π’ Trust Rating: High
ProtonMail offers strong encryption and Swiss privacy laws, though metadata logging and account recovery limitations exist.
What is ProtonMail?
ProtonMail is an end-to-end encrypted email service based in Switzerland, launched in 2014 by CERN scientists. It's become the go-to secure email for journalists, activists, and privacy-conscious users, though a 2021 logging incident raised important questions about its limitations.
Key Features
Security Architecture
- End-to-end encryption - Automatic between ProtonMail users
- Zero-access encryption - Emails encrypted at rest
- PGP support - For external recipients
- Two-password mode - Separate login and mailbox passwords
- Self-destructing emails - Expire after set time
Privacy Features
- Swiss jurisdiction - Strong privacy laws
- No IP logging - By default (see controversy below)
- Anonymous signup - Tor/VPN allowed
- Open source - Clients are audited
- No tracking - No ads or analytics
The 2021 French Activist Incident
What happened:ProtonMail provided IP logs to Swiss authorities for a French climate activist after a request from Europol. This contradicted their "no IP logging" marketing claims.
The reality:- ProtonMail can be legally compelled to start logging
- They must comply with Swiss court orders
- Logging is targeted, not blanket
- They notify users when legally allowed
- Always use Tor/VPN with ProtonMail
- Swiss law still requires compliance
- Marketing claims vs. legal reality
- No service is above the law
Pricing Structure
Free Plan
- 1 GB storage
- 150 messages/day
- 1 email address
- Limited support
Plus Plan ($4.99/month)
- 15 GB storage
- Unlimited messages
- 10 email addresses
- Custom domains
- Priority support
Professional ($7.99/month)
- Multiple users
- Catch-all emails
- Multi-user support
Visionary ($29.99/month)
- ProtonMail + ProtonVPN + ProtonDrive
- 3 TB total storage
- 50 email addresses
- 10 VPN connections
Technical Details
Encryption Methods
```
Between ProtonMail users:
- Automatic E2EE
- No key exchange needed
- Zero-knowledge architecture
To external recipients:
- Password-protected emails
- PGP encryption (manual)
- Expiring messages option
```
What's Encrypted
β Email body content
β Attachments
β Email subjects (in v4.0+)
What's NOT Encrypted
β Sender/recipient addresses
β Timestamps
β IP addresses (can be logged if ordered)
β Subject lines (to non-ProtonMail users)
ProtonMail vs. Alternatives
ProtonMail vs. Tutanota
- ProtonMail: Swiss, PGP compatible, more expensive
- Tutanota: German, proprietary encryption, cheaper
ProtonMail vs. Gmail
- ProtonMail: E2EE, no ads, limited storage
- Gmail: No E2EE, data mining, 15GB free
ProtonMail vs. Self-Hosted
- ProtonMail: Easy, maintained, legal protection
- Self-Hosted: Full control, complex, no legal shield
Security Considerations
Strengths
β Strong encryption implementation
β Regular security audits
β Bug bounty program
β Onion site available
β No JavaScript mode option
Weaknesses
β Metadata still visible
β Web client security limitations
β Account recovery challenges
β Swiss law compliance required
β Closed source server
When to Use ProtonMail
Perfect For
- Journalists protecting sources
- Activists organizing legally
- Business confidential communications
- Personal privacy from tech giants
- International communications
Not Ideal For
- Illegal activities (will comply with law)
- Nation-state level threats
- Complete anonymity needs
- Large attachment requirements
Setup Best Practices
Account Creation
- Use Tor or VPN for signup
- Choose strong password (20+ characters)
- Enable 2FA immediately
- Save recovery codes offline
- Use anonymous payment if upgrading
Ongoing Security
- Access only via Tor/VPN
- Use ProtonMail apps, not web
- Enable two-password mode
- Regularly update recovery email
- Monitor account logs
Advanced Features
ProtonMail Bridge
Desktop email client integration:
- Use Thunderbird, Outlook
- Maintains E2EE
- Local email storage
- Requires paid plan
Custom Domains
- Use your own domain
- Multiple addresses
- Professional appearance
- Catch-all option
Organization Features
- Sub-users
- Admin panel
- Shared addresses
- Compliance tools
Common Issues
Account Recovery
β οΈ Critical: If you forget your password, emails are permanently lost. ProtonMail cannot decrypt them.
Prevention:- Use password manager
- Set recovery email
- Save emergency kit
- Regular backups
Sending Limits
Free accounts limited to prevent spam:
- 150 messages/day
- 3 messages/hour to new recipients
- Upgrade for higher limits
Integration with Proton Ecosystem
ProtonVPN
- Same account
- Swiss privacy
- Free tier available
- Bundle discounts
ProtonDrive
- Encrypted cloud storage
- End-to-end encryption
- File sharing
- Photo backup
ProtonCalendar
- Encrypted calendar
- Event reminders
- Shared calendars
- Mobile apps
Government Requests
Transparency Report Data
- Complies with ~3000 requests/year
- Can only provide limited metadata
- Cannot decrypt email contents
- Publishes transparency reports
What They Can Provide
- Account creation date
- Last login time
- IP addresses (if logging ordered)
- Recovery email (if provided)
- Payment information
What They Cannot Provide
- Email contents (encrypted)
- Contacts
- Calendar entries
- Drive files
Tips for Maximum Privacy
Operational Security
- Always use Tor - Hide your IP
- Separate identities - Don't mix accounts
- Anonymous payment - Bitcoin or cash
- Unique passwords - Never reuse
- Compartmentalization - Different purposes
Avoid
- Using real name in address
- Linking to phone number
- Same password as other accounts
- Accessing without VPN/Tor
- Sending sensitive data in subject lines
The Bottom Line
Use ProtonMail when:- You need encrypted email
- Swiss jurisdiction appeals
- Ease of use matters
- You understand the limitations
- Complete anonymity required
- Nation-state adversary
- Need self-hosting control
- Budget is very tight
Ready for Encrypted Email?
Start with ProtonMail's free tier to test the service before upgrading.
Get ProtonMail βFrequently Asked Questions
Is ProtonMail really secure?
Yes, the encryption is solid. But remember: they must comply with Swiss law and can be ordered to log specific accounts.
Can ProtonMail read my emails?
No. Emails are encrypted with your password. Even ProtonMail cannot decrypt them.
Is the free version sufficient?
For basic use, yes. Limited storage (1GB) and sending limits may require upgrading.
Should I use ProtonMail for illegal activities?
Absolutely not. They will comply with valid legal requests. No email service is above the law.
Can I use ProtonMail with my email client?
Yes, with ProtonMail Bridge (paid plans only). Maintains encryption while using Thunderbird, Outlook, etc.