ProtonBlog

Proton Mail has automated anti-abuse systems to protect against the main types of abuse that pose significant risks to the Proton community. These systems may sometimes suspend accounts for safety reasons. Below, we discuss why accounts get suspended and how suspended accounts can be restored. Proton Mail’s anti-abuse team works 24/7, and you can always reach a real person if you have an issue with your account. 

Types of abuse and security threats

As an encrypted email service, there are three main types of abuse with significant risks to our users:

Bulk email registrations

  • How it works: Attackers sign up for many Proton Mail addresses that they then use to sign up for other services, such as social media or e-commerce websites. Attackers then violate the terms and conditions of these other services or act abusively.
  • How it affects Proton services: Services that aren’t sophisticated at combating abuse may start blocking all accounts registered with Proton Mail, and then good users cannot use these services.

Account takeovers

  • How it works: Attackers log in to many good users’ accounts by fooling them with phishing attacks, cracking weak passwords, or using passwords that were leaked from a breached service in hopes that the user reused the same password on multiple accounts.
  • How it affects Proton services: Attackers can see the user’s encrypted data, use their data to impersonate them, take over other services linked to their email, or use their account to send spam.

Spam

  • How it works: Attackers send spam from many Proton Mail addresses to recipients on other email services.
  • How it affects Proton services: Recipients mark these emails as spam, causing Proton Mail IP and domain reputations to fall and get blocklisted, leading to email delivery issues for good users.

Since Proton Mail launched in 2014, we’ve provided free and easy-to-use secure email to anyone who wants more privacy online. Our focus on privacy means that Proton Mail has to do things differently. Zero-access encryption prevents us from accessing user inboxes, and our focus on privacy means we don’t require a phone number to create an account (unlike most other email services). For this reason, we need to be more sophisticated in detecting abuse and securing Proton Mail accounts in a privacy-preserving way. To date, these systems have protected millions of members of the Proton community from the above risks.

Blocking bulk signups

Because of the risk posed by bulk email registration, Proton Mail’s terms and conditions can’t permit anyone to create large numbers of free email addresses (there are possibilities for paid users, which we discuss below). 

With over a million monthly signups, preventing bulk signups is too complex for human analysts to manage effectively. It requires automated systems that use machine learning models to cluster accounts controlled by the same actor. 

When a cluster of free accounts grows too large, the system sends an email alert to some of the accounts, warning them that this is against our Terms of Service. If this warning is ignored and the bulk account creation continues, the system will suspend all accounts in the cluster. 

As with any prediction system, there’s a tradeoff between false positives (blocking the accounts of good users) and false negatives (letting abusers create accounts). We try to minimize both, but inevitably, even though it’s rare, our system sometimes disables or blocks good users. We regret when this happens, but automated systems are required to prevent abuse that would otherwise impact good Proton Mail users.

If you’ve been impacted by our anti-abuse system and weren’t using Proton Mail for abusive purposes, please submit a report at https://proton.me/support/appeal-abuse

Our team of analysts is available to review reports 24/7. They will quickly investigate the situation and help restore your account. 

If you want to avoid such issues and support Proton in providing high-quality free services, consider upgrading to a paid account. Paid accounts can add custom domains and create multiple email addresses, including on premium Proton domains such as @pm.me. 

With multiple addresses, you can use a different one for each external service (for example, one for a social media site and another for a crypto exchange) to keep your identities private. This also allows you to disable any address that you no longer want to receive email or spam with. If you need secure email for your organization, we also have business encrypted email plans with multiple accounts, automated SMTP sending, and dedicated customer support.

If you’re the operator of an internet service and have seen abuse, such as bulk registrations or spam coming from Proton, please let us know at https://proton.me/support/report-abuse or email us at abuse@proton.me. Our team will carefully review each report, take appropriate action against abusers, and improve our systems to prevent future abuse.

Preventing account takeovers

Another reason our automated anti-abuse systems disable accounts is to protect users from having their accounts taken over. If we think an attacker has breached your account or is in imminent danger of being breached, we may proactively suspend your account to prevent the attacker from getting in, at least until we can get in touch with you. 

