ProtonBlog(new window)
Subscribe by RSS

Anti-abuse and account security at Proton

Dingchao Lu(new window)

Share this page

Proton Mail has automated anti-abuse systems to protect against the main types of abuse that pose significant risks to the Proton community. These systems may sometimes suspend accounts for safety reasons. Below, we discuss why accounts get suspended and how suspended accounts can be restored. Proton Mail’s anti-abuse team works 24/7, and you can always reach a real person if you have an issue with your account. 

Types of abuse and security threats

As an encrypted email service, there are three main types of abuse with significant risks to our users:

Bulk email registrations

  • How it works: Attackers sign up for many Proton Mail addresses that they then use to sign up for other services, such as social media or e-commerce websites. Attackers then violate the terms and conditions of these other services or act abusively.
  • How it affects Proton services: Services that aren’t sophisticated at combating abuse may start blocking all accounts registered with Proton Mail, and then good users cannot use these services.

Account takeovers

  • How it works: Attackers log in to many good users’ accounts by fooling them with phishing attacks(new window), cracking weak passwords, or using passwords that were leaked from a breached service in hopes that the user reused the same password on multiple accounts.
  • How it affects Proton services: Attackers can see the user’s encrypted data, use their data to impersonate them, take over other services linked to their email, or use their account to send spam(new window).

Spam

  • How it works: Attackers send spam from many Proton Mail addresses to recipients on other email services.
  • How it affects Proton services: Recipients mark these emails as spam, causing Proton Mail IP and domain reputations to fall and get blocklisted, leading to email delivery issues for good users.

Since Proton Mail launched in 2014, we’ve provided free and easy-to-use secure email to anyone who wants more privacy online. Our focus on privacy means that Proton Mail has to do things differently. Zero-access encryption(new window) prevents us from accessing user inboxes, and our focus on privacy means we don’t require a phone number to create an account (unlike most other email services). For this reason, we need to be more sophisticated in detecting abuse and securing Proton Mail accounts in a privacy-preserving way. To date, these systems have protected millions of members of the Proton community from the above risks.

Blocking bulk signups

Because of the risk posed by bulk email registration, Proton Mail’s terms and conditions can’t permit anyone to create large numbers of free email addresses (there are possibilities for paid users, which we discuss below). 

With over a million monthly signups, preventing bulk signups is too complex for human analysts to manage effectively. It requires automated systems that use machine learning models to cluster accounts controlled by the same actor. 

When a cluster of free accounts grows too large, the system sends an email alert to some of the accounts, warning them that this is against our Terms of Service. If this warning is ignored and the bulk account creation continues, the system will suspend all accounts in the cluster. 

As with any prediction system, there’s a tradeoff between false positives (blocking the accounts of good users) and false negatives (letting abusers create accounts). We try to minimize both, but inevitably, even though it’s rare, our system sometimes disables or blocks good users. We regret when this happens, but automated systems are required to prevent abuse that would otherwise impact good Proton Mail users.

If you’ve been impacted by our anti-abuse system and weren’t using Proton Mail for abusive purposes, please submit a report at https://proton.me/support/appeal-abuse

Our team of analysts is available to review reports 24/7. They will quickly investigate the situation and help restore your account. 

If you want to avoid such issues and support Proton in providing high-quality free services, consider upgrading to a paid account. Paid accounts can add custom domains and create multiple email addresses, including on premium Proton domains such as @pm.me. 

With multiple addresses, you can use a different one for each external service (for example, one for a social media site and another for a crypto exchange) to keep your identities private. This also allows you to disable any address that you no longer want to receive email or spam with. If you need secure email for your organization, we also have business encrypted email plans with multiple accounts, automated SMTP sending, and dedicated customer support.

If you’re the operator of an internet service and have seen abuse, such as bulk registrations or spam coming from Proton, please let us know at https://proton.me/support/report-abuse or email us at abuse@proton.me. Our team will carefully review each report, take appropriate action against abusers, and improve our systems to prevent future abuse.

Preventing account takeovers

Another reason our automated anti-abuse systems disable accounts is to protect users from having their accounts taken over. If we think an attacker has breached your account or is in imminent danger of being breached, we may proactively suspend your account to prevent the attacker from getting in, at least until we can get in touch with you. 

To date, Proton Mail hasn’t had any data breaches or data leaks, and we don’t ever have access to your password thanks to our use of zero-access encryption and end-to-end encryption. Still, an attacker may obtain the password of an account. This could happen if you fall for a phishing attack(new window) or reuse a password from another service that was hacked. 

To prevent account takeovers, we block accounts at risk of such attacks, which could lead to your account being disabled. If this happens to you, we might ask you to use your recovery method to change your password or get in touch with our Support team to secure your account. 

To help you monitor your account security, we built mobile push notifications to alert you of each successful login. We may require a captcha or force a verification from any saved recovery methods for suspicious logins that we’re not confident enough to block. This is for your safety. Cumulatively, these defenses have reduced compromised accounts by over 80% in the last two years.

Proton is used by some of the world’s most high-profile journalists, leaders, and international organizations that are high-value targets for attackers. We strongly recommend using two-factor authentication, which adds a layer of protection to your account, and setting up a recovery phrase, which can recover data even if you forget your password.

If you are a high-profile public figure, deal with sensitive data, or think you might be a target for cyberattacks, you can take advantage of our Proton Sentinel program(new window). It provides advanced account security, enables you to monitor login attempts more closely, and lets you speak with Proton security analysts.

If you have any issues related to account recovery or security, please contact our specialists by emailing abuse@proton.me.

Reducing spam

Proton Mail also has a sophisticated in-house system that applies similar machine-learning techniques to email, mainly to fight spam(new window) and phishing attacks(new window). This system also includes PhishGuard, which automatically adds phishing warnings to emails that are likely spoofed(new window) or are part of a phishing attack. The system automatically learns from your feedback (for example, moving an email to spam, marking an email as phishing, or moving an email from spam to inbox) so it can quickly react to new attacks and improve its decisions if you disagree with its classifications. Our anti-spam system protects the Proton community from abuse and security threats and is at least 60% more effective than widely used spam filters such as SpamAssassin.

In addition to classifying incoming emails, this system works with our other anti-abuse systems to block bulk email registrations and outgoing spam from abusive Proton Mail accounts. Due to these systems and the global team that monitors for threats 24/7, Proton Mail has high-reputation IPs and domains that provide great email deliverability for the Proton community. If you have any issues with mail delivery or spam, please email our specialists at postmaster@proton.me.

Looking forward

Abuse is an inevitable part of the internet because wherever there is freedom and opportunity, there will be bad actors trying to take advantage. And if a service has value and is easy to abuse, it will attract more abusers, and the experience and safety of users will suffer until the service has little value. 

That’s why our fight against abuse and bad actors is a critical part of our work to support freedom and privacy on the internet.

We hope these efforts will make the Proton ecosystem the most secure and easy-to-use solution for anyone who wants to interact on the internet.

Protect your privacy with Proton
Create a free account

Related articles

what is a brute force attack
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage
chrome password manager
You likely know you should store and manage your passwords safely. However, even if you are using a password manager, there’s a chance the one you’re using isn’t as secure as it could be. In this article we go over the threats some password managers