The Hard Truth About Encrypted Email
Encryption only works when both sides use it. If you send encrypted email to someone using Gmail, your message is decrypted the moment it reaches Google's servers. The privacy benefit of encrypted email depends entirely on adoption—both by you AND the people you communicate with.
This is the fundamental limitation no provider can solve. Encrypted email protects you from mass surveillance, not targeted attacks by sophisticated adversaries who can simply subpoena your contacts.
RIP Skiff Mail (2021-2024)
Skiff was acquired by Notion in February 2024 and shut down in August 2024. This is exactly why we're cautious about recommending VC-funded privacy startups. Proton has been operating since 2014. Tuta (formerly Tutanota) since 2011. Track record matters.
Quick Comparison Table
| Provider | Free Storage | Paid Price | Jurisdiction | Our Rating |
|---|---|---|---|---|
| ProtonMail | 1 GB | €4.99/mo | Switzerland | Best Overall |
| Tuta | 1 GB | €3/mo | Germany | Best Value |
| Mailfence | 500 MB | €2.50/mo | Belgium | Best Features |
| StartMail | None | $5.99/mo | Netherlands | Best Aliases |
| — | — | — | Shut Down |
What "Encrypted Email" Actually Means
Before choosing a provider, understand what encryption protects—and what it doesn't:
What End-to-End Encryption Protects
- Email content: The body of your messages, encrypted so only sender and recipient can read them
- Attachments: Files you send are also encrypted
- Stored emails: Emails at rest on the provider's servers remain encrypted
What Encryption Does NOT Protect
- Subject lines: Often visible to the provider and in transit (Tuta encrypts these; others don't)
- Metadata: Who you email, when, how often—still visible
- Emails to non-users: Messages to Gmail/Outlook are only encrypted in transit
- IP address: Your provider knows your IP unless you use Tor/VPN
- Legal orders: Providers can be compelled to provide metadata and future emails
The ProtonMail IP Logging Incident
In 2021, ProtonMail provided the IP address and browser fingerprint of a French climate activist to Swiss authorities under a legal order. The email content remained encrypted—they couldn't read it—but metadata was handed over. Lesson: Use Tor or a VPN if IP anonymity is critical to your threat model.
Detailed Provider Breakdown
ProtonMail — Best Overall
Why We Recommend It: ProtonMail has the largest user base among encrypted email providers, which matters for network effects. Swiss jurisdiction provides strong legal privacy protections. The ecosystem (Drive, VPN, Calendar, Pass) is the most complete.
Pricing
- Free: 1 GB storage, 1 email address, 150 messages/day
- Mail Plus: €4.99/mo — 15 GB, 10 addresses, 1 custom domain
- Proton Unlimited: €12.99/mo — 500 GB, VPN, Drive, Pass included
- Proton Duo: €19.99/mo — 2 users, 2 TB shared storage
Security Features
- End-to-end encryption (AES-256, RSA, PGP)
- Zero-access encryption (Proton cannot read your emails)
- Open source clients (audited)
- Password-protected emails to non-Proton users
- Onion site for Tor access
- Dark web monitoring (paid plans)
Limitations
- Subject lines NOT encrypted (visible to Proton)
- Has complied with legal orders for metadata
- Free tier is limited (150 messages/day)
- Bridge app required for desktop clients
Jurisdiction: Switzerland
Not in 14 Eyes alliance. Strong privacy laws. However, Swiss authorities can and do issue legal orders that Proton must comply with.
Best for: Users who want a complete privacy ecosystem and largest network of other encrypted email users.
Tuta (formerly Tutanota) — Best Value
Why Consider It: Tuta is the only provider that encrypts subject lines by default. Their post-quantum cryptography implementation is ahead of competitors. Cheapest paid plan among serious providers.
Pricing
- Free: 1 GB storage, 1 calendar, 3 labels
- Revolutionary: €3/mo — 20 GB, 15 aliases, 3 custom domains, unlimited labels
- Legend: €8/mo — 500 GB, 30 aliases, 10 custom domains
Security Features
- End-to-end encryption INCLUDING subject lines
- Zero-knowledge architecture
- Post-quantum encryption (future-proofing against quantum computers)
- Open source clients
- Password-protected emails to non-users
- Encrypted address book and calendar
- No tracking, no ads
Limitations
- No PGP support (uses proprietary encryption)
- Smaller user base than ProtonMail
- No IMAP/POP3 (can't use third-party clients)
- German jurisdiction (can be compelled)
- Limited integrations
Jurisdiction: Germany
EU member state with strong GDPR protections. However, Germany is a 14 Eyes member. Tuta has fought legal battles to protect user privacy and won some cases.
Best for: Privacy-focused users who want subject line encryption and post-quantum security at a lower price.
Mailfence — Best Features
Why Consider It: Mailfence offers the most productivity features—calendar, contacts, documents, groups—while maintaining encryption. Best choice if you need a Gmail/Outlook replacement with collaboration tools.
