Getting started with ProtonMail
ProtonMail is a secure email service based in Switzerland featuring end-to-end encryption, and a strong focus on privacy and security.
The service is available as a web version, and as applications for Android and iOS devices. The three core pillars of ProtonMail from a security and privacy point of view are support for end to end encryption, the service's zero access architecture, and use of open source cryptography.
Tip: Read our initial ProtonMail review which we published in 2014 as well.
End to end encryption means that data is stored in encrypted format on ProtonMail's servers, and that it is also encrypted when it is transferred. Messages between ProtonMail users are fully encrypted, a stark contrast to how regular email transmissions are handled (unless PGP or similar encryption is used).
Data is encrypted on the client side so that ProtonMail cannot access emails and other content. Since data is encrypted and decrypted on the user device, ProtonMail and any third-party cannot access these emails because of that.
Setting up a ProtonMail account
ProtonMail supports a free limited account, and several paid accounts. All plans support the same security features which makes the free account an ideal plan to start with as you can use it to test the service ProtonMail offers. Upgrades to paid accounts are always an option.
You get 500 Megabytes of storage with a free account, and a message limit of 150 messages per day. While storage may become an issue quickly, the number of messages should not.
ProtonMail does not display ads or uses other forms of monetization to make money off of free users. The service does add a "Sent with ProtonMail Secure Email" to messages sent using free accounts however.
The first paid account, Plus, raises the storage to 5 Gigabytes, adds four additional email addresses to the account, and enables email filters and autoresponder functionality. You do get support for one custom address on top of that. It is available for $48 per year.
Extras can be purchased by paid subscribers: Extra storage is available for $9 per year and Gigabyte, extra domains for $18 per year, and extra addresses for $9 per 5 addresses.
Setup
Setup is straightforward. I suggest you start by creating a free account, but you may select one of the paid plans during setup already.
All you have to do then is to set the username and password that you want to use, and you are ready to go. You may add an alternative email as well, but that is optional.
ProtonMail requires no verification whatsoever (email, mobile phone), and can be used right after you have set up the account.
Using ProtonMail
The web interface of the email service supports two layouts that use three or two columns respectively. The three column layout displays mail folders, mails of the selected folder, and the active conversation in columns; the two column layout only the folders and either the active folder or the active conversation.
You may want to do the following things during the initial setup:
- Open the Settings, and change the display name and add a signature.
- Disable daily email notifications.
- Decide whether you want to allow password resets. (this restores access to the account, but will make any email that is in the account up to that point unreadable).
- Enable Two-Password mode. This is a legacy mode which uses different passwords for login and mailbox encryption.
- Set "load embedded images" to manual.
- Check out the keyboard shortcuts, e.g. c to open compose, Ctrl-Enter to send messages, or / to focus the search field.
- Enable or disable email subscriptions (three out of four are enabled by default for free accounts).
- Enable Two-Factor Authentication under Settings > Security.
- Change the composer size and other layout related settings under Settings > Appearance.
You can download the PGP key to your system under Settings > Keys. This key can then be imported into programs that support PGP so that you may access your emails on these devices as well.
Closing words
ProtonMail is a secure email service that focuses on privacy and security. No one but the user has access to emails thanks to the service's implementation of end to end encryption. The service does not display ads to you, and does not read emails either.
The free version is good to take the service for a test ride, but it is somewhat limited. The inability to remove the "ad for Protonmail" when sending emails, and the limit to one address, no filters and no custom addresses need to be mentioned in this regard. The 500 Megabyte limit may also be reached quickly depending on how you use the service.
The cheapest paid subscription is available for $48 per year; quite a bit of money especially since email is seen as something that is available for free by many Internet users. Still, if you don't want someone else snooping on your emails, or that your emails are read online by robots or even human beings, you need end to end encryption for that.
While you can set up PGP on your device and start using it, doing so may be too technical (still) for many users.
Now You: Which email provider do you use, and why?
I use Proton Mail. You should also mention it is available over tor browser with an onion address.
I use Proton Mail. You may want to mention it is available from tor browser with an onion address.
They also just rolled out an encrypted contacts manager with PGP key support to come in 2018 (see: https://protonmail.com/blog/encrypted-contacts-manager/ )
I like the concept of ProtonMail, but it’s pretty much useless unless you can get everyone important to you to switch to it. As I’ve learned the hard way, good luck with that. The vast majority of people just don’t give a dang about privacy, and tend to think that those who do are weirdos.
