Choosing an email service that respects your privacy can be a daunting task. With so many providers promising private email, it can be hard to know not only how they differ but also what flavor of email privacy they offer.
There are many shades of email privacy depending on the underlying technology and mode of trust, ranging from trusting your email service to do the right thing to zero trust and zero knowledge.
- Email Privacy Between You & Big Tech
- Email Privacy through Self-Hosting
- Email Privacy as Not Being a Product
- Email Privacy as Optional Encryption
- Email Privacy as Encryption by Default
- Bonus: Preventing Email Disasters
- Conclusion: Email Privacy Your Way
Email Privacy Between You & Big Tech
Google Workspace, formerly G Suite, is by far the most popular and feature-rich professional email service that includes such collaboration tools as Calendar, Meet, Drive, Docs, etc. With 30 GB of cloud storage and great support on top of the familiar ad-free Gmail platform, even the basic Business Starter plan offers mind-boggling value.
Similarly, Microsoft has bundled its Premium Outlook, formerly Hotmail, product with its signature apps such as Word, PowerPoint and Excel. Besides its ad-free email and calendar, the entry Microsoft 365 Personal plan includes 50 GB of mailbox storage and a whopping 1 TB of OneDrive storage.
So, why do so many people choose a variety of Gmail and Outlook alternatives?
There are many reasons, starting with pricing. Google Workspace and Microsoft 365 Personal each cost $6+/month. These plans include only one custom domain and one user. Many alternative email services for one domain name cost as little as $1 a month, for example Namecheap Private Email*. Also many allow setting up multiple custom domains and aliases either as an extra add-on or on higher plans, for example ProtonMail*.
But of course the main reason to migrate your email from big tech has to do with privacy. While Gmail and Outlook are secure email services, they are not zero-knowledge. Their email only supports standard transmission encryption (TLS) but not encryption at rest and end-to-end encryption. Only large enterprise clients have the option of end-to-end encryption.
More generally, both Google and Microsoft are also online advertising giants whose revenue heavily depends on tracking their users and collecting user data, even if mainly aggregate and meta. Their privacy philosophy is well reflected in what data their email apps collect:
In contrast, privacy-friendly email clients and apps normally require only diagnostics. Thus, privacy as offered by Google and Microsoft is defined as privacy between you and them – and not as your unmediated privacy. Many users choose therefore privacy-focused email providers that – as a minimum – do not treat their user data as a product and – ideally – have no access to their inbox, while those with advanced skills may even choose to run their own mail server.
Email Privacy through Self-Hosting
A radical alternative to using Gmail and other providers is eliminating a third-party email service by hosting your own mail server. Appealing though it sounds, setting up and managing a mail server is time-consuming and much harder than running a web server and is therefore not a viable option for the vast majority of email users.
Because many ISPs block mail-specific outgoing ports and provide dynamic IPs only, you will most likely need to pay for a cloud server instead of running a home server. Even if you get a server from a GDPR-compliant data center, your email setup involves a third party that theoretically has access to your server. You are also likely to rely on third-party software, especially for an anti-spam solution. On the practical side, you will be fully responsible for keeping your OS and security up-to-date and for maintaining the entire ensemble of all mail server components.
An easier way to self-host your email is by using a platform that automates server management such as Cloudron*. Once installed, Cloudron features a built-in multi-domain mail server for sending and receiving emails. Besides countless mailbox and anti-spam features, Cloudron ensures complete data ownership and has no access to your server-side data. You can access your email through your favorite desktop and mobile email clients. You can also install one of the webmail apps such as Roundcube: the additional privacy benefit is that you can enable PGP for end-to-end mail encryption.
Email Privacy as Not Being a Product
Many easy-to-use email services were created as an alternative to Gmail and more generally to the business model based on tracking email data, serving personalized inbox ads, sharing aggregate data with third parties or monetizing this data in other ways.
One of the oldest Gmail competitors in this regard is Fastmail. Their kind of email privacy is based on subscription: this privacy model treats email users as customers, not product. Fastmail and similar email providers essentially offer a straightforward service in exchange for money. But same as Google, they do not offer a zero-knowledge email solution.
This kind of email privacy is neither strong nor sufficient enough in many ways. Nor is it as relevant today since Google stopped using Gmail data as a source for ads personalization (despite further data abuse practices). Therefore, besides not being Google, several email providers focus instead on offering added value through a mixture of flexibility, convenience and customer support.
For example, Namecheap* offers several flexible email hosting plans that range from a basic mailbox to a full collaboration suite with prices significantly lower than those of Google Workspace. As a domain registrar, Namecheap also makes it easy to use a custom domain for email: you can simply select Private Email records in your Namecheap DNS setup. You also have the option to configure your DNS records to be able to access your webmail directly on your domain such as mail. yourdomain. com.
