Nine encrypted email services reviewed

Alternative messaging for those looking to move away from Yahoo Mail to something more secure

Yahoo has had to weather a whole slew of bad headlines of late, many of it's own making. Finally many of us who have had a Yahoo Mail account for decades have had enough. Who needs Yahoo with its butterfingered ways with data and chumminess with the NSA? Who knows whether it will even survive intact when (or perhaps if) it is taken over by Verizon.

For those readying themselves to jump ship there plenty of free webmail alternatives, as Computing revealed recently, but who really knows whether they are any better? If you want real privacy and security you need to move outside the Five Eyes spy nests to providers in jurisdictions where privacy legislation is strong, like Switzerland, Germany and Scandinavia.

You'll need to look for vendors that enable message encryption, that don't hold on to logs and can't read your files even if they want to.

Finally, and painfully for those used to paying with data but not with cash, you'll probably need to fork out - but not too much. The standard unit of pricing for email services is the Cup of Starbucks Coffee. Expect to pay one or two Starbucks per month for your privacy.

Encrypted email services come in two main flavours: those in which the encryption is carried out in the browser, and those where the keys are held in the server.

There are pros and cons to each approach: browser based security makes end-to-end encryption easier but with less flexibility and possible vulnerability to JavaScript glitches. However, both are likely to be a lot more secure than standard "transparent" webmail. Some services offer full collaboration functions such as document sharing, calendar and task manager aimed at small businesses while others just offer basic - sometimes very basic - email.

Most do their best to make encryption simple, but some are focused more on form and function, with encryption a secondary concern. Some are built on pure open source code, often seen as a key indictor of trustworthiness, while others are partly proprietary. Some provide a large number of aliases and allow you to create your own domain.

You pays your Starbucks and you takes your choice.

StartMail
From the creators of the Ixquick and Startpage search engines comes StartMail, which aims to make the complex process of sending encrypted emails simpler.

It does this by offering two options: Q&A, i.e. the sender encrypts the email with a question to which the receiver will know the answer (your dog's name, for example) and by making the fiddly business of using GPG public key encryption simpler by offering a web interface to create, import, back up and export keys.

Unlike some other services featured here, encryption is carried out server-side rather than in the browser. The company contends that this is more secure, but others take the opposite view. Like most things security, a lot will depend on how the service is used.

StartMail has a familiar, if rather old-fashioned, interface that's pretty simple to use. There are few bells and whistles, but in testing the search and the filters seemed to work well enough.

Setting up an encrypted Q&A-protected email was pretty simple too, and StartMail looks after the fiddly business of the more secure asymmetric OpenPGP encryption, although a beginner might still struggle.

The system seemed a little slow at times, and importing our Yahoo contacts failed with an unhelpful error message. An email to support was answered within a day, but the importing problem remained unresolved.

We like
Generous number of email aliases, and disposable emails are useful. Solid and configurable. Reasonable documentation.

Not so keen
The seven-day trial is too limited, disabling attachments and even URLs in emails. There's no mobile app, although StartMail is accessible through browsers and IMAP clients. Looks old-fashioned and is a bit slow. No free version.

More details
Country: Netherlands
Access via IMAP/POP clients: Yes
End-to-end encryption: No
Mobile app: No
Free version: Seven-day trial, limited
Open source: Mixed
Cost: €49.95 per year, includes 10GB storage, 10 custom aliases, unlimited disposable aliases

Next Tutanota

Nine encrypted email services reviewed

Alternative messaging for those looking to move away from Yahoo Mail to something more secure

Tutanota

Germany's Tutanota provides a browser-based, end-to-end encrypted email system, which means that Tutanota cannot access your data. Great unless you forget your password, in which case you've had it. As a security-conscious individual it's not going to be password123.

There is a free version for basic communications and all versions support a Q&A symmetric encryption security system. Emails to other Tutanota users are encrypted by default.

Tutanota has a clean, simple interface and the encryption is easy to handle. What you can't do, though, is send a GPG/PGP encrypted email to someone without a Tutanota account, for example a StartMail user.

Some of the system settings are hidden away in rather unintuitive places, but most of the usual filters are there if you look hard enough.

