Proton Mail encryption explained
Encryption is at the heart of what makes Proton Mail(nuova finestra) special. It provides a solution that’s so easy to use, any one can enjoy it.
As discussed in What is encryption?(nuova finestra), encryption is critical to keeping your data safe. In Proton Mail, the message body and attachments(nuova finestra) are fully encrypted.
Emails sent between Proton Mail users
Emails from Proton Mail users to non-Proton Mail users
- End-to-end encrypted if the Password-protected Emails(nuova finestra) feature is selected.
- Otherwise encrypted with TLS if the non-Proton Mail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted but not end-to-end encrypted, Gmail, Yahoo, Hotmail, etc will be able to read these messages and hand them over. This is not possible if you use Password-protected Emails, which enable Proton Mail’s end-to-end encryption.
Emails from non-Proton Mail users to Proton Mail users
- Unless you use PGP, the email message is encrypted in transit using TLS and stored on our servers using zero-access encryption. It is not end-to-end encrypted, however, and might be accessible to the sender’s email service.
- It is possible to receive end-to-end encrypted emails from Proton Mail users using PGP. You should export your Proton Mail public PGP key(nuova finestra) and share it with contacts for them to communicate in this way with you.
Replies from non-Proton Mail users to Proton Mail Password-protected Emails
- End-to-end encrypted
- All messages in your Proton Mail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-Proton Mail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
- Password-protected Emails are also stored end-to-end encrypted.
- Subject lines and recipient/sender email addresses are encrypted but not end-to-end encrypted.