Besides placing a strong emphasis on account security with separate app passwords and 2FA, Namecheap stands out from other email services in that its email platform is built on open source software – Open-Xchange. Most email services offered by other web hosts, website builders and domain registrars either run on Microsoft Cloud or simply resell Google’s email services.
If the added value you are looking for is the freedom to set up email addresses for an unlimited number of domains within one plan, such email hosting companies as Migadu may be a good fit if you have multiple projects or clients. Migadu alternatives include Mailcheap and Servermx. You may need more technical knowledge as a user and the level of support is typically another sacrifice for the freedom to host unlimited email domains.
In the end, if zero-knowledge encryption is crucial for your business, you can use multiple custom domains also with email services that offer better privacy. Encryption-friendly low-cost Migadu alternatives for multiple domains via aliases include Mailfence, mailbox.org and Tutanota.
Email Privacy as Optional Encryption
All major email services use TLS or transport-level encryption. This type of encryption is a security measure that prevents certain attacks while your email is in transit but it does nothing for your email privacy as your email can be accessed by the email provider and, in case of a server breach, a malicious party. To make sure only the customers can read their emails, some email companies offer optional end-to-end encryption and zero-access encryption (aka encryption at rest).
Unlike third-party tools that let you encrypt email either in the browser (e.g. Mailvelope) or in the email client (e.g. Gpg4win), email providers such as mailbox.org, Mailfence and StartMail let you set up encryption keys within your email account. All three are based in the EU (Germany, Belgium and the Netherlands respectively). Of the three, only mailbox.org fully relies on open source software for its webmail, Open-Xchange, that additionally offers a comprehensive online office suite, including cloud storage.
While mailbox.org follows the best security and privacy practices, it does not offer email encryption by default. You have to actively choose and manage your preferred method of email encryption. The most convenient OpenPGP-compatible method of enabling end-to-end encryption is by activating the built-in Guard tool: this way your ability to send and receive encrypted messages is not dependent on the browser or device you use. To make sure that only you can read your messages, you should also activate the Encrypted Mailbox feature, an equivalent of zero-access encryption.
There are several potential disadvantages of using mailbox.org and similar services. Because the encryption and decryption is implemented on the server side rather than the client side, the result is that it is not true end-to-end encryption: using the service still involves a degree of trust. The mailbox.org Guard works only with the account’s main email address and cannot be used with email aliases. Besides using webmail, you can access your email through third-party email clients via IMAP/SMTP protocols rather than through in-house custom apps; however, Mailfence does offer a progressive web app for mobile devices. Also because of how email delivery works and the limitations of OpenPGP, the following email components are never end-to-end encrypted: To, From, Cc, Date and Subject. Additionally, Open-Xchange does not support encryption of your address book and calendar.
While email services with optional encryption are easier to use than self-hosting email and offer real privacy benefits compared to email providers that simply promise to respect your privacy, they are still complicated to operate correctly. If you have never heard of PGP encryption keys and how to manage and use them, you will have to spend quite some time to understand what they are and how they work.
Email Privacy as Encryption by Default
There are several projects aimed at creating a Gmail alternative that is equally easy to use plus offers zero-knowledge encryption (end-to-end and at rest) out of the box. Two such main email services with client-side encryption by default are Tutanota and ProtonMail*.
Both ProtonMail and Tutanota have been in business since the early 2010s, publish their apps as open source, put an emphasis on user-friendly features, integrate an encrypted calendar and offer a modest free plan. Their appeal with regard to email privacy is that all communication between ProtonMail users and Tutanota users respectively is always end-to-end encrypted. It means you can pick either service and communicate privately with your team or family with zero effort on your part.
You can also send end-to-end encrypted messages to external recipients. Because Tutanota does not use PGP, you can send an encrypted message only by setting a password. ProtonMail offers instead two ways to send an encrypted email externally: you can similarly set a password or you can share your public key with anyone who uses PGP, for example mailbox.org and Mailfence users. Although PGP has its limitations, such as lack of subject line encryption, it is still the most widely used and interoperable method of email encryption.
While ProtonMail is more compliant with open standards and is compatible with popular email clients via IMAP/SMTP protocols, Tutanota has its own apps for more platforms, including desktop. And while ProtonMail may be a better-known privacy brand, having been featured in such shows and movies as Mr. Robot and Knives Out and known also for its VPN service, Tutanota has many admirers not least due to its more affordable pricing.
Bonus: Preventing Email Disasters
Whether a personal or business email, for one or multiple domains, you want a private, secure and reliable email that offers value beyond what free ad-based email services can offer. The process of setting up and getting used to a different mailbox as well as making sure your messages are delivered and can be accessed by you on every device is already a significant undertaking. The last thing you want is not knowing what to do if things go wrong. It is thus crucial to understand the risks of using encrypted email and be fully prepared so there is not even the slightest chance of experiencing data loss or any disruption.
