Emails

Choose an email provider that doesn't read your mail

How privacy-respecting email providers actually work, what 'encrypted email' really means, and how to move to Proton Mail, Tuta, Mailbox.org, or Posteo without losing old mail.

Published

Most mainstream email is free because the provider can read it. Moving to an email service that cannot read your mailbox is one of the calmer, higher-value privacy upgrades you can make, and you can do it without losing a single old message. This guide explains what “encrypted email” honestly means, compares four established privacy-first providers, and walks through a migration that keeps your old address working while you switch.

What “encrypted email” really means

The phrase “encrypted email” gets used loosely. There are three quite different things behind it, and knowing them saves you from false confidence.

Zero-access encryption

Zero-access encryption means the provider stores your mailbox in a form it cannot read. When mail arrives, it is encrypted with your public key, and only your password (which the provider never holds in usable form) can unlock it. The provider hosts your data but has no key to it, so a breach or a subpoena of their servers yields scrambled text.

This is the everyday protection that providers like Proton Mail and Tuta give your stored inbox. Proton Mail, for example, encrypts an incoming message from an outside sender the moment it lands, then discards its own ability to read it.

End-to-end encryption (E2EE)

End-to-end encryption means the message is scrambled on the sender’s device and only unscrambled on the recipient’s. No server in between, including the email provider, can read it. This is the gold standard, and it is exactly how our private messaging guide describes Signal working.

The catch with email: E2EE only happens when both sides support it. Between two Proton Mail accounts, or two Tuta accounts, mail is end-to-end encrypted automatically. The moment you email someone on Gmail or a work server, that provider does not speak the same encryption, so the message cannot be E2EE unless you both use PGP (below).

PGP

PGP (Pretty Good Privacy, and its open version OpenPGP) is the long-standing open standard that lets two people on different providers exchange end-to-end encrypted mail, by swapping public keys. Proton Mail and Mailbox.org support PGP directly. It is powerful but fiddly, because the other person also needs PGP set up. For most people it is a tool for a few sensitive correspondents, not everyday mail.

The honest summary: a privacy-first provider reliably protects your stored mailbox (zero-access) and gives you automatic E2EE with others on the same service. Mail to the outside world is only end-to-end encrypted if you both use PGP. What is never hidden is basic metadata: who you emailed, when, and usually the subject line.

Four providers worth considering

All four below are run on a paid, privacy-respecting model rather than advertising, and (for the German three) sit under strict EU data-protection law.

Proton Mail

  • Based in Switzerland, run by a company known for its privacy focus.
  • Zero-access encryption on your mailbox; automatic E2EE between Proton accounts; built-in PGP for outside contacts.
  • Note that subject lines, and sender and recipient addresses, are encrypted at rest but are not end-to-end encrypted, a limitation shared by essentially all email.
  • Apps for web, iOS, Android, and desktop, plus a calendar, drive, and VPN in the wider Proton account.

Tuta (formerly Tutanota)

  • Based in Germany, so your data is stored under German and EU law.
  • End-to-end encrypts the subject line, body, and attachments, which is unusually thorough. It has also added post-quantum encryption (using the Kyber algorithm) to guard against future code-breaking.
  • Trade-off: Tuta uses its own encryption rather than standard PGP, so it does not interoperate with PGP users. Encrypted mail to outsiders works via a password-protected link instead.

Mailbox.org

  • Based in Germany. A full productivity suite (mail, calendar, cloud storage, online office) for a small monthly fee.
  • Uses standard PGP and can encrypt your incoming mail and stored mailbox. Supports custom domains, useful if you want you@yourname.com.
  • A good fit if you want a Gmail-style set of tools without the data harvesting.

Posteo

  • Based in Germany, priced at 1 euro per month for 4 GB of storage.
  • Deliberately minimal and anonymous: it does not ask for personal details and does not offer custom domains, precisely to keep users unlinkable.
  • Note that Posteo does not encrypt outgoing mail end-to-end by default, though it offers inbound encryption and mailbox encryption you can switch on. It is best seen as a lean, ethical, low-cost mailbox rather than a full E2EE system.

How to migrate without losing old mail

The fear that stops most people is “I will lose fifteen years of email or miss important messages.” You will not, if you overlap the old and new accounts for a while.

  1. Pick your provider and create the account. Choose the plan that covers your storage needs and, if you want your own domain, one that supports it (Proton, Tuta, and Mailbox.org do; Posteo does not).
  2. Import your old mail. Proton offers the Easy Switch import tool, and Tuta and Mailbox.org provide importers, to copy your existing messages, contacts, and calendar across from Gmail, Outlook, and others. This copies your archive so your history lives in the new mailbox too.
  3. Set up forwarding from the old address. In your old provider’s settings, forward incoming mail to the new address. Now anything sent to the old address still reaches you while you transition.
  4. Change your most important logins first. Update the email address on your bank, your password manager, and your main accounts to the new address over a few weeks. Do the high-value ones early; let low-priority newsletters trickle over.
  5. Keep the old address alive for a while. Do not delete it immediately. Leave it forwarding for several months so nothing important slips through, then retire it once the forwarding logs go quiet.

Consider pairing this move with email aliases so that new sign-ups never touch your real address again.

Quick checklist

  • Know the difference: zero-access protects your stored inbox; E2EE needs both sides; PGP bridges outside contacts.
  • Expect subject lines and metadata (who, when) to stay visible even with the best provider.
  • Pick a fit: Proton Mail (all-round, PGP), Tuta (strongest built-in E2EE), Mailbox.org (full suite, PGP, custom domains), Posteo (lean, anonymous, cheap).
  • Migrate with overlap: import old mail, forward the old address, switch key logins first, retire the old account only once it goes quiet.

You do not have to do this in an afternoon. Set up the new mailbox, turn on forwarding, and let your digital life move across at its own pace.

Sources

  1. proton.me https://proton.me/support/proton-mail-encryption-explained
  2. proton.me https://proton.me/support/what-is-encrypted-within-protonmail
  3. proton.me https://proton.me/mail/security
  4. tuta.com https://tuta.com/blog/best-private-email-service

Last reviewed: