Focue Provides the Latest and Most Up-to-Date News, What You Focus On is What You Get.
⎯ 《 Focue • Com 》

Proton Mail Review

2023-08-18 16:12
Isn’t it great that you can get an email account from a big company like
Proton Mail Review

Isn’t it great that you can get an email account from a big company like Google or Yahoo for free? But wait. It’s not really free. You pay with your privacy by allowing the provider to track your activity and target ads, among other things. If you’d like to reclaim at least some of your privacy, consider switching to an encrypted email provider that puts your security first, like Proton Mail. You can use Proton Mail at no charge, while paying for an account removes some limits and enables advanced features. Proton Mail stores your data using zero-knowledge encryption, meaning only you can access it. A disgruntled employee can’t rummage through your Proton Mail messages, and the best subpoena in the world can’t force the company to turn over your account.

At Proton Mail's Unlimited level, your subscription gets you full access to Proton’s VPN, password manager, calendar, and encrypted drive, as well temporary email address provider SimpleLogin. This wealth of added features combined with effective end-to-end email encryption makes Proton Mail an Editors' Choice winner for email encryption service. It's a top choice alongside PreVeil, which gives you powerful email encryption at no cost, and Skiff, which offers encrypted calendar, collaboration, and shareable cloud storage.

How Much Does Proton Mail Cost?

If the name Proton Mail sounds familiar, you might be thinking of Proton VPN, a VPN service that's strongly focused on physical security. Both programs come from the same company, Proton Technologies.

We recommend that you start out with the free edition to see how it suits you. If you like it fine but run up against its limitations, or if you want those enticing premium-only features, you can upgrade to the Plus edition for $3.99 per month or $47.88 per year. At the Unlimited level, you pay $9.99 per month or $119.88 per year. That sounds a little high until you learn that the Unlimited subscription gets you full access to all of Proton’s security tools.

Some competing services cost more than Proton’s Plus edition. For example, a year of Private-Mail costs $49.99 and StartMail goes for $59.95. However, SecureMyEmail is $29.99 per year, and you can get a year of Tutanota Premium for just 12 euros ($13.11 at the time of this writing). Tutanota, like Proton Mail, includes a calendar even at its free tier; unlike Proton Mail, it doesn’t put any limits on the number of messages for free users.

Tutanota's free edition does limit how far back you can search your messages. Paying for a premium account lifts this limit. With Proton Mail, searching message content is a free feature that involves creating and maintaining an encrypted local index on your device.

It's Surprisingly Easy to Be More Secure Online

In some cases, you pay nothing at all. As the name suggests, Virtru Email Protection for Gmail works only with Gmail, but it doesn’t cost anything. PreVeil is a free and full-featured email encryption system that lets you keep your existing email address. Skiff, like Proton Mail, includes encrypted calendar and storage modules, as well as encrypted collaboration. Skiff is free, though as with Proton Mail, you gain access to advanced features with a paid subscription.

Wait, Isn't Gmail Encrypted?

You may remember hearing that Gmail always uses a secure HTTPS connection. When it sends your messages, it uses the standard TLS (Transport Layer Security) to protect your data in transit. However, it's easy to accidentally give mail-reading permission to third-party apps. And despite claims that Gmail no longer reads your email, it does read your messages sufficiently to do things like automatically put airline flight notifications in your calendar. Google has a policy for when and how it releases your email to government entities, clearly indicating that it can do so if compelled.

Proton Mail uses these basic security tools, too, but it doesn't stop there. Before it securely sends your messages, it actively encrypts them using public key cryptography. It stores your messages locally in zero-access encrypted form, meaning that the company can't give your messages to a government entity even if subpoenaed, and a sneaky employee can't weasel into your private message stash. When you communicate with another Proton Mail user, the connection is encrypted from end to end.

Note, too, that Proton Mail is based in Switzerland, which has stricter privacy policies than the US. It's also an open-source project, meaning that experts have an opportunity to look over and vet its security algorithms. While Gmail and its like have some security features, Proton Mail goes way beyond them.

