Google has proven time and time again to its over 1.5 billion Gmail users that strong user privacy is not the priority. While Google claims to have stopped scanning emails for advertising purposes in 2018, they are at the minimum still being analyzed for other purposes. Every Google assistant prompt to pay your bills, every restaurant reservation showing in Google Maps is a reminder that Google's army of bots lurks in the background of every email conversation. By not offering end-to-end encryption for Gmail messages, the advertising giant makes sure it has access to user's communications just in case. Gmail users can rely on little more than Google's former code of conduct preface Don't be evil. But competitors offering security and privacy based on more than just a pinky promise do exist. Some are new, some have been in the business decades longer than Google. Let's have a look at the best email providers for privacy.
There are probably dozens of email providers available that would fit in here but I'm including only providers that I either have personal experience with or are recommended by communities I trust on privacy issues.
Mailbox.org is maybe the email provider with my favorite domain name. Email addresses with "@mailbox.org" just sound so professional and clean. Besides email, the service includes a calendar and contacts, tasks, a small cloud drive as well as web chat and video calls. All incoming mail can be zero access encrypted at rest automatically, which means encrypted emails can only be decrypted by the user not the provider or anyone else. Their calendar and contacts don't support encryption currently. It is even possible to send end-to-end encrypted emails to non-Mailbox users. Mailbox.org supports two-factor-authentication for their webmail and it is possible to access IMAP using the anonymity network Tor through their .onion service. You can use custom domains and catch-all addresses and even sub-addressing using different aliases if you don't own a domain. And for the truly paranoid, they even accept cash by traditional mail. Their basic account costs 12€ per year but a 30-day trial is available. Many Gmail users might at first be annoyed by the idea of paying for email but it should be obvious that running and maintaining servers costs money. And while Gmail may be free on the surface, they don't offer it out of kindness. Mailbox.org has been in business since 1989, so I think you could safely say: They know their way around email servers.
Much younger but in my opinion the rising star in email privacy is Protonmail. One reason for its growing popularity is definitely their free basic account and even these users can enjoy zero access encryption at rest. Paid accounts start at 48 Euros or US dollars per year. They accept Bitcoin and other standard payment methods. I maybe should mention that even though many email providers use all kinds of encryption, email as a technology isn't exactly designed for private communication. Basically any kind of security and privacy feature was developed later on so unless you are using end-to-end encryption with for example OpenPGP, emails may still be intercepted at some point during their journey. The free Protonmail account includes encrypted Contacts but the encrypted calendar is only available on paid plans for now, just like support for IMAP using Protonmail Bridge. And contrary to my usual experience, their mobile app is actually pretty good. Emails to other Protonmail users are automatically end-to-end encrypted and as with Mailbox.org, you can also send OpenPGP encrypted messages to non-Protonmail users using a password. They also offer an .onion service, two-factor-authentication, custom domains, catch-all addresses and sub-addressing. Besides the domain protonmail.com, users can also enable the shorter "@pm.me". And Protonmail includes ProtonVPN with a free basic plan.
Posteo.de is another popular private email provider with zero access encryption for email, contacts and calendar. After a 14-day trial, Posteo costs 12€ per year, payable by cash-by-mail or standard payment options. Two-factor-authentication and OpenPGP mailing are supported but Posteo is missing some features others have, like use of custom domains or a .onion service. You can however create a mailing list. Let's do one more provider so the video stays relatively short and snappy:
Tutanota is one I've seen mentioned quite often on the privacytools.io subreddit. They of course have zero access encryption at rest for emails, contacts and calendar and offer two-factor-authentication and their basic account is free for personal use. It's possible to send encrypted messages to non-Tutanota recipients using a password and Tutanota.com allows for catch-all addresses, custom domains and aliases but otherwise does quite a few things differently. They only use credit cards or Paypal for payments and don't employ OpenPGP but their own encryption in custom open-source desktop and mobile clients. I appreciate their attempt at doing their own thing but for example their apps take some getting used to. They don't support third-party access via IMAP and don't run a .onion service. Tutanota's service in general seems to be geared more towards organizations and business customers. If you're looking for a private email provider, check these options out. Judge for yourself which which design and features are most appealing to you. I'll see you in the next post.