by

Secure and Private E-mail: A Provider Overview.

(2017-06-16) Due to time constraints (kids, work, life, etc), the feature matrix is no longer actively maintained. To get up-to-date information, I suggest you visit one of the many other similar sources on the internet. Good starting points are privacytools.io, prism-break.org, and That One Privacy Site.

It’s been almost two years now since I started to move my online presence away from the big, closed source, tech behemoths to open and more privacy focused companies. I’m now using Firefox (open source) for browsing, DuckDuckGo for anonymous internet searches, I’m syncing all my bookmarks to a private Firefox Sync Server, and I’m using a private OwnCloud server for online storage. You can read about how I did all that in my PRISM Break series of posts.

But I’m still stuck with Gmail. The main reason is that there are few, perhaps no, other companies that can provide the same kind of service Google does for free. But you know the saying: “If you’re not paying for it; you’re the product.” So I’ve realized that I have to pay a few bucks a year for a similar service somewhere else. And I’m fine with that. The upside is that I can start using an e-mail provider that focuses on encryption and privacy, something that might not be Google’s top priorities.

To get an overview of which providers are currently available and what kind of services they provide, I found six e-mail providers that on the surface seemingly can deliver what I’m looking for. All information in the table is provided to the best of my ability and is based on what I could dig up on the various provider’s sites. Pricing has been omitted because the different providers offer very different packages and the table would have grown way too large if I was to include all that information. All information should be correct as of the “last updated” date below, but always consult the latest information from the service provider. Note that some of the features only are available with paid premium accounts.

Feature matrix

Most recent update: 2017-03-21

Click here to toggle the changelog.

