Email that puts your security first

Phishing is one of the most common ways hackers gain access to data, typically by tricking users with emails designed to look like they come from a trusted sender. PhishGuard helps defend against phishing attacks that use Proton Mail accounts by flagging potentially spoofed email addresses and clearly marking them in your inbox. 

It can be difficult on mobile devices to tell if the link you’re tapping actually points to the URL you think it does. Link protection is a feature in Proton Mail for web, iOS, and Android that displays the full URL and requests additional confirmation from you before opening the link. 

Proton Mail supports Sender Policy Framework (SPF), which helps prevent others from sending emails from your domain, and Domain Keys Identified Mail (DKIM), which ensures that the contents of your message have not been tampered with. We also offer DKIM automatic key rotation. Finally, Proton Mail uses Domain-based Message Authentication, Reporting, and Conformance (DMARC) to prevent abuse emails from being sent to other servers if your email address has been spoofed and fails either SPF or DKIM.

This feature makes it easier to send PGP-encrypted emails to people who don’t use Proton Mail. Web Key Directory (WKD) allows domains to serve their own keys rather than relying on potentially untrustworthy keys uploaded to public servers. Our servers automatically use WKD to look for keys on external domains and automatically enable end-to-end encryption whenever possible.

Proton Mail uses advanced algorithms and machine learning to detect sophisticated attacks launched against specific accounts. This allows us to proactively warn you if your account is being targeted or automatically secure your account if we detect that an attacker has successfully compromised your account. 

With Proton Mail, encryption and decryption are fast and efficient thanks to elliptic curve cryptography. Unlike RSA cryptography, which uses extremely large numbers to achieve high security, ECC can provide the same level of security with less computational power, saving you time and battery life.

When emails travel between Proton Mail accounts, they are always end-to-end encrypted by default. But emails to non-Proton Mail accounts are protected with a different kind of encryption called SMTP TLS. DANE and MTA-STS are two web standards that protect your emails from attacks that remove this encryption, making it much harder for attackers to intercept your emails when communicating outside of Proton.

Proton Contacts uses zero-access encryption and digital signatures to ensure no one can tamper with your contacts or see any details you add, including your contact's phone number or address.

This lets you add and organize all your contacts' details in one convenient location while knowing that no one, not even Proton, can access that information but you.

2FA is available for all Proton accounts. When 2FA is enabled, you must provide a one-time passcode generated by an authenticator app on your device in addition to your username and password. This way, even if your account credentials are compromised, an attacker cannot access your account without also having physical possession of your device.

Proton Mail apps are designed to secure your account against unauthorized physical access. PIN Protection in Android allows you to set an app password that can be unlocked using your PIN or biometric authentication. And our AppKey Protection System for iOS defends your Proton account against sophisticated attempts to penetrate your device’s security, such as malware or forensic attacks sometimes used by governments.

Like Expect-CT, DNS CAA attempts to reduce the likelihood of a certificate authority issuing a fake certificate. This DNS record specifies which certificate authorities are allowed to issue certificates for a given domain or sub-domain.