From holiday photos to our purchasing history to personal correspondences, our emails contain a great deal of sensitive information.
It is therefore vital to keep your inbox and messages secure. This is more difficult than it first appears, as email was invented and widely adopted in the early days of the internet before many of today’s security best practises were developed.
As with all digital content, the best way to keep emails secure is by using encryption — complex algorithms that prevent anyone from reading the content unless they have the correct encryption keys.
In this article, we explain the different types of encryption that most email services use to protect your messages and what Proton Mail does to add an extra layer of security and privacy.
How email is encrypted
Most modern email services encrypt emails in two ways:
- They use TLS/SSL encryption in transit. This is the same encryption used to secure HTTPS websites, and it is the backbone of all security on the internet.
- They use symmetric-key encryption algorithms such as AES(new window) to store emails. Most email services apply this encryption when an email is stored on its servers. This means the provider holds the encryption keys, which it can use to access your emails for advertising purposes or in response to third-party demands.
Proton Mail also encrypts emails in transit using TLS and stores them on our servers using OpenPGP (described below), both using trusted open-source implementations of AES and RSA.
However, we improve on the usual email encryption model in several key ways:
- All messages sent between Proton Mail users are end-to-end encrypted (E2EE) so that no one except you and your intended recipient(s) can access their contents.
- Support for OpenPGP encryption is built into Proton Mail(new window), making it easy to have E2EE conversations with non-Proton Mail users who use PGP.
- We also offer a Password-protected Emails feature that allows you to send E2EE emails to anyone.
- All emails — including non-E2EE emails you choose to send unencrypted to people who don’t use Proton Mail — are stored on our servers using zero-access encryption. This means we have no way to read your messages, scan them for advertising purposes, or hand them over to a third party.
End-to-end encrypted email
End-to-end encryption means the contents of your emails are encrypted on your device before being uploaded to our servers and can only be decrypted and read by the intended recipient.
This is achieved using the OpenPGP(new window) email encryption standard, which uses public-key cryptography(new window) to securely transmit messages between individuals. Messages are encrypted with the recipient’s public key and can only be decrypted using their private key (which only they have access to). No one else (including Proton Mail) can access the contents of E2EE messages.
OpenPGP encrypts the contents of messages and all attachments. The subject line and other metadata are not encrypted. To allow for advanced features (such as searching emails by subject line), Proton Mail’s end-to-end encryption works the same way.
End-to-end encryption for messages sent between Proton Mail users is automatic, and our integrated OpenPGP support makes it easy to send and receive PGP-encrypted E2EE messages to people that use PGP with other email providers. Proton also informs you when your messages are protected by E2EE with a small blue padlock (for other Proton Mail users) or green padlock (for OpenPGP users).
Additionally, we offer an Password-protected Emails feature that allows you to have end-to-end encrypted conversations with someone no matter what email provider they use. The recipient is sent an email telling them that an encrypted message is waiting for them on our servers.
To read the message, they must log in using a password you have previously shared with them. Once they have read your message, they can reply with a message that is also end-to-end encrypted.
Zero-access encrypted email
It is also possible to send and receive unencrypted emails to and from non-Proton Mail users. These are secured in transit to our servers using TLS encryption and are usually also secured in transit to the recipient’s email service’s servers using TLS (all major email services support TLS connections these days).
How messages are stored on the recipient’s email servers, however, is up to their service.
All messages (incoming or outgoing) stored on Proton Mail servers, whether E2EE or not, are secured using zero-access encryption.
They are encrypted using your public key and can only be decrypted locally on your device(s) using your private key (which, for additional security, is itself encrypted(new window) using AES-256 and secured using a password that is hashed with bcrypt).
This means we cannot access the contents of any messages stored on our server.
Making our apps open source provides transparency by allowing anyone to examine software code for issues. All Proton Mail apps are fully open source and have been independently audited(new window) by security professionals.
We also only use trusted open-source cryptographic libraries to implement AES, RSA, and OpenPGP to secure your emails.
Your email is secure with Proton Mail
Unlike most email services, Proton Mail views your data as something to protect, not exploit. That is why we apply zero-access encryption to all emails on our servers and make it easy to send end-to-end encrypted emails to both Proton Mail and non-Proton Mail users.
At Proton, we want to make privacy on the internet the default for everyone, and we knew the most important place to start was fixing email. That’s why we developed Proton Mail. Developing zero-access encryption for stored emails and providing an easy way to send truly secure end-to-encrypted emails to anyone were the first steps toward giving everyone the tools they need to control their online data.
What is end-to-end encryption?
End-to-end encryption (E2EE) means that you encrypt your own data on your own device, and only you and the intended recipient can access it. Thanks to this encryption, no one else can read your E2EE messages, including Proton Mail and the recipient’s email service.
What is zero-access encryption?
Proton Mail stores all emails — incoming and outgoing — on its servers using zero-access encryption. The message is encrypted using your public key and can only be decrypted using your private key, which only you possess. This means that while a message is stored on our servers, only you can access it.
Zero-access encryption only applies to messages stored on Proton Mail. If the person you wrote an email to does not use Proton Mail, their email service can likely read it.
To send emails that are truly secure, even on other email services’ servers, you should use one of our end-to-end encrypted email options.
What is OpenPGP?
OpenPGP is a popular and secure encryption standard used to secure emails. OpenPGP encrypts the body of emails and attachments. It does not encrypt the subject line and other metadata, such as when an email was sent or who the sender is.
What is TLS?
Transport Layer Security (TLS), the modern successor to SSL, is an encryption standard that allows asymmetric key exchanges using public-key cryptography (see main text above) to securely transmit data. TLS is most well-known for being the security layer for HTTPS, which secures connections to websites, but it is also used to secure emails in transit.
What is AES?
The Advanced Encryption Standard (AES) is a symmetric-key cipher, which means that the same key used to encrypt the data is used to decrypt it. It does not provide any way to securely transmit the key, so AES is mainly used to secure data at rest. AES is often considered the de facto standard of symmetric-key ciphers, in large part because the United States government uses it to protect classified data.
What is ECDH?
Elliptic curve Diffie-Hellman (ECDH) is an asymmetric key agreement protocol used to secure encryption keys during a TLS key exchange. It uses the properties of a particular type of algebraic curve numbers to encrypt connections. Proton Mail also uses ECDH (over Curve25519) to secure OpenPGP key exchanges.