Changelog

  • 2017-03-21: Runbox: Changed “2FA” from PLANNED to YES.
  • 2017-02-25: CounterMail: Changed “Storage encryption” from NO to YES.
  • 2017-02-11: New provider: CounterMail.
  • 2017-02-11: digitalEnvelopes: Changed “Server location” from “UNKNOWN” to The Netherlands.
  • 2017-02-11: digitalEnvelopes: Changed website URL from “https://digitalenvelopes.email/” to “https://digitalenvelopes.eu/”.
  • 2016-12-29: ProtonMail: Changed “IMAP” from NO to PLANNED.
  • 2016-12-29: ProtonMail: Changed “SMTP” from NO to PLANNED.
  • 2016-12-02: ProtonMail: Changed “2FA” from PLANNED to YES.
  • 2016-09-15: Changed column header “Built-in E2EE” to “Hassle-free E2EE”.
  • 2016-09-15: New provider: digitalEnvelopes.
  • 2016-06-17: Mailfence: Changed “Mobile app” from NO to PLANNED.
  • 2016-06-17: Mailfence: Changed “Open source” from NO to PLANNED.
  • 2016-06-15: Mailfence: Changed “Bitcoin payment” from PLANNED to YES.
  • 2016-06-02: StartMail: Changed “Custom domains” from PLANNED to YES.
  • 2016-05-20: Mailfence: Changed “Bitcoin payment” from NO to PLANNED.
  • 2016-05-20: Mailfence: Changed “Warrant canary” from NO to YES.
  • 2016-05-20: Mailfence: Changed “Transparency report” from NO to YES.
  • 2016-05-20: Mailfence: Changed “Built-in E2EE” from NO to YES.
  • 2016-05-20: Mailfence: Changed “2FA” from NO to YES.
  • 2016-04-24: GhostMail: Changed “Server location” from Sweden to Switzerland.
  • 2016-04-24: ProtonMail: Changed “Warrant canary” from NO to YES.
  • 2016-04-24: ProtonMail: Changed provider URL from “protonmail.ch” to “protonmail.com”.
  • 2016-04-24: ProtonMail: Changed “Custom domain” from NO to YES.
  • 2016-04-24: ProtonMail: Changed “Mobile app” from NO to YES.
  • 2016-04-24: ProtonMail: Changed “Bitcoin payment” from NOT APPLICABLE to YES.
  • 2015-11-30: Whiteout Mail: Permanently removed provider from the matrix. Whiteout has announced end-of-life for their cloud services.
  • 2015-09-09: GhostMail: Changed “Open source” from PLANNED to YES.
  • 2015-09-08: New provider: StartMail.
  • 2015-09-04: New provider: Whiteout Mail.
  • 2015-08-23: FastMail: Updated “Server location” to contain both The Netherlands and USA and updated footnote (4) with additional clarifications.
  • 2015-08-22: Posteo: Changed “Built-in E2EE” from YES to NO.
  • 2015-08-21: Changed column “E2EE” to “Built-in E2EE”. Does the provider have built-in support end-to-end encryption without the end user having to use PGP, GPG or similar software?
  • 2015-08-21: Changed column “Outlook support” to “Outlook plugin”. Does the provider have a plugin for Outlook that supports end-to-end encryption without the end user having to use PGP, GPG or similar software?
  • 2015-08-20: Lavaboom: Permanently removed provider from the matrix. Lavaboom has declared bankruptcy: Source 1, source 2, source 3.
  • 2015-08-19: Lavaboom: Temporarily removed provider from the matrix because of dead warrant canary and rumors of bankruptcy.
  • 2015-08-18: Providers are now listed in alphabetical order.
  • 2015-08-18: New provider: GhostMail.
  • 2015-08-16: Added “Transparency report” column for all providers. Also, see footnote (2)
  • 2015-08-16: Added “Bitcoin payment” column for all providers.
  • 2015-08-14: Posteo: Added “Custom domain” footnote (5).
  • 2015-08-14: Posteo: Changed “Import e-mail” from NO to YES.
  • 2015-08-14: Posteo: Changed “Open source” from NO to YES.
  • 2015-08-14: New provider: Posteo.
  • 2015-08-06: Mailbox.org: Updated “Open source” footnote with link to source code.
  • 2015-08-03: Mailfence: Changed “Storage encryption” from UNKNOWN to PLANNED.
  • 2015-08-03: Mailfence: Changed “2FA” from NO to PLANNED.
  • 2015-08-03: Mailfence: Changed “Import e-mails” from UNKNOWN to YES.
  • 2015-08-03: Mailbox.org: Changed “Open source” from NO to YES (but see footnote (3) below the feature matrix).
  • 2015-08-03: Mailbox.org: Changed “Mobile app” from NO to PLANNED.
  • 2015-08-03: Mailbox.org: Changed “Storage encryption” from UNKNOWN to YES.
  • 2015-08-02: ProtonMail: Changed “Import contacts” from PLANNED to YES.
  • 2015-08-02: ProtonMail: Changed “Import contacts” from PLANNED to YES.
  • 2015-08-02: ProtonMail: Changed “Mobile app” from NO to PLANNED.
  • 2015-08-02: ProtonMail: Changed “Open source” from NO to YES.
  • 2015-08-02: ProtonMail: Changed “Warranty canary” from NO to YES.
  • 2015-08-01: Tutanota: Changed “2FA” from NO to PLANNED.
Custom domain
Import e-mail
Import contacts
Mobile app
2FA
Outlook plugin6)
Webmail
SMTP
POP3
IMAP
Hassle-free E2EE1)
Storage encryption
Open source
Transparency report2)
Warrant canary2)
Bitcoin payment
Server location
FastMail 7) 8) USA The Netherlands 4)
GhostMail Switzerland
mailbox.org 3) Germany
Mailfence Belgium
Posteo 5) Germany
ProtonMail Switzerland
Runbox Norway
StartMail The Netherlands
Tutanota Germany
digitalEnvelopes The Netherlands
CounterMail 9) Sweden

    = Yes     = Planned     = No     = Unknown     = Not Applicable

1) Does the provider have built-in support end-to-end encryption without the end user having to use PGP, GPG or other third party software or plugins?

2) Some providers might have a transparency report and call it a warrant canary and vice versa – but they are not interchangeable, and it’s important to know the difference to now get a false sense of security. Have a look at the Wikipedia articles for Transparency Report and Warrant Canary for details.

3) Mailbox.org has provided an URL to the source code in a comment below, but I still can’t find any link on their website.

4) According to FastMail their servers are located in New York, USA, but they are an Australian company and “won’t release any data without the required legal authorisation from an Australian court.” I’m honestly not sure how that will work in practice since the servers with your e-mails are physically located in the US. According to this comment, FastMail also have servers located in The Netherlands, and “messages are replicated between data centres to ensure redundancy. There is no user control over this at the moment.”

