ProtonMail was founded in 2013 and launched in 2014 at the European Organization for Nuclear Research (CERN) research facility. It’s an open-source, end-to-end encrypted email service. That same year, on their Indiegogo campaign they had more than 10,000 backers and were 550-percent funded. They’ve even been featured on the critically acclaimed TV show, “Mr. Robot.” However, we know the entertainment business doesn’t always align with reality, so is their understanding of ProtonMail’s cybersecurity deserved or hyped?
While signing in, you have to choose a plan. The good news is that there’s a free account, although they’re upfront about the fact that it has limited features. Yes, you will get the privacy of their open-source software, but you’ll only get 500MB of storage,150 messages a day and limited support. You’ll need to spend a bit of money to get more features. Next, you have to provide a username and password, and an optional recovery email. After confirming that you aren’t a robot and choosing a display name, you’re ready to go for the free plan. If you selected a paid plan, you’ll have to set up your domain configuration. After that, you’re ready to roll.
Components and details
Design, navigation and user friendliness
When you open your inbox, you’ll see a relatively standard layout. On the left side of the screen, is a menu that gives you access to different folders and label settings. On the top is a bar with icons for upgrade, settings, contacts, reporting bugs and profile settings. The main portion of the window will be filled with the page you’re currently on and the inbox will have a default split view. On the left will be a list of your emails and those emails open on the right. If you want to compose a new email, a pop-up window will appear from the right corner.
When we tested the free plan, we noticed one thing that we haven’t found thus far with other services. When you compose an email, there will be a little clock button that’s actually an expiration time. This means, that if you save the draft, it will automatically be deleted in the set number of weeks, days and/or hours. This is quite useful if you’re prone to typing a lot of templates and never using them. That way you can keep your storage clean. However, the downside is that you’ll have to do this for each draft, individually. It would be great if there was an automatic process for all drafts, because some drafts are worthy of keeping for a long time, whereas others pile up and clutter your drafts folder.
When you compose emails, you’ll have a basic rich text editor. If you accidentally attach a file you don’t care to send, it can be tricky to figure out how to delete it. But, it can be done by simply clicking on the attachment and a small x will appear. The best part of sending a new message is the encryption option. You can set a password, a hint for the password and the expiration time. If you don’t set a specific expiration time, encrypted messages to non-ProtonMail recipients will expire in 28 days. As far as the security goes, this one deserves a round of applause.
Features and Specs
As we mentioned, the free plan comes with a very limited 500MB, which feels very 1990s. There are two more paid plans with 5 and 20GB respectively, and although the latter is enough for small businesses, the pricing feels a bit limited, considering what competitors offer. There are also limitations on addresses, which are 1, 5 and 50 for each plan and, as previously mentioned, message quantities of 150, 1000 and unlimited per day. The main reason we encourage you to get a paid plan is that you can’t use a custom domain in a free plan. With a paid plan, you’ll get to use one or ten custom domains, depending on which plan you pick. However, for a certain price, you can add more domains, storage space per GB and addresses.
There are also different levels of support and limitations on how many labels you can use. Keep in mind that there are no custom email filters with the free plan. While some people may never use this feature, if you’re a business owner, this option will come in handy at some point. If you’re not satisfied with their default inbox look, you can adjust and customize it somewhat.
ProtonMail also has iOS and Android apps that are quite faithful to the webmail design. They’re equally easy to use and capable of doing almost everything a web version can. But you won’t be able to use use other email providers via POP or IMAP because of the technology that ProtonMail utilizes within web browsers to encrypt and decrypt your messages. Considering that they place heavy emphasis on security, plugging any potential leaks is actually quite logical. However, it means you’ll have to get used to using their inbox. More about security features in a bit.
The one thing we really missed was autoresponder. It’s a standardized piece of software that’s quite handy when you’re offline. Additionally, you can’t collect email from your existing email accounts—not even from your backup email. In short, ProtonMail is a nice service toy, but it won’t play well with others. However, when emails come from third-party email providers, they’re encrypted with the recipient’s public key before saving it on ProtonMail servers.