Getting Started With Proton Mail

Setting up a free Proton Mail account is a cinch. You start by picking a username. As with any webmail service, this name must be unique, but given the smaller pool of users, you might be able to snag a name like elonmusk rather than elonmusk_123456. Proton.me is the default domain for your account, though the legacy protonmail.com is also an option. Paying users can enable the short-form domain pm.me. After that, you need to add a strong password to protect your account, and an optional recovery email. As a final step, verify that you're human by using a simple CAPTCHA or a code sent to another email address or to SMS. Along the way you choose a theme; or you can wait to dig into the full list of eight themes (five light and three dark) in Settings later.

(Credit: Proton)

When you open your new account, a few messages of welcome and explanation from Proton Mail await you. One may be of particular interest, informing you that with a free account, you get 500MB of storage for your messages and files. It also notes that by taking four specific actions, such as loading the Proton app on your mobile device, you can double that storage allotment. You can also just start using the service.

(Credit: Proton)

If you've used Gmail, Yahoo, or any other webmail system, you already know how to use Proton Mail. A left-rail menu selects among folders, a panel in the middle displays the messages in the selected folder, and the rest of the window displays the selected message. New since my last review, you can pull in a right-side panel to display your contacts or view Proton Calendar.

Is It Easy to Switch to Proton Mail?

Proton's helpful Easy Switch feature can pull in messages, contacts, and calendar events from your existing email account. The app offers specific instructions for Google, Yahoo, and Outlook, as well as details for configuring other providers to enable IMAP and other necessary settings. Once your old account is ready, you open Settings, click Import via Easy Switch, and follow the prompts. I was surprised that the app popped up a note saying, “Large imports may take several days.” My contact at Proton Mail explained that the process can get throttled at the provider’s end. For example, Google only permits 2.5GB of exports per day.

Once the import process has started, you can go back to using Proton Mail. If you get curious about how it’s going, check the progress bar in the list of current and past imports on the Easy Switch page. In testing with a free account, Proton Mail paused the import when it had used about three-quarters of the available 500MB of message storage. My contact verified that while the storage limit applies, importing doesn’t tap into the limit on messages per day. Practically speaking, users of the free service probably shouldn’t try importing an existing account.

(Credit: Proton)

Going the other direction, the Proton Mail Bridge lets paying customers manage Proton Mail through a favorite email client, by making messages available through IMAP. I didn’t try this feature, but it’s available for Windows, macOS, and Linux.

Handling Embedded Images With Proton Mail

Sneaky tracking companies can get information about you simply by sending an email with an embedded (and possibly invisible) image. When your email client renders that image, the tracker knows that you've opened the message and receives your IP address. This chicanery is the reason that secure email services simply don't display images by default. Private-Mail goes even further, stripping out all formatting.

A while ago, Proton Mail ran with the pack, suppressing the display of images unless you explicitly requested them. At present, Proton Mail can display your email messages in all their image-rich glory without giving away anything to the trackers. It specifically quashes tracking images and reports that it did so. But even for legitimate images, it prevents the sender from receiving your IP address.

(Credit: Proton)

I found this hard to believe, since receiving the image for display necessarily requires telling the server what IP address made the request. Wouldn't you need something like a VPN to hide that detail? My Proton Mail contact explained that indeed this feature works in much the same way as a VPN. Proton Mail, acting as a proxy, makes the request and caches the image on its own servers. Then it passes along the cached image to your computer, protecting your IP address. I don't know of any similar service that performs this neat trick.

Hands On With Proton Mail

Emailing with this Proton Mail is not much different from using any other webmail service. Composing messages, viewing replies, and forwarding mail all work just as you'd expect. There are a few security-related differences. For example, if you click a link, it displays a warning and requires confirmation before opening that link.

(Credit: Proton)

A lock icon next to addresses in the header indicates the security level. If the address belongs to a Proton Mail user, pointing to the lock displays a floating tip saying, End-to-End Encrypted. For other senders, the tip says, Stored With Zero-Access Encryption.

If you're sick of all the emails you get, you could just start fresh with an empty contacts list, but most people probably don't want to lose connection with their existing contacts. As noted, the Easy Switch feature imports contacts from supported account types. Proton Mail can also directly import contacts from CSV files exported by Gmail, Hotmail, Yahoo, and others. Getting my Gmail contacts into Proton Mail was a snap.

You can define a signature, with formatting, that Proton Mail will apply to all your messages. It also adds a note, "Sent with Proton Mail Secure Email." Only paying customers can modify that note.