In testing the web app worked reliably but the biggest bugbear was the lack of a search function, which we consider a serious barrier to those thinking of moving from Yahoo. There is no facility to import contacts either.

However, at less than half of the cost of a cup of Starbucks per month the price is right and for a simple web-based email service with encryption Tutanota fits the bill.

We like
Clean, cheap, simple and fast. Easy privacy particularly with other Tutanota users. Flexible upgrade plan for storage and aliases.

Not so keen
It's pretty basic. No search function. No ability to import contacts or messages. No HTML email composition options.

More details
Country: Germany
Access by IMAP/POP: No
End-to-end encryption: Yes
Free version: Yes
Mobile app: Android and iOS
Open source: Yes
Cost: Basic version is free, limited to 1GB storage and no aliases. 5GB and five aliases cost €12 per year. Additional storage and aliases cost incrementally more.

Next Protonmail

Nine encrypted email services reviewed

Alternative messaging for those looking to move away from Yahoo Mail to something more secure

Protonmail
Swiss-based Protonmail is similar in many ways to Tutanota in that encryption is handled in the browser. It offers end-to-end encrypted webmail with password-secured options for communicating with non-Protonmail users.

Like Tutanota, there is no IMAP/SMTP/POP3 connectivity so you can't use it with a client like Thunderbird or Outlook. It does have a mobile app, though, which is simple and effective.

We found Protonmail altogether more polished than Tutanota, with nice features like email labels. Crucially, you can search through your emails too, by title, sender and recipient (but not content). There's a facility to upload contacts too, although once again this failed with our exported Yahoo Mail CSV. Protonmail said that this feature is still under development so we didn't seek further help from support.

By default password-encrypted emails expire within 28 days, although this is configurable.

There is a free version that's limited to 500MB storage and 150 messages per day. The next step up is 5GB storage for €48 annually which also buys you a custom domain, five aliases and enhanced support, plus you can upgrade features incrementally after that if you are willing to spend a bit more.

We like
Modern configurable interface, easy privacy particularly with other Protonmail users. Two-step authentication by default. Flexible upgrade plan. Message labelling feature. Mobile app. Company is established and stable, and should now be able to withstand a major DDoS attack.

Not so keen
Slightly pricier per storage gigabyte than Tutanota and no equivalent budget option.

More details
Country: Switzerland
Access via IMAP/POP: No
End-to-end encryption: Yes
Free version: Yes
Mobile app: Android and iOS
Open source: Yes
Cost: Basic version is free, limited to 500MB storage and no aliases. 5GB and five aliases plus one custom domain is €48 per year with additional storage and aliases available.

Next Mailfence

Nine encrypted email services reviewed

Alternative messaging for those looking to move away from Yahoo Mail to something more secure

Mailfence
Mailfence is a three-year-old Belgian secure email service with encryption in the browser. The company donates a percentage of its revenue to support privacy groups the Electronic Frontier Foundation and the European Digital Rights Foundation.

Unlike some other services this is a more of a groupware offering with calendar, notes and file sharing functions, and it might be a good choice for a small business. There's a free version that's limited to 200MB of emails and 500MB files, while 5GB/9GB entry level subscription is €2.50 per month.

Paid-for versions can be accessed by POP and IMAP too. There is no mobile app but emails and events can be synchronised with iPhone, Android and BlackBerry devices via the settings.

In use the system was straightforward to use with everything just where you'd expect it to be. A cleaned up version of our Yahoo contacts file imported just fine and there is the usual filtering and spam filters. All in all we were impressed with Mailfence. It's a new service but definitely one to watch.

We like
Fully featured secure groupware suite at a good price. Creating, importing and using OpenPGP keys was simple. Nice design. Good instructions.

Not so keen
No Q&A facility for sending password-secured emails to people without public keys. Aliases available only by contacting support. Not open source. Update Mailfence has been in touch to say that all of these are in its future plans.

More details
Country: Belgium
Access via IMAP/POP: Yes
End-to-end encryption: Yes
Free version: Yes
Mobile app: No, but can sync with mobile devices
Open source: No
Cost: Basic version is free, with space for 200MB of emails and 500MB files. 5GB/9GB entry level subscription is €2.50 per month.

