Two open source secure email services

Keep your email private with the help of these two open source services for securing your email.
568 readers like this.
A pile of paper mail

Judith E. Bell. Modified by CC BY-SA 2.0.

As much we all complain about email, for most of us, email is still our primary conduit for online communication. That said, numerous hacks and revelations about government surveillance have made it clear that email is also one of the most vulnerable of those conduits.

What you send via email is your business and yours alone. Besides you and the recipient, no one else should be reading that message. Not hackers, not government agencies, and definitely not nosy siblings or friends.

To ensure that your email stays private, you need to secure it. If you have a degree of technical knowledge and skill, you can set up your own email server that allows you to do that. However, that's not an option for those of us without those skills and that knowledge.

So, what can we do to keep out emails private? Turn to secure, open source email services like the two I cover in this article.


ProtonMail boasts that it keeps your email messages "encrypted at all times." It does a good job of that. The only time a message isn't encrypted is when it lands in a recipient's inbox.

The service uses several levels of security. When you set up a ProtonMail account, you're encouraged to create two passwords: a login password and a password to decrypt your mailbox. The mailbox password is optional, but if you want an extra layer of security you should set it. You can add even more security to your account using two-factor authentication.

Sending a message to another ProtonMail user automatically encrypts it. When you a message to someone who doesn't use ProtonMail, you can choose to encrypt it. When you do that, you add a password to the message. The recipient gets a link to the message, and enters the password that you set. From there, they can read and reply to the message.

Caption: Composing an email in ProtonMail

You can also set messages to self-destruct after a number of hours, days, or weeks into the future. To do that, you'll also need to set a decryption password for the message. Once the message expires, it becomes digital dust never to be seen again.

ProtonMail is quite easy to use, and its web interface is clean though kind of traditional. You can sign up for a paid account starting at US $4 per month, or peruse the ProtonMail repositories on GitHub.


Tutanota takes a similar approach to protecting your emails. Your inbox is encrypted, and you have the option to either encrypt the message or not. In case you're wondering, messages are end-to-end encrypted if you're sending to someone with a Tutonota email address.

If you do choose to encrypt the message (and why wouldn't you?), you're asked to create a password that the recipient will use to decrypt all emails that you send them. You'll need to securely share that password with them—perhaps via text message, a letter, or a phone call.

Getting ready to encrypt an email in Tutanota

An email containing the link to the encrypted message lands in the recipient's inbox. They click the link, enter the password, and can read and reply to the message. That all sounds a bit cumbersome, but it's better to be safe than sorry.

Other than that, Tutanota has a very minimal interface and is easy to use. You can also upgrade to a premium account for 12 euros a year. You can learn more about how Tutanota encrypts emails or you can look at the code on GitHub.

Two other options worth noting

You might remember Lavabit as being Edward Snowden's email service of choice. The folks behind Lavabit shut the service down rather than turn over user information to the government. Well, Lavabit is back and it uses a new end-to-end secure communication protocol to protect messages.

If you want to host your own secure email client, then check out Mailpile. It's not a mail server. Instead, Mailpile works with other email services (like Gmail) to encrypt your communication. It uses OpenPGP for encryption, and you can run it on just about any computer, even a Raspberry Pi.

Do you have a favorite secure open source email service? Feel free to tell our community about it by leaving a comment.

That idiot Scott Nesbitt ...
I'm a long-time user of free/open source software, and write various things for both fun and profit. I don't take myself all that seriously and I do all of my own stunts.


Very valuable article Scott! I would like to add to the list. With Kolab, if you use their service, your data is hosted in Switzerland. This country has strict policies on privacy and data protection.

I've been using ProtonMail for about a year now and really like their service. I'm mostly missing an import feature so I could bring all my old emails into the same system.

Hi Jimmy,

Glad to hear you are enjoying ProtonMail.

Import is coming! We also have IMAP/SMPT support to allow use with any client.

Alex from ProtonMail

In reply to by jimmysjolund

Thanks Scott, very well explained. I'm very satisfied with Tutanota, even upgraded to a paid account recently because obviously I'm not paying with my data. These secure alternatives need much more attention!

Thanks for checking us out, Scott. We are also honored to maintain the openPGP project ( Having PGP support has been critical to our users who love the ability to receive PGP messages from their contacts who use other PGP providers.

Just want to note, you can signup for a free ProtonMail account at

Alex from ProtonMail

Another good service, based in Panama, is Sub Rosa ( They offer a self-destructing email for those you do not trust their recipient's email server. Messages never leave their server, can be password protected, and be be set to self-delete on read and/or after a set period of time. They can also be accessed on the TOR network.

Awesome information! I've been looking for a way to keep my GMail account more private. These sound like they'll fit the bill perfectly! Thanks for the information!!

Good stuff. Thanks for sharing!

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.