ProtonBlog(new window)

Many of you might have noticed that Proton Mail had a brief scheduled downtime last week. That was actually the first step of a major infrastructure upgrade that we have just completed. Thanks to the support from our crowdfunding contributors(new window) and around-the-clock work of our team, Proton Mail today is more secure and reliable than it has ever been, even with the huge number of additional users we have recently invited from the waiting list.

For those users who have been on our waiting list for several months, the wait will soon be over as our new infrastructure will allow us to support almost everybody. We will be inviting nearly everybody over the next month!The reason it has taken us so long to get to this point is because building an email architecture that is secure, scalable, and also reliable is no easy task. In this post, we will be describing some of the work the Proton Mail team has been doing in the past couple months to keep your data safe.

Hardware and Network

Proton Mail’s infrastructure scaling is complicated by the fact that we run our own servers which means we also need to build in redundancy on the hardware and network level which greatly increases the required effort. Fortunately, our team has worked on building and managing large scale systems at CERN(new window) and are able to draw from that experience.

Because Proton Mail’s encryption is zero access and we do not have the ability to read our user’s encrypted data, in some ways, it does not matter where we store encrypted data. However, as we have seen in the past, third parties simply cannot be trusted(new window) to safeguard online privacy and freedom. The ONLY way to ensure the highest level of data security and uptime is to have full control over the server hardware and network. This is why despite the added difficulty and complexity, we go a step beyond and only use hardware that we physically own and control within Switzerland to host Proton Mail.

All of our servers feature fully encrypted disks and we use RAID arrays with high redundancy for our storage. The redundancy even extends to the way we power our servers. Within each datacenter, only half of our servers are connected to a single power unit so a failure of an upstream power unit cannot take all servers offline.

Distribution of Proton Mail datacenters in Switzerland.(new window)
Distribution of Proton Mail datacenters in Switzerland.

Datacenter Redundancy

While we have excellent redundancy within our main datacenter, to ensure even higher reliability, Proton Mail began to build out in a second datacenter this summer. Today, Proton Mail’s hardware infrastructure is spread out across two datacenters in Switzerland to ensure that a catastrophic disaster at one datacenter will not lead to data loss. In a follow up post, we will talk more about Proton Mail’s datacenters.

Infrastructure Architecture

The diagram below gives a high level overview of Proton Mail’s latest architecture after last week’s upgrade. The overarching design philosophy is to eliminate as many single points of failure as possible in order to make Proton Mail the most reliable encrypted email service ever built.

ProtonMail's server infrastructure, 100% owned and operated by Proton Mail.
Proton Mail’s server infrastructure, with all servers owned and controlled by Proton Mail, running 100% open source software.

Load Balancing

As Proton Mail’s userbase grew, we rapidly exceeded the capacity of a single server which made it necessary to load balance across multiple servers. Our load balancing system splits the load among multiple web and mail servers and also provide instantant failover in the event of a web or mail server crash.

Web Servers

All Proton Mail servers (web servers included) exclusively run open source software and are Linux based. Our architecture allows additional web servers to be added without downtime. Furthermore, any individual web servers can be taken offline without impacting users. This gives full redundancy in the event of a web server failure, and also allows us to take machines offline at any time to perform security updates.

Mail Servers

Proton Mail’s mail infrastructure is also fully redundant and any mail server can fail without impacting inbound or outbound mail deliverability. Our mail software architecture also allows us to buffer mail on the mail servers. This means in the event of a database failure, mail servers can save incoming messages until the database servers come back online so a database failure will not lead to the loss of incoming messages.

Database Layer

We use a cluster of database servers to store encrypted user messages. We have multiple SQL servers with automatic failover which allows us to lose SQL servers without system downtime. The data servers are clusterized so that individual data servers can be lost without leading to data loss or downtime.

As an additional layer of security, we have a backup data cluster which replicates from the master cluster in real time so in the event of a catastrophic failure of the primary cluster, we can switch to the backup with minimal data loss.


For added security against DNS attacks and better control over our domain, Proton Mail also runs our own DNS infrastructure which is distributed between our two datacenters for redundancy. Our DNS root zone is managed by SWITCH(new window) which administers .ch domain names on behalf of the Swiss Federal Office of Communications (OFCOM).


Proton Mail utilizes a sophisticated monitoring system that is also distributed between two datacenters in order to monitor the health of our hardware and also detect for potential network intrusions or abnormalities.

Looking Forward

When Proton Mail was first opened to the public back in May, our architecture at that time was run on just two servers (a primary and a backup) and was rapidly overloaded(new window) by users from around the world. Our current architecture is a huge advancement from that and would not have been possible without many months of hard work from our team and the support of our crowdfunding contributors(new window).

There is still much infrastructure work to be done and we will continue to add improvements on two main fronts. First, we will keep pushing to eliminate single points of failure to reduce the risk of downtime. Secondly, we will work on bringing more components of the internet infrastructure needed to run Proton Mail under our direct control to improve privacy and reliability. We recently took a step in this direction by joining Réseaux IP Européens(new window) NCC and becoming a Local Internet Registry which serves Proton Mail exclusively. As you can see, we are far from done and 2015 will certainly be a busy year!

Protect your privacy with Proton
Create a free account

Related articles

chrome password manager
You likely know you should store and manage your passwords safely. However, even if you are using a password manager, there’s a chance the one you’re using isn’t as secure as it could be. In this article we go over the threats some password managers
sensitive information
We all have sensitive personal information we’d all rather not share, whether it’s documents, photographs, or even private video. This article covers how to handle sensitive information or records, and what you can do to keep private information priv
Social engineering is a common hacking tactic involving psychological manipulation used in cybersecurity attacks to access or steal confidential information. They then use this information to commit fraud, gain unauthorized access to systems, or, in
is whatsapp safe for sending private photos
WhatsApp is the world’s leading messaging app, trusted by billions of people around the globe to send and receive messages. However, is WhatsApp safe for sending private photos? Or are there better ways to share photos online privately? Let’s find ou
passwordless future
With the advent of passkeys, plenty of people are predicting the end of passwords. Is the future passwordless, though? Or is there room for both types of authentication to exist side-by-side?  At Proton, we are optimistic about passkeys and have int
At Proton, we have always been highly disciplined, focusing on how to best sustain our mission over time. This job is incredibly difficult. Everything we create always takes longer and is more complex than it would be if we did it without focusing on