<strong>Our recommended providers operate outside of the US, adopt modern email technology, and meet <ahref="/providers/email/#criteria">our other criteria</a> for listing.</strong> We also have a <ahref="https://wiki.privacytools.io/view/Comparison_of_email_providers#Provider_comparison">detailed comparison table</a> of the below providers on the wiki.
<p><strong><ahref="https://protonmail.com">ProtonMail.com</a></strong> is an email service with a focus on privacy, encryption, security, and ease of use. They have been in operation since <strong>2013</strong>. ProtonMail is based in Genève, <spanclass="flag-icon flag-icon-ch"></span> Switzerland. Accounts start with 500 MB storage with their free plan.</p>
<p>Free accounts have some limitations and do not allow the use of the <ahref="https://protonmail.com/bridge">ProtonMail Bridge</a>, which is required to use a <ahref="/software/email">recommended email client</a> (e.g. Thunderbird) or to search email by body text. Paid accounts are available starting at <strong>€48/Year</strong> which include features like ProtonMail Bridge, additional storage, custom domain support, and more. The webmail and mobile apps can only search <code>To:</code>, <code>From:</code>, <code>Date:</code> and <code>Subject:</code> (this is likely to change when <ahref="https://reddit.com/comments/cqwk2a/comment/ex21b4e">v4.0</a> of ProtonMail is released).</p>
<p>Paid ProtonMail users can use their own domain with the service. <ahref="https://protonmail.com/support/knowledge-base/catch-all/">Catch-all</a> addresses are supported with custom domains for Professional and Visionary plans. ProtonMail also supports <ahref="https://protonmail.com/support/knowledge-base/creating-aliases/">subaddressing</a>, which is useful for users who don't want to purchase a domain.</p>
<p>ProtonMail supports <ahref="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a><ahref="https://protonmail.com/support/knowledge-base/two-factor-authentication/">two factor authentication</a> only. The use of a <ahref="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key is not yet supported. ProtonMail is planning to implement U2F upon completion of their <ahref="https://reddit.com/comments/cheoy6/comment/feh2lw0/">Single Sign On (SSO)</a> code.</p>
<p>ProtonMail has <ahref="https://protonmail.com/blog/zero-access-encryption">zero access encryption at rest</a> for your emails, <ahref="https://protonmail.com/blog/encrypted-contacts-manager">address book contacts</a>, and <ahref="https://protonmail.com/blog/protoncalendar-security-model">calendars</a>. This means the messages and other data stored in your account are only readable by you. </p>
<p>ProtonMail has <ahref="https://protonmail.com/support/knowledge-base/how-to-use-pgp">integrated OpenPGP encryption</a> in their webmail. Emails to other ProtonMail users are encrypted automatically, and encryption to non-ProtonMail users with a OpenPGP key can be enabled easily in your account settings. They also allow you to <ahref="https://protonmail.com/support/knowledge-base/encrypt-for-outside-users">encrypt messages to non-ProtonMail users</a> without the need for them to sign up for a ProtonMail account or use software like OpenPGP.</p>
<p>ProtonMail also supports the discovery of public keys via HTTP from their <ahref="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of ProtonMail to find the OpenPGP keys of ProtonMail users easily, for cross-provider E2EE.</p>
<p>ProtonMail offers a "Visionary" account for €24/Month, which also enables access to ProtonVPN in addition to providing multiple accounts, domains, aliases, and extra storage.</p>
<p><strong><ahref="https://mailbox.org">Mailbox.org</a></strong> is an email service with a focus on being secure, ad-free, and privately powered by 100% eco-friendly energy. They have been in operation since <strong>2014</strong>. Mailbox.org is based in Berlin, <spanclass="flag-icon flag-icon-de"></span> Germany. Accounts start with 2 GB of storage, which can be upgraded as needed.</p>
<h5><spanclass="badge badge-success">Domains and Aliases</span></h5>
<p>Mailbox.org lets users use their own domain and they support <ahref="https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain">catch-all</a> addresses. Mailbox.org also supports <ahref="https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it">subaddressing</a>, which is useful for users who don't want to purchase a domain.</p>
<p>Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept <strong>Cash by mail</strong>, <strong>cash payment to bank account</strong>, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.</p>
