Our forms work with all email clients that support PGP encryption. We have nevertheless tested various options and recommend a selection for guaranteed best safety and function.
What are secure email providers?
A secure email provider has features designed to keep your email account and the content of your emails secure.
Typically, this is done through end-to-end encryption (E2EE). End-to-end encryption means that the e-mail message is encrypted throughout its journey from sender to recipient.
However, there is no standard definition of secure email; any email provider can call itself secure.
In short, we place the following requirements on the email providers and clients we recommend for our secure forms:
- The e-mail client must support PGP end-to-end encryption (E2EE), which is an absolute requirement for our service to work together with the client.
- The email client must not save unencrypted data.
- The PGP keys must only be handled by the end user and be inaccessible to e-mail client and broker providers.
- All transport and storage of e-mails and attachments must be encrypted.
- The email provider must use the Sender Policy Framework (SPF).
- Email servers must be physically located in a country with strong privacy laws; Switzerland, Finland, Germany, Belgium, Norway or Sweden. Avoid Australia, Canada, New Zealand, UK, USA and the countries that are part of The Shanghai Cooperation Organization. Read more about Five Eyes, Nine Eyes, Fourteen Eyes, SIGINT Seniors of the Pacific and Shanghai Cooperation Organizations intelligence-sharing agreements
- Cleaning of metadata (recipient, sender’s computer, browser, network, etc.).
These are tough but necessary requirements that effectively disqualify all major email providers as well as most smaller ones that market themselves as “secure” but in various ways fall short of the mark.
Important! We do not provide support regarding the selected email provider or client, you must contact the provider directly if you need support for this.
Some of our packages may include registration and configuration of an e-mail account, which we are then responsible for ensuring that it works at the time of delivery. If you need help with installations etc. in addition to what is included in our packages, we can forward the request to our partner Schuetten Consulting Ab Ltd who will then charge the work according to their price list.
The following email providers and clients meet our requirements as listed above and are tested and working well with our secure forms:
1. ProtonMail
ProtonMail is the most well-known secure email provider and our recommendation as the services meet all our requirements with flying colours. Here you get everything.
- Servers based in Switzerland
- Open source code
- Built-in end-to-end encryption
- Zero-access encryption
- Self-destructing emails
- Mobile app
- Has a growing portfolio with applications such as MailBridge
- Custom domains with paid plans
- Available as a free option
- Supports many languages
2. Mailbox.org
Mailbox.org is a secure email service aimed at business users looking for an alternative to Google or Microsoft tools. In addition to email, they offer encrypted cloud storage, video conferencing, address book, calendar and task planner.
- Server based in Germany
- End-to-end encryption (use mailbox.org Guard)
- Encrypted cloud storage
- Video conferences
- Calendar
- Environmentally friendly
- No free option
3. Posteo
Posteo is popular among activists and journalists who need to remain anonymous, as it is possible to register and pay anonymously.
Posteo encrypts your data in transit and at rest. Although Posteo does not use end-to-end encryption by default, you can choose to enable it with various accessories.
- Server in Germany
- End-to-end encryption (use plugin in Thunderbird)
- Open source code
- Support for POP, SMTP and IMAP
- Allows anonymous cash payments
- No free option
4. StartMail
StartMail is a secure email service managed by the same people who run the private search engine Startpage.
- Servers based in the Netherlands (however, not the very best choice for those who require very high security)
- Built-in end-to-end encryption
- Support for IMAP and SMTP
- Hides IP address and hostname
- Can use your domain
- No free option
5. CounterMail
CounterMail’s Sweden-based servers are unique in that they do not have hard drives and instead rely on a CD-ROM for extra security.
- Diskless servers based in Sweden
- Built-in end-to-end encryption
- Two-factor authentication
- Anonymous email headers
- Does not keep IP logs
- USB key option
- Support for IMAP
- Password manager
- No free option
6. Kolab Now
Kolab Now provides secure email and a collection of tools such as calendars, notes and video conferencing.
- Servers based in Switzerland
- End-to-end encryption (use Kolab Now Webclient)
- Open source code
- Calendars, notes, contacts, video conferencing
- No free option
7. Mailfence
Mailfence is a privacy-oriented office suite that offers secure email, contacts, storage and more. It is aimed at privacy-conscious individuals, companies and universities.
In general, we do not recommend the use of this solution as it logs IP addresses, message IDs, sender and receiver addresses, subjects, browser versions, countries and time stamps according to Belgian law. But our forms are tested and work with this provider as well.
- Servers based in Belgium (however, not the very best choice for those who require very high security)
- Built-in end-to-end encryption (using their own email clients)
- Two-factor authentication
- Support for POPS, IMAPS and SMTPS
- Password manager
- Calendars
- Messages
- Document storage
- Available as a free option
- Supports many languages
Mozilla Thunderbird is a very robust and powerful e-mail program that has been completely free for many years and looks and works the same on all different computers whether you use Microsoft Windows, Linux-based operating systems or Unix-based operating systems including Mac OS X .
The program is built on open source code, respects your privacy and has built-in support for OpenPGP since version 78.
If untraceability is less important to you and Proton feels unnecessary, we recommend Mozilla Thunderbird as a client for our secure web forms instead.
- Is free
- Supports many languages
- Download Firebird for Windows, Mac OS X or Linux
GNU Privacy Guard (GPG) is a free program belonging to the GNU project that is used to encrypt, decrypt, sign and verify e-mails and files, for example. GPG fully complies with the IETF standard OpenPGP.
GPG is installed directly in the client computer that will handle end-to-end encryption and is expanded with various plugins for the applications that will use the function. There are a variety of options, the most common ones are listed here.
In general, we do not recommend the use of this solution as it requires very good knowledge of security and installations for everything to avoid security problems. But our forms are tested and work with these tools as well.
10. Mailvelope
Mailvelope is a popular browser extension that you can use in Chrome, Edge and Firefox to securely encrypt and decrypt your email with PGP using webmail providers. This is thus an add-on that must be installed in a browser.
In general, we do not recommend the use of this solution as it requires good knowledge of security and installations to avoid security issues. But our forms are tested and work with this tool as well.
Warning! By default, many browsers automatically send usage statistics and crash reports to their respective organizations. In the event of a bug, it is possible that stored content, which may also contain private keys, could be sent to them in these reports And Mailvelope can also collect analytics data where, for example, your e-mail provider is made visible.
- Created by Mailvelope GmbH which is based in Germany
- Built-in end-to-end encryption
- Open source code
- Available as a free option
