ProtonMail is a secure email service that provides end-to-end encryption for your messages. Coming from the same company as ProtonVPN, one of the best VPNs on the market, ProtonMail impressed us with near-endless customization and airtight security, earning the service a spot in our most secure email providers guide.
In this ProtonMail review, we’re going to detail our experience with the encrypted email service after taking it out for a spin. The short of it is that if you want to keep your emails secured from prying eyes, ProtonMail is a great way to do that. The service is also free, so there’s no reason not to give ProtonMail a shot.
Strengths and Weaknesses
- Free plan available
- Integration with ProtonVPN
- Multi-user plans
- Native iOS & Android app
- No desktop app
- Limited support for free users
ProtonMail has a lot of settings and that’s one of the main reasons to use the secure email service, outside of sending encrypted email messages. With a ProtonMail Free plan available, we recommend trying out the web interface and the ProtonMail mobile app — either the iOS or Android app — to discover all of the settings and features.
We’re going to provide you with some of our favorite features and settings, but let’s start with the basics first. All of the creature comforts associated with other webmail apps are present when you use ProtonMail.
You can set an autoresponder, control a blacklist, set a custom signature, set a custom spam filter, create your own labels and more. You can also manage multiple email addresses in the same account, which is surprisingly difficult to do with other email services.
From ProtonMail’s settings, the “appearance” section stands out the most. You can change how the application is laid out, sure, but ProtonMail goes further than that. You can change the composer direction to type right to left instead of left to right, compose emails in plaintext and even set custom CSS.
With a quick look around online, we found multiple themes supporting dark mode and a wide range of different colors. Simply copy the CSS into ProtonMail, hit “save” and you’re set. Be warned, though, that rogue code can compromise your privacy, so use caution when looking for themes.
On the technical end of things, you can set custom encryption keys and even set custom domains for your email address. That said, most of the security features — such as ProtonMail Bridge, an application that encrypts and decrypts your mail as it enters and leaves your computer — are reserved for the paid plans.
You can still send encrypted emails with ProtonMail Free, but the extra goodies mostly show up in the Plus plan and above.
Messages Sent to Non-ProtonMail Users
One of the big hurdles with end-to-end encryption is the key pairing. In short, you have a pair of keys and your email recipient has a pair of keys, and you each need to share one of those keys to encrypt and decrypt email messages. This makes end-to-end encryption difficult because both users need to be on the same application.
That’s not a problem for ProtonMail. When composing an email message, you can set a custom password and expiration date. The email recipient can decrypt the message using that password. It’s a bit of a pain, but it beats forcing all of your contacts to sign up for a ProtonMail account.
ProtonMail Features Overview
|Encryption||RSA, AES, OpenPGP|
|Custom Domain Support|
|Supported Platforms||Android, iOS, Web|
|Live Chat Support|
|Phone Support||Yes (Professional)|
ProtonMail is a fairly inexpensive service, though like most email services, everything revolves around the free version. ProtonMail Free offers 500MB of storage with a single email address for one user. That’s half of what you get with Tutanota (read our Tutanota vs ProtonMail piece), but better than CounterMail, which doesn’t even have a free plan (read our CounterMail review).
However, the free version of ProtonMail also limits users to 150 messages per day, limited support and only three folders. Other features, like the autoresponder, aren’t included with a free account, either.
Beyond the free service, there are the Plus and Professional plans, which are basically the same. Compared to the free plan, Plus comes with high messages-per-day limits and folders, as well as faster customer service and support for a custom domain. The Professional plan offers most of the same, except with support for up to 5,000 users.
That doesn’t mean a sole ProtonMain user shouldn’t use the Professional plan. In addition to what you get with the Plus plan, Professional includes catch-all mail and removes all limits on messages and folders.
If you’re going all out, though, ProtonMail’s Visionary plan is where it’s at. You get 10 custom domains, 20GB of storage and support for 50 addresses. Furthermore, Visionary includes the ProtonVPN.
There’s no free trial, but ProtonMail has a refund policy. Basically, you’ll receive a prorated refund for unused time if you downgrade your account. All paid plans are available monthly or annually, with the annual plan clocking in around 20-percent cheaper than if you just paid monthly.
The same pricing rules apply to the add-ons. ProtonVPN offers extra storage, domains and addresses for a few dollars each. Like the subscription, you can purchase these extras monthly for the full price or receive a slight discount — 10 percent, in this case — by paying for a year up front.
Ease of Use
There’s nothing special about signing up for a ProtonMail account. Go to protonmail.com, click the “sign up” button in the website’s top-right corner, pick a plan and you’ll be in the ProtonMail web application within minutes. ProtonMail doesn’t fuss around with manual setups or anything of the sort. Enter the email address you want, choose a password and you’re good to go.
When you first open your account, the majority of the page is taken up by three ads to upgrade, the first of which hilariously says, “ProtonMail doesn’t show ads or abuse your privacy.” The moment you click on an email or compose a message, the ads go away and never return, so we’re not criticizing ProtonMail. It’s just funny to see.
Actually using ProtonMail’s web app should feel familiar if you’ve used another webmail service before. You can choose to display your message content and your inbox side by side or as separate screens.
The left-side menu holds your drafts, starred messages, spam folder, trash, sent messages and archive. You can expand this menu with custom folders and labels, depending on your ProtonMail plan.
In the settings, ProtonMail has a lot more going on. From keyboard shortcuts to IMAP/SMTP setup, there’s a setting for just about everything. This is all par for the course when it comes to email services — outside of the encryption keys menu and handy link to ProtonVPN — but we’re not complaining.