<p>Mailbox.org supports <ahref="https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA">two factor authentication</a> for their webmail only. You can use either <ahref="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> or a <ahref="https://en.wikipedia.org/wiki/YubiKey">Yubikey</a> via the <ahref="https://www.yubico.com/products/services-software/yubicloud">Yubicloud</a>. Web standards such as <ahref="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> and <ahref="https://en.wikipedia.org/wiki/WebAuthn">WebAuthn</a> are not yet supported.</p>
<p>Mailbox.org allows for encryption of incoming mail using their <ahref="https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox">encrypted mailbox</a>. New messages that you receive will then be immediately encrypted with your public key.</p>
<p>However, <ahref="https://en.wikipedia.org/wiki/Open-Xchange">Open-Exchange</a>, the software platform used by Mailbox.org, <ahref="https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book">does not support</a> the encryption of your address book and calendar. A <ahref="/software/calendar-contacts/">standalone option</a> may be more appropriate for that information.</p>
<p>Mailbox.org has <ahref="https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard">integrated encryption</a> in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also allow <ahref="https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP">remote recipients to decrypt an email</a> on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.</p>
<p>Mailbox.org also supports the discovery of public keys via HTTP from their <ahref="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Mailbox.org to find the OpenPGP keys of Mailbox.org users easily, for cross-provider E2EE.</p>
<p>You can access your Mailbox.org account via IMAP/SMTP using <ahref="https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org">their .onion service</a>. However, their webmail interface cannot be accessed via their .onion service, and users may experience TLS certificate errors.</p>
<p>All accounts come with limited cloud storage that <ahref="https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive">can be encrypted</a>. Mailbox.org also offers the alias <ahref="https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely">@secure.mailbox.org</a>, which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all.</p>
<p><strong><ahref="https://posteo.de">Posteo.de</a></strong> is an email provider that focuses on anonymous, secure, and private email. Their servers are powered by 100% sustainable energy. They have been in operation since <strong>2009</strong>. Posteo is based in <spanclass="flag-icon flag-icon-de"></span> Germany and has a free 14-day trial. Posteo comes with 2 GB for the monthly cost and an extra gigabyte can be purchased for €0.25 per month.</p>
<h5><spanclass="badge badge-warning">Domains and Aliases</span></h5>
<p>Posteo does <ahref="https://posteo.de/en/site/faq">not allow the use of custom domains</a>, however users may still make use of <ahref="https://posteo.de/en/help/what-is-an-email-alias">subaddressing</a>.</p>
<p>Posteo does not accept Bitcoin or other cryptocurrencies as a form of payment, however they do accept cash-by-mail. They also accept credit/debit cards, bank transfers, and PayPal, and claim that PII (personally identifiable information) that they receive in connection with these payment methods is not linked to your account.</p>
<p>Posteo supports <ahref="https://posteo.de/en/help/what-is-two-factor-authentication-and-how-do-i-set-it-up">two factor authentication</a> for their webmail only. You can use either <ahref="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> a <ahref="https://en.wikipedia.org/wiki/YubiKey">Yubikey</a> with TOTP. Web standards such as <ahref="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> and <ahref="https://en.wikipedia.org/wiki/WebAuthn">WebAuthn</a> are not yet supported.</p>
<p>Posteo has <ahref="https://posteo.de/en/site/encryption#cryptomailstorage">zero access encryption</a> for email storage. This means the messages stored in your account are only readable by you. </p>
<p>Posteo also supports the encryption of your <ahref="https://posteo.de/en/site/features#featuresaddressbook">address book contacts</a> and <ahref="https://posteo.de/en/site/features#featurescalendar">calendars</a> at rest. However, Posteo still uses standard <ahref="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <ahref="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> for calendars and contacts. These protocols do not support <ahref="https://en.wikipedia.org/wiki/End-to-end_encryption">E2EE (End-To-End Encryption)</a>. A <ahref="/software/calendar-contacts/">standalone option</a> may be more appropiate.</p>