The scariest part about using zero-knowledge encryption is that the email provider has limited or no ability to help you if you lose your encryption password (mailbox.org), encryption key (ProtonMail) or recovery code (Tutanota).
Depending on your situation and the email service you use, you may need account recovery and/or encryption key recovery. For example, mailbox.org lets you recover your account password through an alternative email address or mobile number that you set up in your account. You can also go this way if you lose your 2FA token. However, you cannot recover your encryption password: you must keep it stored safely, otherwise you will not be able to decrypt your existing messages and files.
If you have lost your password, ProtonMail lets you reset your password through an email or phone number, if those are configured in your account. However, by resetting your password, you will lose the ability to read your existing emails. To restore your encrypted messages, you must either know the old password or have exported your old private encryption key. It is therefore essential to back up and securely store copies of your encryption keys.
Tutanota does not offer recovery through email or phone number. The only way to reset your account is to use a recovery code that you must note down in advance and store in a secure location. If you have enabled 2FA, you will need both your recovery code and your 2FA. If you do not have two out of three authentication methods (password, recovery code, 2FA), you cannot reset your account.
Same as you cannot take with you @gmail.com and @outlook.com, you cannot use @pm.me and @mailbox.org anywhere but at ProtonMail and mailbox.org respectively. But if you use a custom domain name, you can obviously take it with you if you wish to switch email services.
More importantly, the question is whether you can export your email archive and import it elsewhere if you use an encrypted email service. Even though in many cases it won’t be a one-click operation, you own your mail data and so you can export it to use anywhere you like.
For example, ProtonMail has created an Import-Export tool that makes it easy to download decrypted emails. You can export all emails or specific addresses, folders and labels. If you are a free user, you can only export individual emails.
In contrast, Tutanota has not yet built a tool to either import or fully export emails. Your email data is not exactly locked-in but you cannot export all emails at once. At best you can multi-select individual emails (by pressing Ctrl or Shift while selecting) and drag and drop them to a local file system.
And for email services that fully support IMAP, such as mailbox.org, the easiest way to export your data is by synchronizing your emails in an email client and backing them up in your preferred format. To move your data to mailbox.org, you have the option to use a third-party service.
Risks of Free Email
A free encrypted email account can be handy to send an occasional email or as a temporary disposable email option. But free accounts have too many feature limitations, potential vulnerabilities and lack of full control over your data to be worth using as your main email. To demonstrate the point, here are just two ways in which using free email is risky, based on Tutanota’s example.
Tutanota sends email though different servers depending on whether you are a free or premium user. It does so because some free users tend to abuse the service in many ways such as by sending spam which may lead to blacklisting respective IP addresses or host names. If you are a premium user, you can be certain that your email will be delivered through a different safer route.
Tutanota also deletes inactive free email addresses after six months if you do not log in regularly. After the free account has been deleted, you cannot recover your emails and other contents although you can still recover your email address if you have the recovery key and a paid Tutanota account. If you pay as little as €12 a year, your premium account is always there for you, as long as it is paid in a timely manner.
Conclusion: Email Privacy Your Way
Email privacy is a fluid concept that evolves with technology, threat models and popular demand. Dating back to the 1970s, email as a communications medium was not primarily about privacy, and even today it is not well-equipped against advanced tracking, data harvesting, mass surveillance and malicious abuse (spamming, phishing, spoofing).
In the end it is up to you what flavor of email privacy you prefer. If you are not seeking to become a PGP encryption guru, if you already have a private channel for communicating with mates and use an encrypted cloud storage to save and share documents, it is OK to stick with Gmail or Outlook. After all, tech companies can be fined and otherwise held accountable. The question is, however, whether you really wish to support those privacy-violating practices these dominant players make huge profits from.
Switching from Gmail or Outlook does not necessarily mean sacrificing convenience or making drastic changes. Self-hosting an email server, even with such tools as Cloudron*, is not a better alternative for casual email users. Instead, a small step toward email privacy can be choosing an independent trustworthy provider that simply does not treat your email data as a product, such as Namecheap*. Setting up and using an encrypted mailbox can be as hard as actively managing your PGP keys and filter rules (e.g. mailbox.org) or as easy as creating an email account (e.g. Tutanota).
Above all, unlike a free email account, a premium email service empowers you to be in full control of your data. It starts with full ownership of an email address based on your own custom domain name that you can take with you anywhere. Choosing an email provider that follows and pioneers open cryptography standards, most notably ProtonMail*, is essential for interoperability across email services and clients: that way, your email is not just private but can also be fully exported any time.