Human verification — checking you’re a human when you sign up for Proton Mail

In order to maintain the integrity of Proton Mail, we must take measures to stop spammers creating accounts. This is because if spammers use Proton Mail to send messages, Proton Mail’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, and Outlook.

In order to prevent the creation of accounts by spam bots or human spammers, Proton Mail uses a variety of human verification methods. You may be asked to verify using either CAPTCHA, email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors.

Generally speaking, attempting to create multiple accounts will trigger more difficult verification methods such as email or SMS, although there are also other factors that we consider. Certain Tor exit IPs also encounter this problem if they are frequently abused by spammers or attackers attempting to brute force user accounts.

If you are only given the option of email or SMS verification and would like to avoid using email or SMS verification, it is possible to do so by upgrading to a paid plan using PayPal or Bitcoin.

We don’t save CAPTCHA results. If you are presented with email or SMS verification, we only save a cryptographic hash of your email or phone number which is not permanently associated with the account that you create. Because hash functions are one-way functions, it is impossible to derive your phone number or email from that hash. However, using the same phone number will result in obtaining the same cryptographic hash. So by comparing hashes, we can detect if phone numbers or email addresses are reused for human verification.