ProtonBlog

Over 300 billion emails are sent and received daily around the world, making it one of the most popular forms of communication. However, most modern email providers, such as Gmail or Outlook, do not adequately protect your emails. 

Gmail stopped reading your emails(new window) to target you with personalized ads in 2017 but it still gives third-party developers access to the content of your emails(new window) and tracks your online purchases(new window). It also scans your emails to provide smart features(new window), although you can disable this setting. Allowing so much email information to be scanned and shared by potentially multiple unknown parties is bad for your privacy and security. 

One way to prevent this breach of your privacy is to set up your own secure email server. This gives you complete control over your data and ensures your messages are safe from third parties. 

However, setting up your own secure email server can be complicated and time-consuming. In this article, we explain what a secure email server is and show you how you can still send encrypted emails without setting up your own server. 

Get Proton Mail button

What is an email server?

While sending an email seems simple and instantaneous, several steps are involved. After you hit the “send” button, your email passes through a network of email servers before reaching your recipient’s inbox. An email server is a computer system designed to receive, process, and forward emails. Every email you send passes through several email servers along its way to its recipient. 

There are two main types of email servers

  • Incoming mail servers, also known as POP3 (Post Office Protocol) or IMAP (Internet Access Message Protocol) servers
  • Outgoing mail servers, also known as SMTP servers (Simple Mail Transfer Protocol)

How does a secure email server work?

A secure email server works just like a regular email server, except it uses advanced security protocols to protect your emails:

  • Strong encryption: A secure mail server only uses secure connections to transmit data. This includes protocols such as Transport Layer Security (TLS) and end-to-end encryption (E2EE)
  • Mail and sender authentication: Using anti-spoofing protocols such as Sender Policy Framework (SPF), you can cryptographically verify if an email was sent by trusted servers and has not been tampered with.
  • Anti-phishing measures: Anti-phishing measures implemented on an email server prevent phishing attacks and mitigate the impact of an attack.
  • Server location: A secure email server should be located in a country with strong data protections, allowing you to benefit from high levels of privacy.

Why you should not set up your own email server

While setting up your own server seems like a great way to control who gains access to your data, it’s also a complicated process that can undermine your email security if not done properly. Running your own email server means you’ll likely encounter one or more of the following challenges:

Email servers are complex

A typical mail server is made up of different parts that serve specific roles. Each component must be perfectly configured and maintained with the latest security updates to produce a fully-functioning secure email server. Because an email server can have so many moving parts, it can be tricky to set up and keep running securely unless you have the required technical expertise.

Mail deliverability is not guaranteed 

Most email providers have robust infrastructure and IT teams working around the clock to guarantee near-perfect rates of mail deliverability. If you set up your own email server, you may not have the same resources to ensure your emails are delivered successfully at all times. For example, your emails can end up in your recipient’s spam folder.

Email servers require ongoing maintenance 

Installing your own server is only the first step. After setting it up, you’ll need to dedicate time and effort to maintain it regularly. An estimate shows(new window) that setting up an email server costs around $500 and an additional $70 to $100 monthly to maintain it. In the long run, these costs can run exponentially high.

Securing email servers on your own is challenging

For an email server to be truly secure, it needs to be protected on multiple levels with technologies such as end-to-end encryption, anti-spoofing, and anti-phishing measures. Email security is complex enough for experts, which means securing an email server on your own is often quite difficult. If your email server is compromised, your emails could very easily fall into the wrong hands.

The better way to secure your emails

Thankfully, you can still send encrypted emails without setting up your own server, and that is to use an encrypted email provider. As the world’s most popular encrypted email service, our top priority at Proton Mail is to protect your privacy and security. We use E2EE and zero-access encryption to secure your emails so only you and your recipient can read your messages. 

We also own our own servers and invest heavily in our server infrastructure. All Proton Mail servers are located in Switzerland and Germany, and access to our data centers is secured with biometric access. Our servers utilize fully encrypted hard disks with multiple password layers, preserving data security even if our hardware is compromised. 

To protect you against phishing and spoofing attacks, we support SPF, DKIM, and DMARC. These protocols ensure the integrity of your email server and make it harder for hackers to spoof your email address.

When you sign up for a Proton Mail account, you can also enjoy the benefits of a secure email server without the risks above. The advanced security features Proton Mail offers include: 

  • End-to-end encryption: No one besides you and your recipient can read your messages.
  • Password-protected Emails: Send a fully encrypted message to anyone, not just to Proton Mail addresses. When your recipient receives your email, they only need to enter a previously agreed-upon password to read its contents. 
  • Spam detection: Proton Mail’s smart spam detection automatically filters out spam emails to your Spam folder.
  • Message expiration: Set a timer on your email so it’s automatically deleted from your recipient’s inbox after the time runs out. 
  • Encrypted contacts: Securely store your contacts’ details in your inbox, such as their phone number, address, birthday, and personal notes.
  • Sender verification: Proton Mail’s digital signatures ensure that an email has not been tampered with and comes from a legitimate sender.

In addition to a web application, Proton Mail also has mobile apps for iOS(new window) and Android(new window), ensuring the privacy and security of your messages even when you’re on the go. If you want to support our mission of building a better internet, consider signing up or getting a paid Proton Mail plan for the most comprehensive email security features.

Secure your emails, protect your privacy
Get Proton Mail free

Related articles

Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
what is a dictionary attack
Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts.  While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by usi
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f