5) Custom domains are not available on Posteo by design. Please see their FAQ for more information.

6) Does the provider have a plugin for Outlook that supports end-to-end encryption without the end user having to use PGP, GPG or similar software?

7) According to this comment, FastMail “use (and contribute) an awful lot of open-source software (for example we are the major contributors to Cyrus, one of the two big open-source email servers), however we have proprietary software as well.”

8) According to this comment, FastMail “don’t have a warrant canary, as we have yet to see any sound legal basis for these (the main legal advice we’ve had is that using a warrant canary would essentially be violating any law prohibiting disclosure of a court order).”

9) 2FA is offered by CounterMail as a premium add-on, and is supported by their own propitiatory technology.

Some words on trust

As long as you don’t self host, encrypted and private e-mail is a matter of trust. You basically have to trust that the provider is actually running the service in the manner that they advertise. Do they encrypt like they say? Are they servers indeed located in a country out of reach of overzealous government agencies? If they state that their software is open source, is the code you see really the code running on their servers? All this might sound somewhat paranoid, but if you want true encrypted and private e-mails, and not just the illusion of it, you have to be a bit paranoid and look at the possible scenarios.

Self-hosting

The only way to be absolutely sure that your e-mail stay encrypted and private is to self-host, that is to host your own e-mail service on a server that you control physically, and encrypt with keys you control. For most people, that would mean on a server located where they live, but setting up something like that is not for Average Joe. You also have to use an ISP that allows privately hosted mail servers and in a world where most of us only have one or two ISP operating in our area, that might not be possible. If you’re tech savvy enough to set up and maintain an e-mail server, and your ISP allows you to host it on their network, you’re still at the mercy of your internet connection’s uptime and availability. Some times your internet connection will go down, and in my experience, ISPs don’t actually scramble to get it fixed. An e-mail server being offline can be a major inconvenience when you’re trying to check in at the airport and your ticket is in an e-mail on your unavailable e-mail server.

If you want to give self-hosting a try, though, the Mail-in-a-box project might be something you should consider having a look at.

Other great sources for privacy tools and information about how to opt out of global data surveillance programs are privacytools.io, prism-break.org, and That One Privacy Site.

Write a Comment

Comment

18 + = 20

55 Comments

  1. mailbox.org is running completely on Open Source Software (OX AppSuite, Postfix, Dovecot and some Linux Basics). We’re using storage encryption and our own App is planned to be released during the next few weeks. Please fix. ;-)

    • I’ve been using your Help/FAQ page as basis to gather the information about mailbox.org in the feature matrix. From there, I can’t really find any link to the source code repository. Neither any mentioning of the app. Can you please provide links?

      I’ve updated the storage encryption feature in the matrix based on the information provided on the mailbox.org page about encrypted mailboxes.

  2. @vegardskjefstad Great overview.
    Some inaccuracies regarding mailfence:
    – Users can import their existing mail in Mailfence (from .eml or through imap)
    – We will be launching 2FA very soon as well as openpgp encryption through the webbrowser
    – Storage encryption is in our roadmap

    If you get in touch at patrick@mailfence.com , we’ll be happy to give you more info.

    Tx,

    Patrick

    • Thanks a lot for providing this information. It’s really hard to find it on your website. I think I read through pretty much everything and there is, for instance, no information about importing e-mail (only contacts).

      I’ll update the feature matrix based on you comment above, but also mentioning it on your website would probably be of a lot of help to potential users.

  3. A few quick clarifications (I work for FastMail):

    1. I think our privacy policy discloses the data you’re looking for in the transparency report: https://www.fastmail.com/about/privacy.html (namely, we only return data in response to Australian court orders for specific accounts, and as a guideline, in the last year we disclosed information on fewer than 50 accounts.)
    2. All data is stored on fully encrypted drives see https://www.fastmail.com/help/technical/architecture.html)
    3. We also have servers in Amsterdam as well as the US.
    4. We don’t have a warrant canary, as we have yet to see any sound legal basis for these (the main legal advice we’ve had is that using a warrant canary would essentially be violating any law prohibiting disclosure of a court order).
    5. We use (and contribute) an awful lot of open-source software (for example we are the major contributors to Cyrus, one of the two big open-source email servers), however we have proprietary software as well.

