At Proton, our mission is to build a better internet where privacy is the default. We started with email as it’s one of the most popular communication technologies available, used globally by governments, businesses, and ordinary citizens. Since its launch in 2014, Proton Mail has become the world’s largest encrypted email provider, with an uncompromising focus on online security and privacy.
Since you use your email address to sign up for online accounts, newsletters, and more, your inbox contains plenty of information about you. This information should be protected, and the best way to keep it safe is to use a trustworthy and secure email service, such as Proton Mail. Using end-to-end encryption (E2EE) and other advanced security features, Proton Mail keeps your conversations private and your inbox safe from advertisers, hackers, and spies.
In this article, we discuss the features that make Proton Mail safe and why you can trust us.
What makes Proton Mail safe?
What makes Proton Mail trustworthy?
Risks to consider when using Proton Mail (or any email service)
The safest way to send encrypted emails
What makes Proton Mail safe?
End-to-end encryption
The safest way of communicating online is to use end-to-end encryption (E2EE). E2EE is widely considered to be the gold standard for securing emails, giving you the highest level of privacy by ensuring only you (the sender) and your recipient can read your messages.
When you send an email with E2EE, your message is fully encrypted on your device and stays encrypted until it reaches your recipient’s inbox. Your recipient can only read your message by decoding it with the right private key. Nobody, including your email provider, can read or give anyone else access to your emails without your knowledge.
As the largest encrypted email provider, we use E2EE to protect millions of people and businesses every day. Our E2EE is based on OpenPGP, which is open source and compatible with other platforms that use PGP. With Proton Mail, PGP encryption is easy, convenient, and accessible to everyone.
And unlike other modern email providers such as Gmail or Outlook, Proton Mail ensures only you control and manage your encryption keys.
Zero-access encryption
In addition to E2EE, we also use zero-access encryption to protect your data at rest, making your inbox inaccessible to us. When you receive an email from an unencrypted email service, we immediately encrypt it with your public key. The encrypted data can only be decrypted locally on your device with your private key. Since we don’t have access to your private key, your email cannot be decrypted by anyone besides you.
Both E2EE and zero-access encryption protect your information from data breaches and privacy violations. For this reason, they’re highly recommended by experts and are important for complying with data protection laws such as GDPR and HIPAA. The combination of E2EE and zero-access encryption makes it impossible for us to access your inbox and share it with third parties.
Advanced security features
Besides E2EE and zero-access encryption, as an email provider focused on security and privacy, Proton Mail offers many advanced features not available together anywhere else:
- Enhanced tracking protection: We automatically remove spy trackers in the promotional emails you receive, letting you safely pre-load remote images without being tracked. Sensitive information, such as when you open an email and your IP address, is hidden from the sender.
- Phishing protection: Proton Mail provides anti-phishing protections with PhishGuard, a set of advanced features designed specifically to combat phishing.
- Password-protected Emails: You can use our Password-protected Emails feature to send secure emails to recipients who don’t use Proton Mail. Your recipient can only read your message if they enter the correct password.
- Smart spam detection system: Our spam detection system automatically filters messages to your spam folder. You can also customize the spam filters for granular control and add email addresses to your Block list.
- Encrypted and digitally signed contacts: All contact data, including display names and email address(es), is digitally signed with a private key linked to your account. Furthermore, contact details such as phone numbers, birthdays, etc, are end-to-end encrypted. This allows you to verify that your contacts have not been tampered with while in transit from your device to Proton Mail’s servers.
- Two-factor authentication (2FA) and security keys: To keep your Proton Mail account safe, you can use 2FA to verify your identity. We support temporary codes generated by authenticator apps, YubiKey, and other U2F/FIDO2-compliant keys.
- Anti-spoofing measures for custom domains: If you’re using a custom domain, we have advanced anti-spoofing and anti-phishing measures, such as DKIM and DMARC, to protect your domain from cyberattacks.
- PGP support: We offer full PGP support, allowing you to send and receive PGP-encrypted emails from non-Proton Mail addresses.
- Address verification: Unlike other encrypted email services, Proton Mail provides advanced protection against man-in-the-middle (MITM) attacks that try to intercept emails by sending false encryption keys through our address verification feature. This feature detects and warns against MITM encryption attacks.
What makes Proton Mail trustworthy?
Proton Mail was created in 2014 by a group of former CERN scientists who believe a better world starts with privacy and digital freedom. Over 10,000 individuals raised over $500,000 in our first public crowdfunding campaign to bring our shared vision to life.
Proton Mail’s unique history means we have always done things differently when it comes to trust and transparency. You can learn more about why you can trust Proton Mail in our dedicated blog post, but here are some of the main points.
Open source and audited by experts
One of our guiding principles at Proton is transparency. We believe you deserve to know how our services are made and how we keep your data private. For this reason, all Proton apps are open source(new window) and independently audited by experts. Making our code open source increases the security of our apps as it allows anyone to independently check our encryption works as advertised and participate in our bug bounty program. In other words, you don’t need to go by our word and blindly trust that our security claims are true.
