Encrypted Email Comparison: Which Provider Actually Protects You?

The Hard Truth About Encrypted Email

Encryption only works when both sides use it. If you send encrypted email to someone using Gmail, your message is decrypted the moment it reaches Google's servers. The privacy benefit of encrypted email depends entirely on adoption—both by you AND the people you communicate with.

This is the fundamental limitation no provider can solve. Encrypted email protects you from mass surveillance, not targeted attacks by sophisticated adversaries who can simply subpoena your contacts.

RIP Skiff Mail (2021-2024)

Skiff was acquired by Notion in February 2024 and shut down in August 2024. This is exactly why we're cautious about recommending VC-funded privacy startups. Proton has been operating since 2014. Tuta (formerly Tutanota) since 2011. Track record matters.

Source: TechCrunch

Quick Comparison Table

Provider Free Storage Paid Price Jurisdiction Our Rating
ProtonMail 1 GB €4.99/mo Switzerland Best Overall
Tuta 1 GB €3/mo Germany Best Value
Mailfence 500 MB €2.50/mo Belgium Best Features
StartMail None $5.99/mo Netherlands Best Aliases
Skiff Shut Down

What "Encrypted Email" Actually Means

Before choosing a provider, understand what encryption protects—and what it doesn't:

What End-to-End Encryption Protects

  • Email content: The body of your messages, encrypted so only sender and recipient can read them
  • Attachments: Files you send are also encrypted
  • Stored emails: Emails at rest on the provider's servers remain encrypted

What Encryption Does NOT Protect

  • Subject lines: Often visible to the provider and in transit (Tuta encrypts these; others don't)
  • Metadata: Who you email, when, how often—still visible
  • Emails to non-users: Messages to Gmail/Outlook are only encrypted in transit
  • IP address: Your provider knows your IP unless you use Tor/VPN
  • Legal orders: Providers can be compelled to provide metadata and future emails

The ProtonMail IP Logging Incident

In 2021, ProtonMail provided the IP address and browser fingerprint of a French climate activist to Swiss authorities under a legal order. The email content remained encrypted—they couldn't read it—but metadata was handed over. Lesson: Use Tor or a VPN if IP anonymity is critical to your threat model.

Detailed Provider Breakdown

ProtonMail — Best Overall

Why We Recommend It: ProtonMail has the largest user base among encrypted email providers, which matters for network effects. Swiss jurisdiction provides strong legal privacy protections. The ecosystem (Drive, VPN, Calendar, Pass) is the most complete.

Pricing

  • Free: 1 GB storage, 1 email address, 150 messages/day
  • Mail Plus: €4.99/mo — 15 GB, 10 addresses, 1 custom domain
  • Proton Unlimited: €12.99/mo — 500 GB, VPN, Drive, Pass included
  • Proton Duo: €19.99/mo — 2 users, 2 TB shared storage

Security Features

  • End-to-end encryption (AES-256, RSA, PGP)
  • Zero-access encryption (Proton cannot read your emails)
  • Open source clients (audited)
  • Password-protected emails to non-Proton users
  • Onion site for Tor access
  • Dark web monitoring (paid plans)

Limitations

  • Subject lines NOT encrypted (visible to Proton)
  • Has complied with legal orders for metadata
  • Free tier is limited (150 messages/day)
  • Bridge app required for desktop clients

Jurisdiction: Switzerland

Not in 14 Eyes alliance. Strong privacy laws. However, Swiss authorities can and do issue legal orders that Proton must comply with.

Best for: Users who want a complete privacy ecosystem and largest network of other encrypted email users.

Try ProtonMail →

Tuta (formerly Tutanota) — Best Value

Why Consider It: Tuta is the only provider that encrypts subject lines by default. Their post-quantum cryptography implementation is ahead of competitors. Cheapest paid plan among serious providers.

Pricing

  • Free: 1 GB storage, 1 calendar, 3 labels
  • Revolutionary: €3/mo — 20 GB, 15 aliases, 3 custom domains, unlimited labels
  • Legend: €8/mo — 500 GB, 30 aliases, 10 custom domains

Security Features

  • End-to-end encryption INCLUDING subject lines
  • Zero-knowledge architecture
  • Post-quantum encryption (future-proofing against quantum computers)
  • Open source clients
  • Password-protected emails to non-users
  • Encrypted address book and calendar
  • No tracking, no ads

Limitations

  • No PGP support (uses proprietary encryption)
  • Smaller user base than ProtonMail
  • No IMAP/POP3 (can't use third-party clients)
  • German jurisdiction (can be compelled)
  • Limited integrations

Jurisdiction: Germany

EU member state with strong GDPR protections. However, Germany is a 14 Eyes member. Tuta has fought legal battles to protect user privacy and won some cases.

Best for: Privacy-focused users who want subject line encryption and post-quantum security at a lower price.

Try Tuta →

Mailfence — Best Features

Why Consider It: Mailfence offers the most productivity features—calendar, contacts, documents, groups—while maintaining encryption. Best choice if you need a Gmail/Outlook replacement with collaboration tools.