Message Expiration and Encryption in Proton Mail

On Windows or macOS, a lock icon below the main body of the message lets you send an encrypted message to recipients who don’t use Proton Mail. You tap the three-dot menu next to the lock if you want to control your encrypted message’s expiration. In the mobile app, an hourglass icon takes you to expiration control.

(Credit: Proton)

When you encrypt a message for someone not using Proton Mail, you set a password and optionally a password hint. Naturally, you must transmit that password via some other channel, perhaps an encrypted messaging app. By default, encrypted messages to those not using Proton Mail expire after 28 days, though you can disable expiry or set a shorter expiration time, right down to a single hour. Messages between Proton Mail users don't expire.

When your correspondent receives the message, it comes with an explanation, along with a link to view the message content online. The recipient simply enters the password to see your important missive. A banner above the message body counts down to the message's expiration.

(Credit: Proton)

StartMail, another encrypted-email service, offers a similar method for secure communication with those who don't use the service, but it doesn't support automated message expiry. With SecureMyEmail, messages outside the network don’t require a password; the recipient’s ability to log into the email account is considered sufficient. You can add a password if you wish, and out-of-network messages expire in 30 days by default.

The Proton Mail mobile apps do have a few features not found in the web-based app. You can enable authentication by face or fingerprint and define actions for left and right swipes. By default, swiping to the right trashes a message, while swiping left marks it as spam. You can also set a mobile signature, distinct from the regular signature.

Security Features in Proton Mail

One useful security feature offered with Gmail is multi-factor authentication. Naturally, Proton Mail includes this feature. To prepare for multi-factor authentication, you must equip your smartphone with Google Authenticator or a compatible authenticator app. Then open Settings, click Account and Password, and click to enable multi-factor authentication. As usual, you snap the QR code to add Proton Mail to your authenticator. Now even if a sneak thief gets hold of your password, your encrypted messages are safe.

What Is Two-Factor Authentication?

During this process, Proton Mail displays a collection of one-time emergency passcodes. Copy this collection and put it in a safe place. If you lose your phone or it goes kaput, you can still get into your account using one of those codes.

Proton supports authentication using a hardware security key. You can only do this after you've enabled an authenticator app, because not all devices are compatible with security keys. Setting up this powerful authentication couldn't be easier. You simply register your security key by inserting it into a USB port and touching it. Key-based authentication is as simple as inserting the key or touching a key that's already mounted in a USB port.

(Credit: Proton)

You can register multiple keys, against the chance that you might lose one. As part of the setup process, Proton Mail asks you to name each key so that you can tell them apart. Note that this feature is available even to those using the free edition.

Under Security and Privacy, you’ll find the Session management system, which lists all current Proton Mail sessions. If you suspect someone might be misusing your account or just want to secure a session you left open back at home, you can shut down all sessions but the one you’re using with the click of a button.

New since my last review, those at the Unlimited pricing tier can enable Proton Sentinel mode. In this mode, Proton Mail adds challenges for any suspicious logins, provides more detail in security logs, and offers 24/7 escalation of sketchy logins to human analysts. The company suggests this mode for “Public figures, journalists, executives, and others who may be the target of cyber attacks.”

(Credit: Proton)

You only get automatic end-to-end encryption when corresponding with other Proton Mail users. However, if you have tech-savvy friends who've implemented PGP (Pretty Good Privacy) email encryption, you can set up fully encrypted communication with them. When you compose a message, there's a simple menu option to attach your public key. After that, it's up to the recipient to enter that key into their PGP-aware email system. Using PGP outside of Proton Mail definitely required uncommon expertise, but it's available.

SecureMyEmail uses PGP internally but hides the key exchange process by default. As with Proton Mail, you can dig in and set up PGP-secured communication with your geeky friends. StartMail and Private-Mail both work in a similar fashion, but with a tad more awkwardness.

What Do You Get With the Paid Version of Proton Mail?

Possibly the biggest limitations on users of the free edition are the caps on storage space and messages per day. Without spending anything, you get 500MB of storage and 150 messages per day. For some, that may be plenty, especially if you're the type to deal with email right away and then delete it. Upgrading to a Plus account raises your storage to 15GB and removes the limit on messages per day. You can also manage 10 email addresses instead of the one you get for free.