Next Kolab Now

Nine encrypted email services reviewed

Alternative messaging for those looking to move away from Yahoo Mail to something more secure

Kolab Now
Switzerland is home to some of the strongest privacy legislation in the world (although things may change following a recent referendum). From that country comes an open source groupware suite aimed at small businesses and individuals Kolab Now.

Kolab Now offers email with calendar notes, a useful task manager and file sharing, or you can just subscribe to the email service if you prefer. There is no message encryption out of the box. You have to set that up yourself, although the firm says that all connectivity is thoroughly secured encrypted and all emails are stored in Switzerland.

Our exported Yahoo CSV contact file imported without a hitch. Kolab was the only service that did not require some pre-import tidying). Most operations are slick and intuitive and we appreciated the integration between the various modules. We didn't like the pay first try later model, though, and setting up encryption looks fiddly and involves third-party plug-ins, although we didn't try.

Unfortunately during testing the site went down for more than 12 hours owing to the failure of two storage canisters, described by Kolab as "an almost impossible scenario, but it happened". Whatever the cause, this incident points to inadequate levels of redundancy, which may be of concern to businesses.

We like
Modern HTML5 interface. Email tagging, integrated calendar, task manager and notes (in the groupware version). Monthly pricing. Versatile connectivity. Lots of features. Fully open source.

Not so keen
No free version, although you can claim a full refund for up to 14 days after signing up. A little pricier than similar services like Mailfence but it does have some extra features.

More details
Country: Switzerland
Access via IMAP/POP: Yes
End-to-end encryption: Yes, but must be configured
Free version: No
Mobile app: No, but can sync with mobile devices for extra charge.
Open source: Yes
Cost: From €4.70 per month. Groupware version tested is around €8.

Next Posteo

Nine encrypted email services reviewed

Alternative messaging for those looking to move away from Yahoo Mail to something more secure

Posteo
Posteo is an established, secure, privacy-conscious email service dating back to 2009 that provides a web-based email and calendar for the very reasonable price of €1 per month. End-to-end encryption is available as an option, and additional aliases (the default is two) and the 2GB storage can be upgraded for an additional €0.25 per gigabyte per month.

We managed to import our Yahoo contacts after a bit of fiddling around. Importing a GPG key resulted in an error, which Posteo's support explained was down to a name being present in the key header, which breached Posteo's very strong privacy standards.

This is a company that takes privacy very seriously, and you can even pay anonymously via PayPal if you so desire.

The ethical bent means that there is a limit to what you can do with a Posteo email account. For example, you can't send mass mailings because of the company's anti-spam policies. This makes it more suitable for an individual than a business.

There is no mobile app but you can sync with an Android phone using K-9 Mail or Gmail apps or using the phone settings for other mobiles.

We like
Intuitive to use and highly configurable. You can choose end-to-end encryption if you want, but you don't need to. Attention to detail. Nice price. Long-running service. Calendar.
Not so keen
No ability to set up own domain (because of privacy). No free version. Importing keys is fiddly. No mobile app.

Other details Country: Germany
Access via IMAP/POP: Yes
End-to-end encryption: Optional
Free version: No
Mobile app: No, but can sync with mobile devices or use third-party apps
Open source: Yes
Cost: From €1 per month.

Next: Also consider

Nine encrypted email services reviewed

Alternative messaging for those looking to move away from Yahoo Mail to something more secure

Also consider

Sub Rosa The strangely named Sub Rosa is a service run by US company Novo Ordo from facilities in Panama. The service may be used in conjunction with Tor and offers GPG key and Q&A-type message encryption. A subscription with six aliases costs $34 annually.

CountermailCountermail is a high-security, high-anonymity service based in Sweden that uses diskless (CD ROM-based) web servers and offers man-in-the-middle protection and USB key log-in options. The service accepts payment in bitcoin for anonymity and prices start at $6.33 per month.

Mailpile Iceland-based Mailpile is currently in beta. It is a free open source browser-based project that sits on the user's PC and integrates with existing email accounts. So you might set it up to download mail then delete it from Yahoo's servers, for example. This can enhance privacy, according to the developers.