<p>Posteo has <ahref="https://posteo.de/en/site/encryption#pgp_webmailer">integrated encryption</a> in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also support the discovery of public keys via HTTP from their <ahref="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a>. This allows users outside of Posteo to find the OpenPGP keys of Posteo users easily, for cross-provider E2EE.</p>
<p>Posteo allows users to <ahref="https://posteo.de/en/help/does-posteo-offer-mailing-lists">set up their own mailing lists</a>. Each account can create one list for free.</p>
<p><strong><ahref="https://soverin.net">Soverin.net</a></strong> is an email provider which focuses on being private, ad-free, and powered by sustainable energy. They have been in operation since <strong>2015</strong>. Soverin is based in <spanclass="flag-icon flag-icon-nl"></span> Amsterdam and does not have a free trial. Accounts start at 25 GB.</p>
<h5><spanclass="badge badge-success">Domains and Aliases</span></h5>
<p>Soverin lets users use their own domain. Soverin users can also use <ahref="https://support.soverin.net/hc/en-us/articles/115004811093-How-can-I-setup-a-catch-all-on-my-domain-">catch-all</a> and <ahref="https://support.soverin.net/hc/en-us/articles/115004811073-How-can-I-add-an-alias-to-my-domain-">aliases</a> for domains they own. Soverin also allows for <ahref="https://support.soverin.net/hc/en-us/articles/115004811033-Do-support-the-plus-syntax-subaddressing-">subaddressing</a>, which is useful for users who don't want to purchase a domain.</p>
<p>Soverin accepts <strong>Bitcoin</strong> as payment. They also accept credit/debit cards, PayPal, and the Netherlands-specific payment gateway iDEAL.</p>
<p>Soverin supports <ahref="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> two factor authentication <ahref="https://support.soverin.net/hc/en-us/articles/360008819553-Setting-up-2-Factor-Authentication-2FA-Webmail-only">for webmail only</a>. They do not allow <ahref="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key authentication.</p>
<p>Soverin has <ahref="https://support.soverin.net/hc/en-us/articles/115004810713-Technical-details-about-Soverin">encryption at rest</a> however it doesn't appear to be "zero access", meaning it is technically possible for them to decrypt the data they have.</p>
<p>Soverin also uses the standard <ahref="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <ahref="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> protocols for calendars and contacts, which do not support E2EE. A <ahref="/software/calendar-contacts/">standalone option</a> may be more appropriate.</p>
<p>Soverin has integrated encryption in their webmail, which simplifies sending messages to users. However, Soverin has not integrated a <ahref="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a> for users on their platform.<p>
<p><strong><ahref="https://disroot.org/en/services/email">Disroot</a></strong> offers email amongst <ahref="https://disroot.org/en/#services">other services</a>. The service is maintained by volunteers and its community. They have been in operation since <strong>2015</strong>. Disroot is based in <spanclass="flag-icon flag-icon-nl"></span> Amsterdam. Disroot is free and uses open source software such as Rainloop to provide service. Users support the service through donations and buying extra storage. The mailbox limit is 1 GB, but extra storage can be purchased 0.15€ per GB per month paid yearly.</p>
<h5><spanclass="badge badge-success">Domains and Aliases</span></h5>
<p>Disroot lets users use their own domain. They have aliases, however you must <ahref="https://disroot.org/en/forms/alias-request-form">manually apply</a> for them.</p>
<p>Disroot accepts Bitcoin and Faircoin as payment methods. They also accept PayPal, direct bank deposit, and Patreon payments. Disroot is a not-for-profit organization that also accepts donations through Liberapay, Flattr, and Monero, but these payment methods cannot be used to purchase services.</p>
<p>Disroot supports <ahref="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> two factor authentication for webmail only. They do not allow <ahref="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a> security key authentication.</p>
