For those of you who are looking to move away from
platforms like Gmail, Yahoo or Outlook, or perhaps if you’re like me and you just want an additional
account for more sensitive communications, the good news is that there are plenty
of great secure email options out there. There are so many, in fact, that I can’t
include all of them in a video like this. As I’ve told you before, I only create videos about
software and services that I’ve personally used, so I’ve spent the last couple months testing out
four private email services that I think stand out among the crowd and I’m going to show you how
they look and act differently. I’m sure there are other good services out there, and your welcome
to share your favorite in the comments below. Welcome to All Things Secured, my name is Josh
and before I show you each of these secure email options, let me first explain my current setup.
I still use Gmail for both personal and work email right now, and my reasoning is likely
the same as many people - my Gmail addresses and my email archive are simply too valuable
for me to give up entirely. At least not yet. So what I do instead is supplement
my primary accounts with my secure email account. There are a couple ways to do
that which I’ll explain at the end of this video and one setup you definitely shouldn’t use, so
watch all the way through to learn what those are. So as we compare each of these secure email
options, we’re going to look at a number of different features individually and then at the
end sum up the best use case for each service. Let’s start with email encryption. The most
obvious reason you would be using a secure email service is because you want an even
greater level of privacy and security than popular email platforms provide. And
to that end, each of these four email providers offer what you need, otherwise
they wouldn’t be part of this list, right? What is it that they offer exactly? Mostly, it’s something referred to as zero-knowledge
encryption, which means that all of the data in your account is locked up in such a way that
even the service provider can’t unlock it. But wait, don’t Gmail and Yahoo encrypt our
emails? Yes, kind of. And this is confusing, I know, but there is an important difference.
Every email provider encrypts your email as it flies across the internet and as it sits on
their servers. But they still hold the key. It’s basically the difference between owning
and renting your home. When you rent your home, you have your own keys that lock and unlock
your doors. Nobody else can get in...except your landlord. Your landlord also has these
keys and can enter if needed. That’s the way that regular encryption works - your email
is locked up and you have your own keys, but so do Google, Yahoo or Outlook. Using secure email options is like owning your
own home. You have the keys and you can change the encryption keys whenever you want. In this
case, services like ProtonMail, Mailfence, StartMail and Tutanota are simply managing your
property and do not have keys to go in whenever they want. They have “zero knowledge” and it is
truly end-to-end encrypted, whether you use what they call asymmetrical email encryption, which
means that both the email sender and receiver are using the same email provider, or symmetrical
email encryption, which usually involves password protecting email contents for those who aren’t
using a secure email provider like you will be. That’s overly simplified, I admit, and there’s some debate about how some of
these services implement their encryption, but that’s basically what you’re getting when
you move to a truly encrypted email service. All of these services make encryption
very easy for those of you who don’t consider themselves tech-savvy, as in
you don’t really have to do anything but start using the service and you’ll have
better encryption than you currently have with your email provider. But they each
also offer their own kind of PGP encryption for those that want extra security and don’t
mind getting their hands dirty a little bit. In addition to email encryption, I think it’s
important to rate secure email providers by how they allow users to secure their account. I’m
referring, of course, to 2-factor authentication. Honestly, it was surprising to me to find
that not every secure email provider uses strong forms of 2FA, and I would bet that what
I’m about to share with you will be out of date within the next 6 months as the move
toward 2FA acceptance is moving fast. As I record this, Tutanota is the
only provider that accepts 2FA keys, which is widely considered to be the strongest
form of 2FA. Not only that, but they allow you to connect multiple keys, which means you
can do what I do and setup a primary key, a backup key and then make sure that my
wife’s key also authenticates my account. ProtonMail, Mailfence and StartMail
use the authenticator app, which is better than nothing, to be sure, but when
it comes to something like secure email, I don’t know why you wouldn’t
offer 2FA key integration. So from a 2FA security standpoint, Tutanota stands
out here, but from a more privacy standpoint, the tables flip. You see, Tutanota
is the only provider on this list that doesn’t accept a more
anonymous crypto payment method. ProtonMail accepts Bitcoin and Mailfence
accepts both Bitcoin and Litecoin, both from the checkout page. Startmail
says they accept Bitcoin, but you have to email them to get instructions
to pay, which is a bit clunky. Also, from a privacy standpoint, all of these services maintain their email servers
in privacy-friendly countries. Hear me clearly, there is no “perfect” location, but since
all data on these servers is encrypted such that it can’t be unlocked by anybody other than
you, it technically shouldn’t matter too much. Before we jump into comparing how you
actually use each of these email services, I’ll also add that on this list, only ProtonMail
