge.

Tutanota Desktop

Tutanota (recently rebranded to Tuta) is an open-source encrypted email service with desktop, web, and mobile clients.

Setup difficulty: Very easy. Create account, install app, done. Encryption between Tutanota users is automatic and invisible.

Daily usability: Clean interface, works well. Calendar and contacts are also encrypted.

Compatibility: Similar to Proton — end-to-end encryption with other Tutanota users only. External recipients get password-protected message links. The free tier is limited in storage and features.

Verdict: Good for personal privacy-focused email. Less suitable for business use due to limited integrations.

Mailvelope

Mailvelope is a browser extension that adds PGP encryption to webmail services (Gmail, Outlook.com, Yahoo, etc.).

Setup difficulty: Moderate. Install the extension, generate or import keys, configure for your webmail provider. Key management follows standard PGP model.

Daily usability: Adds encrypt/decrypt buttons to your webmail compose window. Works reasonably well but feels bolted-on rather than integrated. Occasional compatibility issues when webmail interfaces update.

Verdict: Best option if you’re committed to using Gmail or Outlook.com but want PGP encryption. The bolt-on nature means it can break when webmail providers update their interfaces.

The Honest Assessment

None of these solutions solve the fundamental email encryption problem: you can only communicate securely with people who’ve also set up encryption. And most people haven’t. Most people won’t.

For communicating with technical contacts: GPG with Thunderbird remains the strongest option. Full control, maximum flexibility, battle-tested cryptography.

For an organisation standardising on encrypted email: Proton Mail is the most practical choice. Get everyone on Proton and encryption is invisible.

For personal privacy: Proton or Tutanota. Easy setup, strong encryption within the ecosystem.

For messaging-style communication: Delta Chat deserves more attention than it gets. The UX is genuinely good.

What’s Still Missing

Automatic key discovery and exchange at scale. Email was designed without encryption, and retrofitting it remains painful. Standards like Autocrypt and Web Key Directory help but haven’t achieved critical mass.

The real answer for most people in 2026 is to use encrypted messaging (Signal, primarily) for sensitive communications and accept that regular email is not and may never be truly private. That’s not satisfying, but it’s honest.

Email encryption tools have improved meaningfully. The problem isn’t the tools anymore. It’s the network effect — encryption is only useful when both sides have it, and bootstrapping that adoption remains the unsolved challenge.