We also maintain two popular open-source encryption libraries, OpenPGP.js(new window) and GopenPGP, used by hundreds of other companies, providing additional checks for the integrity of Proton Mail’s encryption.
We regularly commission independent security experts to audit our code and verify our encryption works as intended. You can read the results of our security audits below:
- Security audit results for Proton Mail
- Security audit results for Proton VPN
- Security audit results for Proton Calendar
- Security audit results for Proton Drive
Swiss jurisdiction
Proton is headquartered in Geneva, Switzerland, a country well known for its strict privacy laws. Unlike other developed nations, Switzerland is not part of any international intelligence-gathering networks, such as the 5 Eyes, 9 Eyes, or 14 Eyes agreements(new window). This means foreign governments cannot easily spy on or collect your data.
In fact, sharing data with foreign authorities is a criminal offense under Article 271 of the Swiss Criminal Code. Proton Mail also regularly fights in court to defend user privacy rights. In 2021, we won a significant legal victory in Switzerland that limits the data Swiss email providers are obliged to turn over in response to Swiss legal orders.
User-driven business model
We built Proton to serve the needs of people. Our first and only obligation is to the Proton community. Proton’s revenue comes entirely from our user community via paid plans. Unlike Big Tech, Proton does not make any money from advertising and we don’t have venture capital investors. This means we are only accountable to the community we serve, and have no incentive to abuse your privacy. Our E2EE and zero-access encryption also ensures your privacy mathematically.
We also put our money behind our beliefs. In the past years, Proton has supported internet freedom efforts in Russia (as detailed in this New York Times article(new window)), helped support activists and dissidents in Hong Kong, and funded the largest independent news outlet in Belarus. In 2021, Proton Mail was also recommended by the United Nations as a tool for reporting human rights abuses in Myanmar.
What the experts say
As the first encrypted email service, Proton has also attracted significant attention in the media. The testimonials we receive speak for themselves:
- “Proton Mail hosts its servers in Switzerland… so all user data is protected by strict Swiss privacy laws.” — The Wall Street Journal(new window)
- “Proton Mail is setting the standard for email privacy… and will likely gather more users too.” — VentureBeat(new window)
- “Proton Mail is one of the most privacy-conscious email services, and offers encrypted and self-destructing emails.” — The Guardian(new window)
- “Proton’s business has the credibility of always having had privacy engineering at its core.” — TechCrunch(new window)
- “Perhaps the most well-known secure email service out there. It is often favoured for its sleek design and strong security features.” — Gizmodo(new window)
- “My favorite email service.” — Jack Dorsey(new window), co-founder and former CEO of Twitter
We’re also frequently ranked first in multiple encrypted email comparisons online.
Risks to consider when using Proton Mail (or any email service)
When it comes to the internet, there’s no such thing as 100% privacy or 100% security. Email, like any technology, has its vulnerabilities. Here are some risks to consider when using any email service.
Spam and malware
Around 45% to 85% of all emails generated(new window) each day are spam. While some spam emails are merely annoying, others are designed to trick you into divulging sensitive information. No matter what email service you use, chances are you’ll encounter spam emails once in a while. And if you download an email attachment containing malware(new window), an attacker could gain unauthorized access to your computer and install harmful software.
Encryption unfortunately cannot protect you from a malicious email, although Proton Mail’s advanced spam filters do a pretty good job of detecting malicious emails.
Phishing scams
Phishing scams are a common way for attackers to trick you into revealing sensitive information. Often, these emails appear to come from a legitimate source, such as your bank or your credit card company, and contain links to fraudulent websites. Most data breaches in recent years have been due to phishing scams.
Email encryption doesn’t protect you from a victim of phishing scams, so you still need to stay vigilant against phishing. Proton Mail’s PhishGuard technology flags phishing emails in your box, letting you know which emails are potentially malicious.
Privacy vs. anonymity
Privacy is not the same thing as anonymity. While Proton Mail provides privacy by default, obtaining anonymity with Proton Mail requires more vigilance and proactivity. You can learn about the difference between privacy and anonymity in our blog post, and how to use Proton Mail more anonymously.
The safest way to send encrypted emails
Despite the risks that email poses, it remains a popular method for communicating with others. When you choose Proton Mail as your email provider, you’re entrusting us with your personal information. We take this responsibility seriously, which is why we use E2EE and zero-access encryption to protect your data.
To strengthen the security of your Proton Mail account, you can:
- Use a strong password: A strong password should be simple enough to memorize while being difficult for an attacker with a powerful computer to hack. If you’re having trouble coming up with one, use an open-source password manager or follow our guide on creating and remembering strong passwords.
- Enable two-factor authentication (2FA): 2FA provides an additional layer of security to your account by requiring a second form of identification, like a faceprint or possession of a mobile device or a security key. Unless a hacker knows your password and also has physical access to this second proof, they cannot access your account.
Because we believe privacy is a fundamental right, you can always sign up for a free Proton Mail account. While no system is 100% secure, Proton Mail provides a unique combination of features that might be the closest you can get to a safe and private email service.