Pricing
- Free: 500 MB storage, 1 email address
- Entry: €2.50/mo — 5 GB, 10 aliases
- Pro: €7.50/mo — 20 GB, 50 aliases, priority support
- Ultra: €25/mo — 50 GB, 100 aliases, custom domain
Security Features
- OpenPGP-based end-to-end encryption
- Digital signatures
- Two-factor authentication
- PGP interoperability (works with other PGP users)
- No tracking, no ads
Additional Features
- Calendar with sharing
- Contacts management
- Document storage
- Groups for collaboration
- IMAP/POP/SMTP support (use any email client)
Limitations
- Encryption is opt-in per message (not automatic)
- Smaller user base
- Less modern interface
- Not fully zero-knowledge (Mailfence can access unencrypted emails)
Jurisdiction: Belgium
EU member with strong privacy laws. Not ideal but not the worst. Belgian law requires data retention for certain requests.
Best for: Users who need collaboration features and want to use standard email clients via IMAP/SMTP.
StartMail — Best for Aliases
Why Consider It: StartMail excels at one thing: unlimited email aliases. If you need to compartmentalize your online identity across many services, StartMail makes this easy.
Pricing
- No free plan (7-day trial available)
- Personal: $5.99/mo — 10 GB, unlimited aliases
- Business: Custom pricing
Security Features
- PGP encryption (integrated)
- Password-protected emails to non-users
- Two-factor authentication
- Unlimited disposable aliases
- IMAP support
Limitations
- No free tier
- No calendar, contacts, or file storage
- Smaller company/user base
- Netherlands jurisdiction (14 Eyes member)
Jurisdiction: Netherlands
14 Eyes member, which is concerning. However, StartMail is run by the same team behind Startpage search engine, with a reasonable privacy track record.
Best for: Users who need many email aliases for different purposes (signups, shopping, work, personal).
Feature Comparison
| Feature | ProtonMail | Tuta | Mailfence | StartMail |
|---|---|---|---|---|
| Subject Line Encrypted | No | Yes | No | No |
| PGP Support | Yes | No | Yes | Yes |
| Post-Quantum Crypto | No | Yes | No | No |
| IMAP/SMTP | Bridge app | No | Yes | Yes |
| Calendar | Yes | Yes | Yes | No |
| Cloud Storage | Yes (Drive) | No | Yes | No |
| Open Source | Yes | Yes | No | No |
| Tor/Onion Site | Yes | Yes | No | No |
| 14 Eyes | No (Swiss) | Yes (German) | Yes (Belgian) | Yes (Dutch) |
The Adoption Problem
Here's the uncomfortable truth that encrypted email providers don't emphasize:
Encryption Requires Both Parties
If your contacts use Gmail, your encrypted email provider doesn't help much.
- ProtonMail to ProtonMail: Fully encrypted
- ProtonMail to Gmail: Encrypted in transit only (Google can read it)
- Password-protected option: Friction, rarely used in practice
This is why Signal (for messaging) has been more successful than encrypted email. Everyone in a Signal chat uses Signal. Email's federated nature means you can't control what your contacts use.
When Encrypted Email Actually Helps
- Within organizations: If your team all uses ProtonMail, everything is encrypted
- Between privacy-conscious users: Journalists, activists, researchers communicating with each other
- Protection at rest: Even emails from Gmail are encrypted on Proton's servers (just not in transit)
- Mass surveillance resistance: Makes bulk collection more difficult
- Data breach protection: If the provider is breached, encrypted emails remain protected
When Encrypted Email Doesn't Help
- Targeted attacks: Adversaries can subpoena your contacts, intercept before encryption
- Metadata analysis: Who you email, when, and how often is still visible
- Legal orders: Providers must comply with valid legal requests
- User error: Phishing, weak passwords, compromised devices bypass encryption
Our Recommendations
For Most Users: ProtonMail
Largest encrypted email network means more people can actually send you encrypted emails. Swiss jurisdiction. Complete ecosystem with VPN, Drive, Calendar.
For Budget Users: Tuta
€3/month for a solid encrypted email service. Subject line encryption and post-quantum cryptography are genuine advantages. Good choice if you don't need PGP interoperability.
For Collaboration: Mailfence
If you need calendar sharing, document storage, and contacts alongside email—and want to use standard email clients—Mailfence is the best choice.
For Alias Heavy Users: StartMail
Unlimited aliases for compartmentalization. If you sign up for many services and want different emails for each, StartMail makes this seamless.
Migration Tips
Switching from Gmail/Outlook
- Don't delete your old account immediately—set up forwarding first
- Update critical accounts (banking, government) to your new email first
- Use your new email for all new signups
- Gradually migrate existing accounts over weeks/months
- Keep your old address as a backup for 6-12 months
Import Options
- ProtonMail: Import from Gmail, Outlook, Yahoo, IMAP
- Tuta: Limited import options (manual or third-party tools)
- Mailfence: Import via IMAP
The Bottom Line
Summary
Encrypted email is worth using but isn't a silver bullet.
- Best overall: ProtonMail — largest user base, Swiss jurisdiction, complete ecosystem
- Best value: Tuta — cheapest, encrypts subject lines, post-quantum ready
- Best features: Mailfence — calendar, documents, IMAP support
Remember: the privacy benefit scales with how many of your contacts also use encrypted email. For truly sensitive communications, consider Signal or other end-to-end encrypted messengers where you control both ends.
Related Guides
- Secure Messaging Apps Comparison — Signal vs Session vs SimpleX
- Encrypted Cloud Storage Comparison — Proton Drive vs Tresorit
- Password Manager Comparison — Protect your email account
- VPN Strategy Guide — Hide your IP when accessing email