    Cheers!

    • Thanks a lot for this information. Here are my thoughts:

      1. I’m not sure if I agree that the information in the privacy policy qualifies as a transparency report, at least not compared to the transparency reports presented by a lot of other companies. Yes, it contains some information about the number of accounts you disclosed information on, but it’s well hidden inside the privacy policy.
      2. I’ve upgraded the feature matrix accordingly.
      3. How can I make sure my e-mails are stored in Amsterdam and not in the US?
      4. I’ve added this information as a footnote.
      5. I’ve added this information as a footnote.

  4. Hello,
    @vegardskjefstad: As a follow-up to my previous post, I would like highlight following updates.
    2FA: Yes
    Built-in E2EE: Yes
    Transparency report: Yes
    Warrant Canary: Yes
    Bitcoin payment: Planned

    For more details, you can contact us at support@mailfence.com, and we’ll be happy to address any of your further queries.

    Thanking you for your time.

    – Mailfence Team

    • Thank you for providing this information, the feature matrix has been updated accordingly. As an observation, you should perhaps consider linking directly to the transparency report and warrant canary from your home page or somewhere else so it’s a bit easier to find. I had to use Google to find it.

  5. Great list. I was putting my own together and came across yours. A few things that may be worth adding to the grid…

    1) Support of OpenPGP/GPG – I know you have a box about not having to have this but actually supporting this is quite crucial. Email providers that do support this allow e2e encryption between two different services. Protonmail for example can only receive and not send, Tutanota doesn’t support this at all whereas users of Mailbox.org and Posteo could do this.

    2) Support for symmetric encryption. Protonmail, Startmail, Tutanota and Mailbox.org allow users to send links to a message whereby the recipient inputs a password

    3) You have a lot of providers here but possibly KolabNow could be added to?

    4) In addition to POP and IMAP, how about adding those that support ActiveSync? For those users that wish to move away from Gmail etc, they may find the lack of push email a disappointment if not supported by some of the above providers.

    Many thanks

    • All great suggestions. Unfortunately, gathering all this information, extending the feature matrix, and adding a new provider, will require a lot of time that I don’t have now.

      Will your own list be available online? I’d like to link to it if possible.

      • I hadn’t intended to but I will look at doing so. I will do some further research first. To be honest your catalogue is the most complete! I need to look further into ActiveSync. The support for it is somewhat limited in providers such as Mailbox.org when you use aliases. Fastmail has support for push IMAP which achieves much the same and they seem to stand out with this compared to the competition.

  6. Like the comparison table. Since you commented about gmail (yahoo included, in my case) which is the reason of your work, why not you include gmail and/or yahoo into the comparison table? This is to show where gmail/yahoo in comparison with these “privacy/security” oriented mail services. Thanks.

      • It has also a backend at https://fossa.me which serves as free Certificate Authority (CA) and online registry for X.509 certificates so can be interesting as a solution which delegates identity to Google, email transport to Gmail.

        We try to build a solution with a focus on usability and a minimal possible security compromise for our users.

  7. Could you include countermail.com in your list, to show how it stacks up? I’m not affiliated with countermail, but came across them when doing my own search for more private email.

    • Great stuff, thanks for the information. I’ve updated the feature matrix. I wish they’d taken the time to announce this on their Twitter account, though.

  8. Some additional info on ProtonMail. ProtonMail’s back end server is proprietary whereas its front end being open source.

  9. You’ve got some interesting options for provider here – some which are hard to find. My own research has been drawing me towards LuxSci. Any chance they could make it into the matrix, please?

    • Thanks a lot for the suggestion. The guide is focused on e-mail providers that promote themselves with a focus on privacy and security. As far as I tell, Migadu.com’s main focus is that they use an uncommon business plan to differentiate themselves from the competition. Because of that, I’ve decided not to add them to the feature matrix.

  10. utistici / inventati ?
    Sorry to add to the work load but your info seems to be the most detailed and complete of any available .. Could you consider adding u/i … Many many people seem interested to be matching out of big bizz email traps. Your efforts are really commendable!

  11. look at scryptmail – if I were to trust a webapp – this would be it.
    open source. Tor ready. easy encryption. import certificate option. disposable adresses. Really like it.