🟒 Trust Rating: High

ProtonMail offers strong encryption and Swiss privacy laws, though metadata logging and account recovery limitations exist.

What is ProtonMail?

ProtonMail is an end-to-end encrypted email service based in Switzerland, launched in 2014 by CERN scientists. It's become the go-to secure email for journalists, activists, and privacy-conscious users, though a 2021 logging incident raised important questions about its limitations.

Key Features

Security Architecture

  • End-to-end encryption - Automatic between ProtonMail users
  • Zero-access encryption - Emails encrypted at rest
  • PGP support - For external recipients
  • Two-password mode - Separate login and mailbox passwords
  • Self-destructing emails - Expire after set time

Privacy Features

  • Swiss jurisdiction - Strong privacy laws
  • No IP logging - By default (see controversy below)
  • Anonymous signup - Tor/VPN allowed
  • Open source - Clients are audited
  • No tracking - No ads or analytics

The 2021 French Activist Incident

What happened:

ProtonMail provided IP logs to Swiss authorities for a French climate activist after a request from Europol. This contradicted their "no IP logging" marketing claims.

The reality:
  • ProtonMail can be legally compelled to start logging
  • They must comply with Swiss court orders
  • Logging is targeted, not blanket
  • They notify users when legally allowed
Lessons learned:
  • Always use Tor/VPN with ProtonMail
  • Swiss law still requires compliance
  • Marketing claims vs. legal reality
  • No service is above the law

Pricing Structure

Free Plan

  • 1 GB storage
  • 150 messages/day
  • 1 email address
  • Limited support

Plus Plan ($4.99/month)

  • 15 GB storage
  • Unlimited messages
  • 10 email addresses
  • Custom domains
  • Priority support

Professional ($7.99/month)

  • Multiple users
  • Catch-all emails
  • Multi-user support

Visionary ($29.99/month)

  • ProtonMail + ProtonVPN + ProtonDrive
  • 3 TB total storage
  • 50 email addresses
  • 10 VPN connections

Technical Details

Encryption Methods

```

Between ProtonMail users:

  • Automatic E2EE
  • No key exchange needed
  • Zero-knowledge architecture

To external recipients:

  • Password-protected emails
  • PGP encryption (manual)
  • Expiring messages option

```

What's Encrypted

βœ… Email body content

βœ… Attachments

βœ… Email subjects (in v4.0+)

What's NOT Encrypted

❌ Sender/recipient addresses

❌ Timestamps

❌ IP addresses (can be logged if ordered)

❌ Subject lines (to non-ProtonMail users)

ProtonMail vs. Alternatives

ProtonMail vs. Tutanota

  • ProtonMail: Swiss, PGP compatible, more expensive
  • Tutanota: German, proprietary encryption, cheaper

ProtonMail vs. Gmail

  • ProtonMail: E2EE, no ads, limited storage
  • Gmail: No E2EE, data mining, 15GB free

ProtonMail vs. Self-Hosted

  • ProtonMail: Easy, maintained, legal protection
  • Self-Hosted: Full control, complex, no legal shield

Security Considerations

Strengths

βœ… Strong encryption implementation

βœ… Regular security audits

βœ… Bug bounty program

βœ… Onion site available

βœ… No JavaScript mode option

Weaknesses

❌ Metadata still visible

❌ Web client security limitations

❌ Account recovery challenges

❌ Swiss law compliance required

❌ Closed source server

When to Use ProtonMail

Perfect For

  • Journalists protecting sources
  • Activists organizing legally
  • Business confidential communications
  • Personal privacy from tech giants
  • International communications

Not Ideal For

  • Illegal activities (will comply with law)
  • Nation-state level threats
  • Complete anonymity needs
  • Large attachment requirements

Setup Best Practices

Account Creation

  1. Use Tor or VPN for signup
  2. Choose strong password (20+ characters)
  3. Enable 2FA immediately
  4. Save recovery codes offline
  5. Use anonymous payment if upgrading

Ongoing Security

  • Access only via Tor/VPN
  • Use ProtonMail apps, not web
  • Enable two-password mode
  • Regularly update recovery email
  • Monitor account logs

Advanced Features

ProtonMail Bridge

Desktop email client integration:

  • Use Thunderbird, Outlook
  • Maintains E2EE
  • Local email storage
  • Requires paid plan

Custom Domains

  • Use your own domain
  • Multiple addresses
  • Professional appearance
  • Catch-all option

Organization Features

  • Sub-users
  • Admin panel
  • Shared addresses
  • Compliance tools

Common Issues

Account Recovery

⚠️ Critical: If you forget your password, emails are permanently lost. ProtonMail cannot decrypt them.

Prevention:
  • Use password manager
  • Set recovery email
  • Save emergency kit
  • Regular backups

Sending Limits

Free accounts limited to prevent spam:

  • 150 messages/day
  • 3 messages/hour to new recipients
  • Upgrade for higher limits

Integration with Proton Ecosystem

ProtonVPN

  • Same account
  • Swiss privacy
  • Free tier available
  • Bundle discounts

ProtonDrive

  • Encrypted cloud storage
  • End-to-end encryption
  • File sharing
  • Photo backup

ProtonCalendar

  • Encrypted calendar
  • Event reminders
  • Shared calendars
  • Mobile apps

Government Requests

Transparency Report Data

  • Complies with ~3000 requests/year
  • Can only provide limited metadata
  • Cannot decrypt email contents
  • Publishes transparency reports

What They Can Provide

  • Account creation date
  • Last login time
  • IP addresses (if logging ordered)
  • Recovery email (if provided)
  • Payment information

What They Cannot Provide

  • Email contents (encrypted)
  • Contacts
  • Calendar entries
  • Drive files

Tips for Maximum Privacy

Operational Security

  1. Always use Tor - Hide your IP
  2. Separate identities - Don't mix accounts
  3. Anonymous payment - Bitcoin or cash
  4. Unique passwords - Never reuse
  5. Compartmentalization - Different purposes

Avoid

  • Using real name in address
  • Linking to phone number
  • Same password as other accounts
  • Accessing without VPN/Tor
  • Sending sensitive data in subject lines

The Bottom Line

Use ProtonMail when:
  • You need encrypted email
  • Swiss jurisdiction appeals
  • Ease of use matters
  • You understand the limitations
Consider alternatives when:
  • Complete anonymity required
  • Nation-state adversary
  • Need self-hosting control
  • Budget is very tight

Ready for Encrypted Email?

Start with ProtonMail's free tier to test the service before upgrading.

Get ProtonMail β†’

Frequently Asked Questions

Is ProtonMail really secure?

Yes, the encryption is solid. But remember: they must comply with Swiss law and can be ordered to log specific accounts.

Can ProtonMail read my emails?

No. Emails are encrypted with your password. Even ProtonMail cannot decrypt them.

Is the free version sufficient?

For basic use, yes. Limited storage (1GB) and sending limits may require upgrading.

Should I use ProtonMail for illegal activities?

Absolutely not. They will comply with valid legal requests. No email service is above the law.

Can I use ProtonMail with my email client?

Yes, with ProtonMail Bridge (paid plans only). Maintains encryption while using Thunderbird, Outlook, etc.

Additional Resources

--- Last updated: November 30, 2025 ProtonMail remains one of the best encrypted email options despite limitations. Understanding what it can and cannot protect is crucial.