One of the most well-known encrypted and secure email providers, ProtonMail is the go-to option for users who want more privacy in their conversations.
Whether it’s just a free account to use for occasional private email conversations or a premium plan for full-time use, ProtonMail has it covered. But is their excellent reputation deserved? Let’s review ProtonMail and find out.
|Affordable with a free option
|Some plans are expensive
|No logs policy
|No way to guarantee your emails remain encrypted once delivered
|Switzerland-based, one of the most privacy-friendly jurisdictions
|Complicated POP3 / IMAP
|Encrypts emails completely, not visible to ProtonMail
By ProtonMail’s own admission, their security is not perfect. Perfect security is impossible to achieve, after all. But all things considered, would ProtonMail be a good fit for you with your specific requirements?
Whether you’re a day-to-day email user wanting some more privacy, or a political activist sharing potentially life-endangering information, let’s see what ProtonMail has to offer you.
As a mature and trusted encrypted email platform, ProtonMail has a lot to offer:
ProtonMail’s Pricing And Free Plans
ProtonMail has a free offering that is perfect for someone who wants to either test the platform before committing to a premium subscription or a person who just wants to send the occasional encrypted email for whatever reason.
It’s a full-featured subscription but limited to 500MB of disk space and 150 email messages per day. The free option is perfect for these two scenarios.
The Plus subscription offers 5GB disk space, five email aliases, a thousand messages per day, one custom domain, email filters, and autoresponders.
All of the same features that you would get with any standard email service like Gmail, but with added encryption. The approximate price of €5 p.m. or €48 p.a. is affordable for most privacy-conscious users and offers great features for personal use.
The Professional package includes Plus’ features, but with two custom domains, unlimited emails, priority support, a catch-all email, and multi-user support.
Built for businesses, the Professional account comes at approximately €8 per user per month or €75 per user per year. Each user will then have 5GB disk space and up to five aliases. It is available for one to 5000 users.
ProtonMail’s top plan, Visionary, includes six users, 20GB disk space, 50 aliases, unlimited messages, priority support, ten custom domains, and all the other features included with Professional.
It also has the added benefit of a ProtonVPN subscription included with the plan. It costs about €30 per month or €288 per year, which is a lot, but it’s good value for six users at only €5 each per month.
When it comes to price, ProtonMail may not be the cheapest encrypted email provider, but its prices are still fair and affordable when you consider what you get in return.
Even Visionary is only expensive until you think about the fact that there are six users to split the bill. For the full ProtonMail service, that is pretty good value for money!
Privacy, Security, And No Logs Policies
ProtonMail’s parent company, Proton Technologies AG, is based in Switzerland. This immediately associates ProtonMail with some of the world’s strictest privacy laws and neutrality principles.
The problem is that this can easily lull people into being over-confident with their security and privacy when using ProtonMail. We need to understand all that this entails.
On their website, Proton Technologies AG specifies a few crucial points that have to be considered when using ProtonMail:
- Your emails are end-to-end encrypted and stored in an encrypted format, which means that even ProtonMail’s staff cannot access the content of your conversations. Your communications are entirely private and secure. By extension, even if hackers were to gain access to the server, they would not be able to gain any valuable information from it.
- ProtonMail has to keep logs. Though they have a no-logs policy, some metadata has to be stored on their servers to allow them to send and deliver emails reliably. This is understandable. Their logs contain only data like dates, times, and IP addresses, which they have to surrender if the court orders it, but there are no personal data in these logs.
- Though encryption of emails to recipients who do not use ProtonMail cannot be guaranteed, there is the option to an outside encryption feature or PGP to ensure that emails remain encrypted. Outside Encryption will send the recipient a link to click that will open the email, with a password that you have to provide in some other way.
Another great security feature that ProtonMail offers is Message Self-Destruct. You can set an email to be automatically deleted after a specified period or after being read by the recipient.
This ensures that the message will be conveyed, but all evidence will be destroyed afterward. It may seem somewhat extreme for average users, but some people could find that feature very useful.
In terms of encryption, ProtonMail exclusively uses HTTPS, TLS with ephemeral key exchange, and optionally PGP for advanced users.
These are some of the highest level email encryption systems available today, so ProtonMail users can rest assured that Proton makes every attempt to protect their email conversations from unauthorized eyes.
To Emphasize Again, ProtonMail Is From Switzerland
As mentioned earlier, the fact that Proton Technologies AG is based in Switzerland should never cause over-confidence.
However, it does put ProtonMail a step above some of the other encrypted email providers. Though a Swiss court can order Proton to release some logs, those logs will contain very little information that could be useful in most cases.
Switzerland’s courts cannot force ProtonMail to release any data based on another country’s requests. Switzerland won’t spy on a user on behalf of another country.
This is comforting, but remember that politics are fickle; who knows about the future? But for now, it’s a huge plus.
ProtonMail Is Improving Rapidly
This point is not to be underestimated. A quick web search for different ProtonMail reviews, ratings, and comments on social media or forums shows that some users have complained about missing features as little as six months ago, but those same features have since been added to ProtonMail’s premium packages.