Even in your case, there are still good reasons to use Protonmail (or similar). (1) It does not routinely scan the contents of your messages to generate an advert profile. (2) Your emails are stored in a manner that is encrypted from the Protonmail employees themselves (if you believe them, of course). (3) You can add some useful layers of security to your login procedure. I’m not just talking about 2FA but also the ability to set a PIN in the mobile app.
I just wish the Android app was more refined, because there are some little bugs here and there. But I’m probably still going to get a paid account because I’ve been using Protonmail as my main email for some time now.
All my friends and family switched to ProtonMail to correspond with me. Today they have to endure their Black Friday SPAM unfortunately. F…..G consumer society destroying the planet :((
That’s because their ProtonMail addresses has been provided to a larger circle than restricted, so to say.
We all know that once we’ve provided our email address all depends from there on not only of the destination’s honesty but of its computer’s health as well : a hacked email account is enough to spread all its contacts’ addresses worldwide …
I have a ProtonMail account as well but I use it only with a limited number of contacts, for the vast majority it’ll be regular though enhanced email with Posteo; my ISP email is hardly ever used.
You did not understand my words, I talked about the BLACK FRIDAY PROTONMAIL OFFER, thinking that PROTONMAIL is participating in that bullshit.
OK, Anonymous, “Today they have to endure their Black Friday SPAM unfortunately” : “their” referring to previously mentioned ‘ProtonMail’ … Well, I have none of that on my ProtonMail account which would mean that the company’s “communication” considers the user’s location? What I know is that I’ve never had anything but email on my free ProtonMail account (besides the incentive to upgrade to a paid account).
Editing my previous post : I’ve just encountered ProtonMail’s Black Friday popup and email. Irritating but not revolting, after all with only free accounts the business couldn’t carry on, not to mention that some users may be interested by the discount (it’s also the purpose!). No big deal and certainly not perceived as harassment : I wouldn’t want to become one of those “No to everything” users :) The pain starts with excess, moderation in quantity and zeal in quality is always the best way to seduce potential customers but nowadays it’s too often the other way around.
@Tom Hawack: I will delete my FREE PROTONMAIL account soon and tell my friends to do the same. I do not want to help a company which do not care about ecology. I thought that the Swiss were aware of taking care of the planet, but I see that I was wrong.
@Anonymous, maybe are you in a bad mood today? :) My impression is that you’re exaggerating. I have to confess a big laugh when you point ecology as an argument to close your ProtonMail account. You’d better stop connecting to the Web if you’re committed to a true, radical, ultimate defense of life on Earth! Of course ecology is important, of course waste has to be fought but, again, let’s not fall into demagogy. As I see it we can also, we should before all consider our contribution to life on Earth by wondering on our own behavior : in this regard I couldn’t really be pleased with a systematic opposition to all contributions of technology to a better comfort but I certainly do practice caution in waste, wherever it be and wherever I have the means to control my own use of modern life.
@Tom Hawack: Hopefully I’m not alone thinking that this BLACK FRIDAY should stop: CLOSED FOR THAT REASON THIS DAY: https://www.camif.fr/
You complain that a free service (default) add one little button + one email to your protonmail? Dude, what is wrong with you. Maybe one day when you grow up and need to pay your bills you would understand what I’m talking about.
Internet was never free.
Please stop your refrain with me, thank you.
PS: With their offer today their site is totally busy, I can’t even login to delete my account.
…time really to switch to a serious messaging.
I use GMX, a German provider with so to see a very similar product. Encryption all over, and a file storage space of 2GB for the free account (reduced from 5 only a few years ago).
Living in this corner of the world, I highly appreciate having an encrypted line to my friends and relatives in Europe, it’s no luxury here if you don’t want your european freedom of thought and write being compromised by local pre-medieval concepts. Add to that nine years of hassle-free use so far, no adware, not even any camouflaged attempts to make you upgrade. Recommendable as well.
You’re not serious right? You seriously label GMX a serious provider? So why, if you sign up to GMX, you have to fill in all personal details, including address, DOB, and phone number? And what are you babbling on about no ads? GMX inboxen float on ads! I mean, just one look at their main page (www.gmx.de), and you already get a feel from what I mean (and I’m not talking about the cross scripting that is going on under the bonnet, but hey).
No sir, I’m not sure whether you’re trolling (and yes, I took a bite) or you’re just plain ignorant (in which case I’m sorry for you, I really am). Why don’t you try web.de for increased privacy, which reaches back to the same backbone?
No, no, no, if you indeed lived up to your comment, and had so much concern for article 10 of your Constitution, maybe you would have mentioned (at least) your German tutanota.de. But then again, not sure whether you’re trolling or…
The first paid for Protonmail account option is expensive. I use Tutanota.com which is a German webmail provider and have a paid for account there which is only €12 per annum for the same kind of package as the much more expensive Protonmail. They also provide a free iOS/Android app. Tutanota also provides a free account which is limited to one email address and 1GB storage.
Sounds interesting as I haven’t made the switch yet because I want to keep my own domain. Will check this one out.
I use both as a free user. ProtonMail is more complete, more features and options, in particular colored tags. It also has a secure desktop client in beta for better end to end encryption and local storage of emails, but it’s only available to paid users. (Think Thunderbird but with ProtonMail grade encryption and simple UI out of the box)
Tutanota is in beta, so I don’t hold the lack of features against it. I think it can’t even group emails from a conversation yet though.
Tutanota uses an in-house protocol, which has the advantage of allowing the encryption of the mail subject. ProtonMail uses the OpenPGP protocol which doesn’t encrypt the subject yet. I think there’s hope that *one day*, a version of OpenPGP does it but not any time soon.
However OpenPGP is much more tried and tested so it could be more secure than Tutanota’s protocol.
Also, at the moment IIRC Tutanota defaults to sending encrypted emails to non-Tutanota recipients, which means they will receive a link to a Tutanota page in which they’ll have to enter a password you gave them in order to read the mail. Make sure you turn that off first unless you know your recipient will not be bothered and has a password. ProtonMail can also do that but it’s off by default and can be turned on independently for each email at will. (there’s also a global switch) This feature allows end-to-end encryption with users who do not use an encrypted mail provider, i.e. all of the mainstream mail services.
Finally, ProtonMail picks the best encryption available to the recipient mail server when you send to a non-ProtonMail account. Gmail supports some nice encryption for instance, but of course as long as the mail can be read within Gmail it can also be read by Google. I don’t know if Tutanota does that too, I would guess so.
If I can’t use it with thunderbird is not useful for me. I use Posteo, for only 12€/year I think is a great option
@Apparition, I was thinking the same thing about using end to end encryption. I used to use PGP when Mr Zimmerman still owned it.I new one person who would correspond with me that way.
I have been using it for a while and I’m really pleased with it. Aside from some cheesy websites only working with popular stuff like GMail, I have been able to register with Protonmail on 99% of websites.
Think about it. Everybody can have a free encrypted account. If I was government, would this be of any interest to me ??
Hm,….. I can hear Big Snoopy snoop.
@Anonymous
Protonmail’s little “Black Friday” offer did not offend me at all (not one bit!) and I normally greatly dislike any kind of advertising. After all, its a very simple approach that is not in your face at all….. I’d go one more than this too: I actually WANT to support them now, as I’ve been using their free account for a year or so. I am just about to subscribe, and I don’t want to be a freeloader.
@Tom Hawack — so perfectly put….. considerate, thoughtful and kind.
“Editing my previous post : I’ve just encountered ProtonMail’s Black Friday popup and email. Irritating but not revolting, after all with only free accounts the business couldn’t carry on, not to mention that some users may be interested by the discount (it’s also the purpose!). No big deal and certainly not perceived as harassment : I wouldn’t want to become one of those “No to everything” users :) The pain starts with excess, moderation in quantity and zeal in quality is always the best way to seduce potential customers but nowadays it’s too often the other way around.”
http://www.history.com/news/whats-the-real-history-of-black-friday
Protonmail is a nice service, but the security is nothing if all of your contacts are on Gmail/Outlook/Yahoo. All things you write securely can (and will) be readed when they reach the destiny server. Security never was a bussiness model, but scan your emails and make ads/spam is consolidated.
https://tutanota.com/
I wish the author would have explored further the limitations of an encrypted mail service.
Incoming mail isn’t encrypted, outgoing mail must be decrypted, mail may be encrypted at rest, but you and I will never know, we only have Proton’s word they’ll avert their gaze.
I wish it were possible for a truly an encrypted email service but its not what email was designed to be. Would require a wholesale rewrite from the ground up, which would probably a good idea anyway.
Useful reminder that any cloud service, as mail or VPN, are potentially insecure unless proven different.
For VPN, they have been proven insecure many times. For proton is just a matter of time…
I use mailfence.com/ They offer a secure and private email solution. They never contacted me with promotions. In addition they offer total freedom since I can use my own pgp keys or use their keypair.
Also very efficient customer support
Is it possible to make protonmail the default mailto: client?
I cannot find a way…
Thunderbird cannot be removed as default it seems
Tried signing up through Tor and it wanted to confirm my phone number or another email or something like that, can’t remember now. At least it wasn’t as straight forward as it could have been.
I’m just here trying to find how to change my Proton email photo lol, interesting read though.