This brings us to a sticky issue. While we’ll introduce you to the security aspects of ProtonMail later, we’d like to mention some legalities. Encryption, of course, is good and being located in Switzerland makes it more difficult for someone to force decryption of your data. But it’s not a failsafe method of making your email correspondence 100-percent impenetrable. There are assistance treaties, most often with the U.S., that require ProtonMail to release any information legally available to governments. So, if you’re planning to be the next big whistleblower, Swiss laws won’t help you. In short, legal complications will merely be an obstacle, but not a roadblock.
Security is a real strength of ProtonMail. In the addition to two-factor authentication for login and end-to-end email encryption, they also use full-disk encryption and the highest strength 4096-bit SSL certificates issued in Switzerland. They don’t use cloud hosting but, instead own and manage their own server and network infrastructure that’s distributed across multiple data centers in Switzerland. Their primary datacenter is located in a bunker 1,000 meters under the Swiss Alps, which also means it’s pretty safe from the potential environmental hazards. Interestingly their cryptography libraries and all client-side code is completely open source and available for review, which is not always the case.
ProtonMail also is heavily invested in DDoS protection, to ward against future shut downs by rogue attacks. They learned the importance of this hard way. After a major breach, ProtonMail was forced to pay ransom to their attackers to get their services back online. They installed additional security measures and today, they’re the only encrypted email provider capable of resisting large-scale DDoS attacks.
ProtonMail’s zero-access architecture means that your data is encrypted in a way that makes it inaccessible, even to them. They don’t record metadata such as IP addresses used to log into accounts. At sign in, you may notice that you’re not required to provide any personally identifiable information to register. To take anonymity even further, you can send an encrypted communication to non-ProtonMail users via symmetric encryption. They receive a link which loads the encrypted message onto their browser, which they can decrypt using a passphrase you’ve shared with them. They also allow you to access through an Onion site (no, not the satirical news site) using the Tor network. So you can add an additional two steps to your two-step authentication. Of course, you’ll be equipped with customizable spam filters, whitelists and blacklists, and if you are on their most expensive plan, you’ll get a VPN. In short, if you’re concerned about protecting your information, ProtonMail goes the full mile to keep it secure.
When it comes to support, you’ll get 24/7 service. But your plan will dictate if you get regular, priority or limited support. ProtonMail has a presence on the top social networks and they have a community feedback forum. While there are a ticketing system and email support, there are no phone or chat services. They do offer a knowledge base that you can search for frequently asked questions. Although we didn’t encounter any problems during testing, it’s always nice to know you’ll have real-time support, just in case. Interestingly, you’ll find support for both security, where you can report bugs, and financial, where you can donate money or buy merchandise. Not a relationship you usually see with email providers, but we were intrigued by this.
There are three ProtonMail plans and you can see their pricing in USD, EUR or CHF.
500MB Storage, 1 address, 150 messages a day, 20 labels and limited support
Plus $5 per month or $48 per year
5GB Storage, 1 custom domain, 5 addresses, 1000 messages a day, 200 labels, custom email filters and support
Visionary $30 per month or $288 per year
20GB Storage, 10 custom domains, 50 addresses, unlimited messages a day, unlimited labels, custom email filters and priority support
Extra storage $1 per month or $9 per year per GB
Extra domains $2 per month or $18 per year per domain
Extra addresses $1 per month or $9 a year for 5 addresses
- robust and easy-to-use security
- expiration of emails after a defined period of time
- quick sign in and easy use
- limited storage
- no POP or IMAP access
- pricing might not be as competitive
Just to make things clear. ProtonMail is not a 100-percent foolproof email service, but it comes pretty darn close. Multiple layers of authentication, encryption and security features make it one of the best. One of its strengths is that it’s easy to use and understand for people who aren’t that technically savvy. While they offer features that are available with other email providers, many of them are not as easy to use as those at ProtonMail—and you would have to pay extra.
The only snag is storage. The most expensive plan offers 20GB, which is a standard for some free services. But if you consider the exceptional security and no ads, it’s a strong contender. You can get a free plan but, unfortunately, it offers just 500MB of storage. If you’re looking for an easy-to-master service with outstanding security features, ProtonMail may be right for you.