There seems to be a rapid development and roll-out plan at ProtonMail’s offices.
From online comments, it’s clear that they welcome feature requests and user suggestions and add them to their development planning sessions if they are viable.
For example, after being criticized for not supporting POP and IMAP, ProtonMail now offers IMAP through its Bridge Apps to maintain security.
It is hard to find a company that is so focused on developing and improving features based on user feedback. It’s comforting to know that your encrypted email provider is constantly working on new ways to simplify your life while keeping your conversations more secure than ever.
ProtonMail: Reviewing The Cons
Despite all the positives, there are a few negative aspects to ProtonMail when compared with other service providers.
As mentioned before, some of them may change sometime soon since the people at Proton Technologies are constantly improving their offering, but for now, here are the most significant aspects that are wrong with ProtonMail:
ProtonMail Is More Expensive Than Others
We are not referring to unencrypted email providers. Comparing ProtonMail’s pricing with Gmail, for example, would be ridiculous.
However, compared to other encrypted email providers, ProtonMail is a bit on the more expensive side.
Mailfence, for example, has an Entry plan with similar features to ProtonMail’s Plus subscription, but at approximately half the price.
Hushmail’s Personal plan costs more or less the same as ProtonMail’s Plus plan but offers 10GB of storage compared to ProtonMail’s 5GB. There are many similar examples of other encrypted email providers either costing less or offering more.
It’s only fair to mention that the price difference between ProtonMail and other providers has been slowly decreasing over the years.
As Proton improved their offering and added better value, there are now even some providers that are more expensive or that provide less than ProtonMail. This will probably change even more in the future as Proton’s development continues.
ProtonMail’s IMAP Support Is A Bit Weird
Until fairly recently, ProtonMail did not offer IMAP / POP3 or SMTP support at all. Your ProtonMail emails were only available through the ProtonMail webmail interface or Android and iOS apps.
It was one of ProtonMail’s most-criticized aspects, but Proton insisted that it’s better for encryption purposes, which makes sense.
However, ProtonMail recently released IMAP / POP3 / SMTP support for all premium subscribers (not on the free plan) in the form of the ProtonMail Bridge app.
The app can be downloaded and installed on Windows, macOS, and Linux systems. It integrates with popular email client software on these operating systems, ensuring that your email is encrypted before leaving your device.
This is great, but it is a bit strange for most average users. While many other encrypted email providers simply integrate with email clients like Outlook, the ProtonMail Bridge could be a bit challenging for people to install, set up, and configure.
Yes, most “average” users probably won’t want to bother getting encrypted email and possibly think they don’t need it. But ProtonMail aims to make email encryption accessible to all, which should necessarily include ease of use.
This makes the ProtonMail Bridge seem a bit counter-productive. It’s quite a significant move in the right direction, but more tweaking might be needed from ProtonMail.
ProtonMail Cannot Guarantee That All Emails Remain Encrypted
This is not necessarily a ProtonMail problem, though it plagues ProtonMail as well as other encrypted email providers.
The problem is that, though ProtonMail end-to-end encrypts all emails to other ProtonMail users, emails to users of other email platforms are not encrypted.
When you send an email from ProtonMail to a Gmail account, for example, the message will be encrypted until it leaves ProtonMail’s servers.
From there, it has to use whatever encryption is available to the recipient’s email server, which in Gmail’s case (and most others) is standard TLS at best.
Once it is on the recipient’s server, things get even worse since the server could be storing the email in plain text format with all the contents visible for the world to see. This is a massive risk in terms of security and privacy.
The lack of guaranteed encryption is one of the main concerns and reasons why organizations like the Civil Liberties Defense Center (CLDC) do not recommend the use of ProtonMail by political activists.
While ProtonMail keeps the email secure, other servers and platforms may not, and there’s no way to guarantee security after the email leaves ProtonMail’s web of encryption.
ProtonMail does offer a way around this, though. As mentioned before, the Outside Encryption feature will send the recipient a link to follow, where they will be asked for a password before they will be granted access to the email on ProtonMail’s own servers.
You will have to send the password to the recipient in some other way to add to the security.
This allows the email to remain encrypted, but it poses another problem: it is not an elegant solution. Having heaps of email links to go through when you’re looking for that one email you received can be frustrating.
And to make matters worse, uninformed users may distrust the link or perhaps not even understand what it’s about and end up ignoring it.
As previously mentioned, this is not really a ProtonMail problem since it’s more or less universal with encrypted email. Other encrypted email providers find more elegant ways around the issue by using PGP or similar options.
PGP is also available to ProtonMail users, but it can be complicated to configure and use and is thus indicated by ProtonMail as being for “advanced users.”
When weighing up the pros and cons, ProtonMail is a well-developed, easy-to-use, and relatively affordable encrypted email platform.
Your requirements will determine if ProtonMail is the best fit for you. Hardcore users like activists may require something more robust, but day-to-day users that want to keep their emails private can do far worse than paying for a ProtonMail subscription.