and Tutanota have made their code open source. StartMail is a mix of open and closed source code
and Mailfence says that they plan to be soon. Open source basically means that
the code is open for any person, whether that’s a security researcher or
just one of us, to look into and make sure there isn’t a flaw or they aren’t
hiding some kind of malicious tracker. Ok, at this point I want to transition to looking
at the aspects of these secure email providers that make up the user experience. That’s
what you and I see when we use the service. For example, which companies offer mobile
apps to check your email on the go? If you check your mail on your mobile device
often, this might be important to you, and if that’s the case, both ProtonMail
and Tutanota have dedicated mobile apps. You can still check your mail on the go with
Startmail and Mailfence, but you’ll be logging in via your internet browser, which isn’t a
bad thing per se, but it has its limitations. With each company, you are allowed to
create aliases, which is another way of building privacy by not giving out your
primary address to anybody who asks for it. As you can see here, this is a paid feature and
in most cases is limited to only 5-10 aliases based on your account level. The only exception
is StartMail, which gives you unlimited aliases. This could be useful if you’re the kind of
person who wants to create random aliases for every website where you create an
account, or to give out email addresses that expire after a week of use. Basically,
you’re getting burner email addresses to use. Alright, next let’s dive into the
experience with the email inbox. For example, StartMail is has a
very modern-looking inbox that is immediately familiar to anybody who has
been using Gmail or Outlook for the past few years. It’s clean, it’s simple and
it’s intuitive to use. I really enjoy it. ProtonMail also does a good job with their inbox, which incorporats nested replies and the ability
to organize your mail into different folders. Mailfence and Tutanota aren’t bad, but in my
opinion the design feels slightly more dated. The text is small and the icons just
feel like we’re still stuck in the 90s. Strangely, with Tutanota you don’t have
any kind of conversation view where the same email thread is kept together.
Everything is its own email, which is weird. Also, one of the features that most people take
for granted with popular email services like Gmail and Outlook is a seamless integration
with a calendar or a cloud storage service. In the past, using secure email
has always meant not having direct access to your calendar or cloud
drive, but thankfully that is changing. Both ProtonMail and Mailfence have great
calendar and encrypted cloud drive features, which is a huge benefit when using them in
my opinion. Tutanota offers a calendar but no drive feature and Startmail as of
yet has no calendar or cloud drive. Now in some ways I can see why you might want
to keep your secure email separated from your cloud storage, so that’s really up to you as
to whether or not that’s an important feature, but it’s helpful to know what’s
available when getting started. In the end, when you add up all
these various features together, here are my recommendations. If you’re
an individual who just wants a quick and easy way to do more secure email,
StartMail is easy to start using. They offer unlimited aliases but you’ll have to
keep using your own calendar and cloud drive. For those more tech-savvy individuals or small
businesses, I recommend ProtonMail, which is the one in this list that I’ve been using the longest.
The calendar feature works great and they make it easiest to migrate your existing email client so
that you don’t lose your archive of emails. Here’s what I mean: they have an Easy Switch feature,
where you can do a one-time migration of your archive and all the folders you use to organize
your current inbox into your ProtoMail account. Mailfence is right up there with ProtonMail in
terms of features and benefits. But if you’re the kind of person who wants to keep your current
Gmail account for daily emails and use a secure email address only for sensitive communications,
Mailfence has this great feature that allows you to get a simple notification via email or SMS
text every time a new email arrives in your inbox. It won’t tell you who it’s from or what the
contents of the email are, it simply alerts you to check your inbox. I really like this because
if your secure email address isn’t your primary email address, then you’re likely not checking
it every day, and this is the perfect solution. Finally, if security is your
top priority, I have to say that Tutanota is hands-down your best option. They’re
the only ones who currently accept 2FA keys, their encryption is the easiest to understand and
they’re the only ones I know of who are working to develop what they call “post quantum encryption”,
basically encryption that can stand up against any kind of advancement in quantum computing.
They’re a good company with an affordable service. Oh, and once you purchase a subscription
to one of these email services, there are two things I need you to promise that you won’t
do. First, please do not set it up to where you have all your secure email just being forwarded
directly to your current Gmail or Outlook address. And don’t set it up to where you use a
third party mail client like Apple Mail, Outlook or Thunderbird to
check and send your mail. The reason that you’re getting secure email is
for security and privacy, and when you forward your mail or don’t access it directly from the
source, you are compromising that security. Thank you for watching all the way
through this video! If you enjoyed it, please consider using the affiliate links
in the description below this video. That helps to financially support what I do. Then, watch this video next about how to secure the
files you keep in cloud storage. Take care.
