Tools

Ordinary email is far less private than most people assume. It usually travels with transport encryption, which protects messages while they move between servers, but the provider still stores your mail in a form it can read — and historically many providers scanned that content to build advertising profiles. Transport security is necessary, yet on its own it does nothing to stop the company holding your inbox from reading it.

Two kinds of encryption to separate

'Encrypted email' normally means something stronger, and the term covers two distinct ideas worth separating. Zero-access encryption means the provider cannot read your stored mail, because it does not hold the key to your mailbox. End-to-end encryption means only the sender and recipient can read a given message, with no readable copy on any server in between. A service may offer one, both, or neither, so it pays to know which you are actually getting.

The distinction matters because it sets the limits of what a provider can protect. Zero-access encryption secures everything in your own mailbox against the provider and against a server breach. End-to-end encryption secures an individual conversation against everyone except the two endpoints. Strong encrypted-email services aim to give you zero-access storage by default and end-to-end encryption wherever the recipient's setup allows it.

The leading auditable providers

Proton Mail is the most established option in this space. It offers zero-access storage so it cannot read your saved mail, end-to-end encryption between its own users, open-source client apps that let the cryptography be reviewed, and a Swiss legal base. That blend of an auditable implementation and a privacy-oriented jurisdiction is what has made it the default recommendation for people who want private email without becoming cryptography experts.

• Transport encryption protects mail in transit but not from the provider itself
• Zero-access encryption: the provider cannot read your stored mail
• End-to-end encryption: only the sender and recipient can read a message
• Proton Mail and Tuta are the leading open-source, auditable options
• No service can end-to-end encrypt a message to a standard Gmail account

Tuta, formerly known as Tutanota, is another open-source, end-to-end encrypted provider with its own distinct approach. Notably, it encrypts not just message bodies but also subject lines and the wider mailbox, and it is based in Germany. Because its encryption model is built differently from Proton's, it also interoperates differently with the outside world — a reminder that 'encrypted email' is implemented in more than one way.

The limit no provider can cross

A limitation applies to every service equally, and no provider can engineer around it. No service can magically encrypt a message end-to-end to someone using a normal Gmail or Outlook account, because the recipient has no key with which to decrypt it. This is a property of how interoperable email works, not a shortcoming of any one product, and any vendor claiming otherwise deserves suspicion rather than trust.

The realistic goal, then, is twofold. First, keep your own stored mail private from the provider through zero-access encryption, so a breach or a curious company cannot read your inbox. Second, achieve true end-to-end encryption with the contacts who are on the same system, or through password-protected messages for those who are not. Framed this way, encrypted email is about meaningfully reducing exposure rather than chasing an impossible absolute.

What to check before you commit

When evaluating a service, look past the marketing to a few concrete signals. Are the client apps open source and have they been independently reviewed? What exactly is encrypted — only message bodies, or subjects and metadata too? Where is the company based, and what is its track record on transparency? These questions separate services with genuine, auditable encryption from those that merely borrow the word for their branding.

There are trade-offs to accept in exchange for privacy. Encrypted mailboxes can behave differently from mainstream ones in areas like server-side search, automatic filtering, and integrations, precisely because the provider cannot read your content. For most people these differences are minor next to the benefit of a mailbox the provider cannot mine, but going in aware of them prevents disappointment later.

Picking the right fit

For most people who want a private mailbox the provider cannot read, Proton Mail is the easiest credible starting point, with Tuta as a strong open-source alternative for those drawn to its full-mailbox encryption. Choose the model that fits how you communicate, set realistic expectations about messages to outside providers, and you will have email privacy that is meaningfully better than the default offered by ad-funded services.