Standard email is fundamentally insecure. Messages travel across multiple servers in plain text or with only transport-layer encryption that server operators can decrypt. Anyone with access to email servers—service providers, governments, attackers who compromise servers—can read your messages.

Encrypted email providers promise to fix this through end-to-end encryption where only the sender and recipient can read message content. But the implementations vary enormously in both security strength and practical usability.

I’ve tested the major encrypted email providers over the past year, and the differences matter more than you might expect.

ProtonMail

ProtonMail remains the most well-known encrypted email service. They’re based in Switzerland, which provides some legal protections against certain forms of government surveillance, though Swiss law enforcement can and does compel ProtonMail to provide data in some circumstances.

The encryption is solid—zero-access encryption where ProtonMail can’t read your messages even if compelled to hand over data. The private keys stay on your device, and messages are encrypted before transmission to ProtonMail servers.

The major limitation is that end-to-end encryption only works when both parties use ProtonMail or the sender uses PGP encryption. When you send to regular email addresses, the message is stored encrypted on ProtonMail servers but decrypted for transmission to the recipient’s regular email server.

This means ProtonMail provides good protection for your stored emails and protection for messages to other ProtonMail users, but limited protection when communicating with the broader email ecosystem. The metadata—who you’re emailing, when, subject lines—is also visible to ProtonMail for operational purposes.

Usability is good. The web interface and mobile apps work similarly to standard email clients. The learning curve is minimal for basic usage.

Tutanota

Tutanota takes a slightly different approach, using a custom encryption protocol rather than PGP. This allows them to encrypt more of the email metadata than ProtonMail—including subject lines and contact information.

The downside is reduced interoperability with standard PGP implementations. You can send encrypted emails to non-Tutanota users by sharing a password, but it’s clunkier than ProtonMail’s approach.

Tutanota is based in Germany, which has strong privacy laws but also legal requirements for data retention in certain circumstances. Like ProtonMail, they can’t read encrypted message content, but they can be compelled to log certain metadata about future messages for specific users under court order.

The interface is clean and functional. Mobile apps work well. Pricing is competitive with other encrypted email services.

Posteo

Posteo is also Germany-based and focuses on privacy through data minimization—they don’t require personal information for account creation and support anonymous payment methods.

The encryption model is different from ProtonMail and Tutanota. Posteo encrypts your mailbox on their servers using a password you provide, but this isn’t end-to-end encryption in transit. Messages travel to Posteo servers where they’re then encrypted for storage.

This means Posteo could technically read incoming messages before encrypting them for storage, though their stated policy is not to do so. For end-to-end encryption, you need to use PGP separately with your email client.

Posteo’s value proposition is more about privacy-conscious operation and data minimization than technical end-to-end encryption. They support standard email protocols (IMAP, SMTP) which allows using desktop email clients, which some users prefer over web interfaces.

Mailfence

Mailfence is Belgium-based and uses OpenPGP for encryption, which provides good interoperability with other PGP implementations. The cryptography is well-established and independently auditable.

Like Posteo, they support standard email protocols, so you can use Mailfence with desktop email clients. This provides more flexibility than web-only services but also requires more technical knowledge to configure properly.

The encryption setup is more complex than ProtonMail or Tutanota. You need to understand public/private key concepts and manage your keys properly. For technically comfortable users, this isn’t a barrier, but it reduces accessibility for less technical users.

Mailfence stores your private keys on their servers (encrypted with your password), which is convenient but means a compromised password could expose your private key. You can generate keys locally instead, but again, this requires technical knowledge.

StartMail

StartMail comes from the team behind StartPage (the privacy-focused search engine). They’re Netherlands-based and use PGP for encryption similar to Mailfence.

The notable feature is integration with StartPage search—you can search the web privately and email results using your encrypted email account. This is a niche feature but useful for certain workflows.

Security-wise, StartMail is solid but not dramatically different from other PGP-based services. The usability is good for users comfortable with PGP concepts. The pricing is higher than some alternatives.

CounterMail

CounterMail is Sweden-based and takes a more hardened approach—they use diskless servers (running from RAM with no persistent storage) and OpenPGP with stronger default key settings.

The implementation is security-focused but usability suffers somewhat. The interface feels dated compared to ProtonMail or Tutanota. Setup is more complex. This is email for users who prioritize security over convenience.

CounterMail stores less metadata than most providers and uses USB key options for two-factor authentication beyond standard TOTP codes. For high-risk users, these features matter. For typical users, they’re probably overkill.

The Metadata Problem

All these services encrypt message content, but metadata remains challenging. Even with encrypted email, observers can see:

• Who you’re communicating with (email addresses)
• When messages are sent and received
• Message size
• IP addresses used to access the email service

Some providers encrypt subject lines (Tutanota does this well). Some minimize other metadata collection. But none can fully eliminate metadata while still functioning as email services that interoperate with the broader internet.

For communications where metadata is as sensitive as content, email—even encrypted email—may not be the right tool. Signal, Session, or other encrypted messaging platforms designed with metadata protection in mind provide better protection.

Usability vs. Security Trade-offs

The most secure encrypted email implementations tend to be the least usable. Services that prioritize ease of use often make security compromises.

ProtonMail strikes a reasonable balance for most users—solid security with minimal usability friction. Tutanota is similar. Services like CounterMail provide stronger security but require accepting more complexity.

The right choice depends on your threat model. If you’re primarily concerned about passive surveillance or data breaches at regular email providers, ProtonMail or Tutanota provide substantial improvement without major usability costs.

If you face targeted surveillance from sophisticated adversaries, you need more hardened solutions and should probably be using encrypted messaging platforms rather than email for sensitive communications.

The Compliance Question

Despite encryption, these services can be compelled by legal process to collect certain data or provide access to unencrypted metadata for specific users going forward.

ProtonMail has confirmed they’ve complied with Swiss legal requests to log IP addresses and other metadata for specific users under investigation. This is legal under Swiss law and ProtonMail can’t refuse valid legal process.

This doesn’t mean your existing encrypted messages get decrypted—they can’t do that. But it means assuming encrypted email provides complete protection from all government surveillance is naive. Legal jurisdictions matter, and all of these providers operate under legal frameworks that allow some forms of compelled data collection.

Practical Recommendations

For most people wanting better email privacy than Gmail or Outlook, ProtonMail or Tutanota provide good security with reasonable usability. The free tiers are functional enough to evaluate whether the service meets your needs.

For users comfortable with PGP and willing to manage keys properly, Mailfence or Posteo offer good options with more flexibility around email client choice.

For high-security needs, CounterMail provides stronger technical protection at the cost of usability. But seriously evaluate whether email is the right communication method for truly sensitive material.

Remember that encrypted email only helps when the recipient also uses encryption. If you’re sending to regular Gmail addresses, the encryption protects your storage and ProtonMail’s storage but the message is eventually delivered unencrypted to Google’s servers.

The real value of encrypted email providers is protecting your stored messages and metadata from the provider and from data breaches. For protecting content in transit, both sender and recipient need to use compatible encryption, which often isn’t practical for routine communication.

Set appropriate expectations based on your actual communication patterns and threat model. Encrypted email is better than regular email for privacy, but it’s not a complete solution to all email security and privacy concerns.