To date, Proton Mail hasn’t had any data breaches or data leaks, and we don’t ever have access to your password thanks to our use of zero-access encryption and end-to-end encryption. Still, an attacker may obtain the password of an account. This could happen if you fall for a phishing attack or reuse a password from another service that was hacked. 

To prevent account takeovers, we block accounts at risk of such attacks, which could lead to your account being disabled. If this happens to you, we might ask you to use your recovery method to change your password or get in touch with our Support team to secure your account. 

To help you monitor your account security, we built mobile push notifications to alert you of each successful login. We may require a captcha or force a verification from any saved recovery methods for suspicious logins that we’re not confident enough to block. This is for your safety. Cumulatively, these defenses have reduced compromised accounts by over 80% in the last two years.

Proton is used by some of the world’s most high-profile journalists, leaders, and international organizations that are high-value targets for attackers. We strongly recommend using two-factor authentication, which adds a layer of protection to your account, and setting up a recovery phrase, which can recover data even if you forget your password.

If you are a high-profile public figure, deal with sensitive data, or think you might be a target for cyberattacks, you can take advantage of our Proton Sentinel program. It provides advanced account security, enables you to monitor login attempts more closely, and lets you speak with Proton security analysts.

If you have any issues related to account recovery or security, please contact our specialists by emailing abuse@proton.me.

Reducing spam

Proton Mail also has a sophisticated in-house system that applies similar machine-learning techniques to email, mainly to fight spam and phishing attacks. This system also includes PhishGuard, which automatically adds phishing warnings to emails that are likely spoofed or are part of a phishing attack. The system automatically learns from your feedback (for example, moving an email to spam, marking an email as phishing, or moving an email from spam to inbox) so it can quickly react to new attacks and improve its decisions if you disagree with its classifications. Our anti-spam system protects the Proton community from abuse and security threats and is at least 60% more effective than widely used spam filters such as SpamAssassin.

In addition to classifying incoming emails, this system works with our other anti-abuse systems to block bulk email registrations and outgoing spam from abusive Proton Mail accounts. Due to these systems and the global team that monitors for threats 24/7, Proton Mail has high-reputation IPs and domains that provide great email deliverability for the Proton community. If you have any issues with mail delivery or spam, please email our specialists at postmaster@proton.me.

Looking forward

Abuse is an inevitable part of the internet because wherever there is freedom and opportunity, there will be bad actors trying to take advantage. And if a service has value and is easy to abuse, it will attract more abusers, and the experience and safety of users will suffer until the service has little value. 

That’s why our fight against abuse and bad actors is a critical part of our work to support freedom and privacy on the internet.

We hope these efforts will make the Proton ecosystem the most secure and easy-to-use solution for anyone who wants to interact on the internet.

Protect your privacy with Proton
Create a free account

Related articles

It’s been roughly two months since the European Union’s Digital Markets Act (DMA), which aims to restore competition and fairness to the internet, came into effect for Big Tech monopolies. Since then, Google has done precisely nothing to comply with
Today we’re announcing enhancements to our business plans, further enriching our commitment to delivering the best privacy experience for businesses. These upgrades will help us continue expanding our feature suite for organizations, while giving mor
Proton Pass brings secure and private password management to all devices
Today, we’re excited to announce the launch of the Proton Pass macOS app and the Proton Pass Linux app. One of the most popular requests from the Proton community was a standalone desktop app, which is now available on every major platform — Windows,
When you use the internet at home, connected to everything from fitness equipment to game consoles, smartphones, and laptops, marketing companies could be watching you with a tiny piece of surveillance tech you might not even know about. We’re talki
Every year, we send a survey to the Proton community asking for your feedback and ideas. We then use that information to guide our future plans. This year, we received thousands of responses, giving us insight into what you expect from us.  As one o
Hackers use various methods to crack passwords, and one of them is the rainbow table attack. In certain cases, this method can be faster than dictionary attacks or credential stuffing. In this article, we explore how rainbow table attacks work and d