<p>Disroot uses full disk encryption. However, it doesn't appear to be "zero access", meaning it is technically possible for them to decrypt the data they have.</p>
<p>Disroot also uses the standard <ahref="https://en.wikipedia.org/wiki/CalDAV">CalDAV</a> and <ahref="https://en.wikipedia.org/wiki/CardDAV">CardDAV</a> protocols for calendars and contacts, which do not support E2EE. A <ahref="/software/calendar-contacts/">standalone option</a> may be more appropriate.</p>
<p>Disroot allows for encrypted emails to be sent from their webmail application using OpenPGP. However, Disroot has not integrated a <ahref="https://wiki.gnupg.org/WKD">Web Key Directory (WKD)</a> for users on their platform.</p>
<p>They offer <ahref="https://disroot.org/en/#services">other services</a> such as NextCloud, XMPP Chat, Etherpad, Ethercalc, Pastebin, Online polls and a Gitea instance. They also have an app <ahref="https://f-droid.org/packages/org.disroot.disrootapp/">available in F-Droid</a>.</p>
<p><strong><ahref="https://tutanota.com">Tutanota.com</a></strong> is an email service with a focus on security and privacy through the use of encryption. Tutanota has been in operation since <strong>2011</strong> and is based in Hanover, <spanclass="flag-icon flag-icon-de"></span> Germany. Accounts start with 1GB storage with their free plan.</p>
<p>Tutanota <ahref="https://tutanota.com/faq/#imap">doesn't allow</a> the use of third-party <ahref="/software/email/">email clients</a>. There are plans to allow Tutanota pull email from <ahref="https://github.com/tutao/tutanota/issues/544">external email accounts</a> using the <ahref="https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol">IMAP</a> protocol. <ahref="https://github.com/tutao/tutanota/issues/630">Email import</a> is currently not possible.</p>
<p>Emails can be exported <ahref="https://tutanota.com/howto#generalMail">individually or by bulk selection</a>. Tutanota does not allow for <ahref="https://github.com/tutao/tutanota/issues/927">subfolders</a> as you might expect with other email providers.</p>
<p>Tutanota is working on a <ahref="https://tutanota.com/blog/posts/desktop-clients/">desktop client</a> and they have an app <ahref="https://f-droid.org/packages/de.tutao.tutanota">available in F-Droid</a>. They also have their app in conventional stores such as <ahref="https://apps.apple.com/us/app/tutanota/id922429609">App Store</a> on iOS and <ahref="https://play.google.com/store/apps/details?id=de.tutao.tutanota">Google Play</a> for Android.</p>
<h5><spanclass="badge badge-success">Domains and Aliases</span></h5>
<p>Paid Tutanota accounts can use up to 5 <ahref="https://tutanota.com/faq#alias">aliases</a> and <ahref="https://tutanota.com/faq#custom-domain">custom domains</a>. Tutanota doesn't allow for <ahref="https://tutanota.com/faq#plus">subaddressing (plus addresses)</a>, but you can use a <ahref="https://tutanota.com/howto#settings-global">catch-all</a> with a custom domain.</p>
<p>Tutanota supports <ahref="https://tutanota.com/faq#2fa">two factor authentication</a>. Users can either use <ahref="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm">TOTP</a> or <ahref="https://en.wikipedia.org/wiki/Universal_2nd_Factor">U2F</a>. U2F support is <ahref="https://github.com/tutao/tutanota/issues/443">not yet available on Android</a>.</p>
<p>Tutanota has <ahref="https://tutanota.com/faq#what-encrypted">zero access encryption at rest</a> for your emails, <ahref="https://tutanota.com/faq#encrypted-address-book">address book contacts</a>, and <ahref="https://tutanota.com/faq#calendar">calendars</a>. This means the messages and other data stored in your account are only readable by you. </p>
<p>Tutanota <ahref="https://www.tutanota.com/faq/#pgp">does not use OpenPGP</a>. Tutanota users can only receive encrypted emails when external users send them through a <ahref="https://www.tutanota.com/howto/#encrypted-email-external">temporary Tutanota mailbox</a>.</p>
<p>Tutanota <ahref="https://github.com/tutao/tutanota/issues/198">does have plans</a> to support <ahref="https://autocrypt.org">AutoCrypt</a>. This would allow for external users to send encrypted emails to Tutanota users as long as their email client supports the AutoCrypt headers.</p>
<p>Tutanota offers the business version of <ahref="https://tutanota.com/blog/posts/secure-email-for-non-profit">Tutanota to non-profit organizations</a> for free or with a heavy discount.</p>
<p>Tutanota also has a business feature called <ahref="https://tutanota.com/secure-connect/">Secure Connect</a>. This ensures customer contact to the business uses E2EE. The feature costs €240/year.</p>