Pricing

  • Free: 500 MB storage, 1 email address
  • Entry: €2.50/mo — 5 GB, 10 aliases
  • Pro: €7.50/mo — 20 GB, 50 aliases, priority support
  • Ultra: €25/mo — 50 GB, 100 aliases, custom domain

Security Features

  • OpenPGP-based end-to-end encryption
  • Digital signatures
  • Two-factor authentication
  • PGP interoperability (works with other PGP users)
  • No tracking, no ads

Additional Features

  • Calendar with sharing
  • Contacts management
  • Document storage
  • Groups for collaboration
  • IMAP/POP/SMTP support (use any email client)

Limitations

  • Encryption is opt-in per message (not automatic)
  • Smaller user base
  • Less modern interface
  • Not fully zero-knowledge (Mailfence can access unencrypted emails)

Jurisdiction: Belgium

EU member with strong privacy laws. Not ideal but not the worst. Belgian law requires data retention for certain requests.

Best for: Users who need collaboration features and want to use standard email clients via IMAP/SMTP.

Try Mailfence →

StartMail — Best for Aliases

Why Consider It: StartMail excels at one thing: unlimited email aliases. If you need to compartmentalize your online identity across many services, StartMail makes this easy.

Pricing

  • No free plan (7-day trial available)
  • Personal: $5.99/mo — 10 GB, unlimited aliases
  • Business: Custom pricing

Security Features

  • PGP encryption (integrated)
  • Password-protected emails to non-users
  • Two-factor authentication
  • Unlimited disposable aliases
  • IMAP support

Limitations

  • No free tier
  • No calendar, contacts, or file storage
  • Smaller company/user base
  • Netherlands jurisdiction (14 Eyes member)

Jurisdiction: Netherlands

14 Eyes member, which is concerning. However, StartMail is run by the same team behind Startpage search engine, with a reasonable privacy track record.

Best for: Users who need many email aliases for different purposes (signups, shopping, work, personal).

Try StartMail →

Feature Comparison

Feature ProtonMail Tuta Mailfence StartMail
Subject Line Encrypted No Yes No No
PGP Support Yes No Yes Yes
Post-Quantum Crypto No Yes No No
IMAP/SMTP Bridge app No Yes Yes
Calendar Yes Yes Yes No
Cloud Storage Yes (Drive) No Yes No
Open Source Yes Yes No No
Tor/Onion Site Yes Yes No No
14 Eyes No (Swiss) Yes (German) Yes (Belgian) Yes (Dutch)

The Adoption Problem

Here's the uncomfortable truth that encrypted email providers don't emphasize:

Encryption Requires Both Parties

If your contacts use Gmail, your encrypted email provider doesn't help much.

  • ProtonMail to ProtonMail: Fully encrypted
  • ProtonMail to Gmail: Encrypted in transit only (Google can read it)
  • Password-protected option: Friction, rarely used in practice

This is why Signal (for messaging) has been more successful than encrypted email. Everyone in a Signal chat uses Signal. Email's federated nature means you can't control what your contacts use.

When Encrypted Email Actually Helps

  • Within organizations: If your team all uses ProtonMail, everything is encrypted
  • Between privacy-conscious users: Journalists, activists, researchers communicating with each other
  • Protection at rest: Even emails from Gmail are encrypted on Proton's servers (just not in transit)
  • Mass surveillance resistance: Makes bulk collection more difficult
  • Data breach protection: If the provider is breached, encrypted emails remain protected

When Encrypted Email Doesn't Help

  • Targeted attacks: Adversaries can subpoena your contacts, intercept before encryption
  • Metadata analysis: Who you email, when, and how often is still visible
  • Legal orders: Providers must comply with valid legal requests
  • User error: Phishing, weak passwords, compromised devices bypass encryption

Our Recommendations

For Most Users: ProtonMail

Largest encrypted email network means more people can actually send you encrypted emails. Swiss jurisdiction. Complete ecosystem with VPN, Drive, Calendar.

Get ProtonMail →

For Budget Users: Tuta

€3/month for a solid encrypted email service. Subject line encryption and post-quantum cryptography are genuine advantages. Good choice if you don't need PGP interoperability.

Get Tuta →

For Collaboration: Mailfence

If you need calendar sharing, document storage, and contacts alongside email—and want to use standard email clients—Mailfence is the best choice.

Get Mailfence →

For Alias Heavy Users: StartMail

Unlimited aliases for compartmentalization. If you sign up for many services and want different emails for each, StartMail makes this seamless.

Get StartMail →

Migration Tips

Switching from Gmail/Outlook

  1. Don't delete your old account immediately—set up forwarding first
  2. Update critical accounts (banking, government) to your new email first
  3. Use your new email for all new signups
  4. Gradually migrate existing accounts over weeks/months
  5. Keep your old address as a backup for 6-12 months

Import Options

  • ProtonMail: Import from Gmail, Outlook, Yahoo, IMAP
  • Tuta: Limited import options (manual or third-party tools)
  • Mailfence: Import via IMAP

The Bottom Line

Summary

Encrypted email is worth using but isn't a silver bullet.

  • Best overall: ProtonMail — largest user base, Swiss jurisdiction, complete ecosystem
  • Best value: Tuta — cheapest, encrypts subject lines, post-quantum ready
  • Best features: Mailfence — calendar, documents, IMAP support

Remember: the privacy benefit scales with how many of your contacts also use encrypted email. For truly sensitive communications, consider Signal or other end-to-end encrypted messengers where you control both ends.

Related Guides

References

  1. ProtonMail Pricing
  2. Tuta Pricing
  3. Mailfence Pricing
  4. TechCrunch - Notion Acquires Skiff
  5. ProtonMail - Statement on French Activist Case