Proton Mail Unlimited still has a few limits, but they’re high. Storage rises to 500GB, you get 15 email addresses, and you can link addresses on three domains that you own. There’s no limit on messages per day.

(Credit: Proton)

An Unlimited account also gives you full access to SimpleLogin, now owned by Proton. With SimpleLogin, you can create unlimited random or custom aliases—temporary email addresses that let you communicate without revealing your true address. Doing so protects your privacy, and if one of your aliases starts to get spam, you just delete it.

For comparison, a free Google account gets you 15GB of storage, shared between Gmail, Google Drive, and Google Photos; you can raise that to 100GB for $19.99 per year. Your $59.95 yearly payment for StartMail gets you 10GB of storage and no limit on the number of messages.

Proton Mail lets you put messages in folders, tag them with labels, or both. The difference is clear: A message can only reside in one folder, but it can have multiple labels. However, those using the free edition can only define three folders and three labels, while Plus users get 200 of each and Unlimited users have no such limit.

(Credit: Proton)

What Outlook calls Rules, Proton Mail calls Filters. You can add one or more conditions based on the subject, sender, recipient, or attachments, combining them using And or Or. You can apply actions such as moving messages that match the filter to a certain folder, tagging them with labels, or marking them as starred. I defined a rule stating that any message with "webinar" in the subject goes straight to the trash (very freeing!). But only premium users can have more than one filter.

You'll encounter warnings when you try to use other premium features. Only paying customers can define an Auto-Reply message for when you're out of town, for example. Like StartMail, Proton Mail can be configured to support IMAP/SMTP, so you can use your preferred email client. That's another premium feature.

If you own your own domain, you can configure Proton Mail to use your personal email address, but only if you upgrade to Plus or Premium. As with the custom domain feature in Burner Mail, I don't think many consumers will use this feature.

Proton Mail Bonus Features

Near the Proton Mail title at the top left is an icon that lets you access other Proton tools: Proton Calendar, Proton Drive, Proton VPN, and Proton Pass (a password manager). As a Proton Mail user, you get some degree of access to all these tools. Just how much depends on the plan you chose.

The calendar app works like any other but keeps your appointments private using zero-knowledge encryption. Free users can maintain three calendars while Plus or Premium members get 25. Paying customers can also share calendars.

At all tiers, you get access to Proton Drive, with the ability to sync across devices and securely share files. The amount of storage you get varies by tier, with free users pegged at 500MB. The limits of 15GB for Plus and 500GB for Unlimited, mentioned above, apply both to mail storage and Proton Drive.

(Credit: Proton)

As a standalone product, Proton VPN is a rare five-star Editors’ Choice. Those using the free edition can connect a single device at a time to a medium-speed connection, choosing from servers in three countries. Kicking your tier up to Unlimited gives you 10 simultaneous high-speed connections, with all servers available.

Proton Pass is the newest member of the family. Like the best free password managers, the free level puts no limits on the number of devices or logins. Paying customers can add multi-factor authentication and create multiple password vaults. They also get unlimited temporary email addresses, which the app calls “hide-my-email aliases.”

When you start using Proton Mail, you automatically gain access to all these other Proton apps. They’re all usable at the no-cost level, with some limitations. Upgrading to Unlimited gives you full access to all of them. It’s quite a collection.

Easy Encrypted Email and More

Proton Mail stores your message stash using zero-access encryption, and messages with other users of the service receive end-to-end encryption automatically. You communicate securely outside the Proton Mail network by password-protecting messages, or (if you’re a tech whiz) by giving PGP-using correspondents your public key. You can set messages to expire after a time and configure your account for two-factor authentication. It's also free if you can live within certain limits, though if you pay for the Unlimited plan, you get full-powered editions of every Proton product, including its class-leading VPN.

That combination of effective email encryption with a pantheon of useful security products kicks Proton Mail into the Editors’ Choice winners circle, sharing the honor with two others. Preveil offers top-notch security for your messages along with 10GB of secure, shareable cloud storage. It’s totally free, and you don’t have to change your email address. Skiff, like Proton Mail, comes with a variety of other secure services including calendar, cloud storage, and collaboration. You won’t go wrong choosing between any of these three.

Tags security