The thing ProtonMail does right when it comes to its settings is offer a wide range of categories. We never had a question about where to go to access a particular setting, which is saying something.
Most email applications bury the settings in compressed menus, making it next to impossible to find a setting on your own. It’s dead simple with ProtonVPN, which is worth the price of admission by itself.
If you forget your ProtonMail password, you can perform an account reset with a recovery email. However, your encryption keys are reset in the process. That means all previous messages will still show up in your account, but you won’t see them in plaintext. All messages are encrypted. The image below shows what an encrypted message looks like.
There are two important notes here. First, the subject line isn’t encrypted, and second, the recipients aren’t encrypted. Keep that in mind when composing messages. We’ll talk more about how far the encryption reaches in the “security” section below.
If you have any problems, ProtonMail’s knowledgebase should be the first place you look. It’s stuffed with articles about setup, troubleshooting and more. If you want to reach out to the community, there’s an official ProtonMail subreddit, as well.
For larger problems, you can email ProtonMail 24/7, though you may need to wait a while if you have a free account because of its “limited” customer support. Plus users have standard access to support resources, and Professional and Visionary users have access to priority support, which includes the ability to call the ProtonMail support phone number during Swiss business hours.
ProtonMail provides secure, end-to-end encryption for your emails, with support for OpenPGP, AES and RSA. Our guide on email security and our description of encryption will give you the specifics, but in short, end-to-end encrypted messages can’t be read by anyone other than the intended recipient. The system simply doesn’t allow for it.
All of ProtonMail’s encryption is handled by open-source libraries, including OpenPGP. If you feel like digging through lines of code, everything is available on GitHub right now. As one of the most popular end-to-end encrypted email applications, ProtonMail’s code has had a lot of eyes on it, which is always a good sign.
A lot of ProtonMail’s security features work into privacy, too. All encryption happens client-side, which ProtonMail calls a “zero access architecture” (also known as a zero-knowledge model). In short, it means that ProtonMail never has access to your email contents or your password. Consequently, that also means data recovery isn’t possible if you forget your ProtonMail password.
Physical security is a big talking point for ProtonMail, too. Your data is never sent through the cloud. Rather, all ProtonMail messages are stored in a data center some 1,000 meters under the ground, which is owned and operated by Proton Technologies AG. This is, presumably, the same data center used by ProtonVPN’s Secure Core servers.
However, ProtonMail has one issue with its security model, but it’s unavoidable. ProtonMail is based in your browser, and there are simply more risks with browser applications than local ones. This isn’t a problem unique to ProtonMail, though. Any email application based in your browser, encrypted or not, is susceptible to the same attacks.
ProtonMail doesn’t hide that fact, either. In its threat model, ProtonMail clearly shows the potential risks of using a web-based email application, as well as how the email service is designed to protect against those risks.
In the same piece, ProtonMail actually provides use cases where it does not recommend ProtonMail, particularly if you’re leaking state secrets or are involved in criminal activity.
In doing research for this ProtonMail review, we stumbled upon a few claims that ProtonMail — and by extension, ProtonVPN — voluntarily aided law enforcement with real-time surveillance. This is not true. The now-removed blog post where this topic originated claimed that a Swiss public prosecutor showed ProtonVPN logs in a presentation.
ProtonMail officially responded, making it clear that “ProtonMail has not and does not engage in voluntary real-time surveillance on behalf of law enforcement.” This is further backed by ProtonMail’s transparency report.
Proton Technologies AG is based in Switzerland, a country with some of the best privacy laws in the world. Under Swiss privacy laws, ProtonMail can only hand over readily available information — like your name and email address — to Swiss authorities. Foreign requests must first be approved by the Swiss judicial system.
Because ProtonMail offers end-to-end encryption, your message contents are always private. In extreme cases, ProtonMail says that it may be obligated to monitor the IP address of a ProtonMail user if there’s strong evidence to suggest they engaged in criminal activity (which is against ProtonMail’s terms of service).
No matter the circumstances, ProtonMail can not and will not hand over message contents (end-to-end encryption simply doesn’t allow for it). Although the service may monitor certain ProtonMail users in rare circumstances, you don’t have to worry about your privacy.
ProtonMail’s transparency report details all of the requests from the Swiss government. In many cases, such as one from July 2019, ProtonMail refused to hand over information, protecting its users. The most recent one involved a whistleblower, when ProtonMail upheld the user’s right to privacy and asked Swiss authorities to reconsider the case.
As far as encrypted email services go, ProtonMail strikes a nice balance between accessibility and security. ProtonMail’s web-based version is naturally susceptible to more risks, but in the vast majority of cases, that doesn’t matter (ProtonMail users can also use the mobile app on Android and iOS).
ProtonMail allows you to send encrypted emails using PGP without fussing around with a manual setup. Plus, the email service is free and open source, which we always like to see.
What do you think of this ProtonMail review? Are you going to give ProtonMail a shot? Let us know in the comments below and, as always, thanks for reading.
- Yes, ProtonMail is safer than Gmail. With end-to-end encryption, your email messages are never exposed in a plaintext form, no matter what. All encryption and decryption happens locally, meaning only you and the recipient you’re sending a message to can see the content.
- Like any online service, ProtonMail can be hacked, though it’s highly unlikely. All of the ProtonMail servers are privately owned and operated by Proton Technologies AG, which is based in Switzerland. Plus, ProtonMail has a zero-knowledge model, so even if the service was hacked, your emails wouldn’t be compromised.