Overview of the most secure e-mail services

We widely use most popular e-mail services such as Gmail, Yahoo! Mail etc. We entrust them with our most sensitive data, but shall we? From time to time, breaches, vulnerabilities, and leaks happen to these companies. So, when it concerns sensitive information, we have to understand that there is no place for popular e-mail providers. For such purposes, we should have more secure services at our disposal. The Analytical Department of Falcongaze have observed some of them. We provide you with the results of our investigation.

ProtonMail

ProtonMail is provided with end-to-end encryption and zero access encryption. Users’ emails are stored and transmitted between servers and users’ devices in encrypted format. That is why the risk of message interception is minimized. If a user needs to send a message to a different e-mail provider, there is an option to switch the encryption off. In ProtonMail you can set up an expiration time on e-mails. They will be automatically deleted when the time comes.

To prevent Man-in-the-Middle attack, ProtonMail uses SSL-certificate.

Two passwords are necessary for ProtonMail account: the first – to log in, the second – to decipher letters. A user is the only one to be aware of the second password. In case they lose it, there is no way to retrieve e-mail contents.

ProtonMail uses open source code. There is an opinion that open source code is better, because the developers from all over the world can review it, find vulnerabilities, and notify an owner.

CounterMail

They say that CounterMail has not had any leaks and breaches yet.

CounterMail promises that your correspondence will be safe. Each letter is encrypted before sending. However, you can send messages to different providers only if they have compatible OpenPGP as there is no way to hack it with any possible cryptographic or computing tools, according to CounterMail. However, to use the service, you need a browser with activated Javascript.

The service is provided with defense mechanism against MITM-attack and password manager Safebox. You can store your logins and passwords here. CounterMail warns that if you forget or lose the Safebox password, you will not be able to regain access. The function “Forget password” is nonexistent as the developers consider it security weakening.

CounterMail uses end-to-end encryption and does not store users’ data on their servers.

Tutanota

Tutanota has revealed it source code. Consequently, security experts can check it in order to ensure backdoor absence.

The service is provided with end-to-end encryption and two-factor authentication. The emails are encrypted regardless the version of the program (web, desktop, Android or iOS app). The company uses AES and RSA instead of PGP as these measures allow to encrypt more strings and functions (contacts, calendar), Tutanota says.

To gain access to account, you do not need private information such as telephone number. Tutanota tracks IP-address to neither the sender not the receiver. Password is sent to the server in hashed format. The server bans tracking by not loading that kind of pixels.

Runbox Solutions

One of the Runbox’s benefits is its integration with such e-mail providers as Outlook, Gmail, Opera Mail, Yahoo! Mail.

The company says that it does its best to encrypt the emails while transferring them between a user and a server, but the only way to ensure nobody reads your messages is end-to-end encryption. Runbox recommends using PGP or S/MIME methods. However, the data is not encrypted while located on the server.

The service informs that only users are aware of credential details. They are the only ones to reveal them to third parties.

Runbox provides users with two-factor authentication. The company does not store IP-addresses so you can stay anonymous.

There are not all secure e-mail services. We have reviewed those which we found interesting.

So, what do you think, which e-mail service among described above is the most secure? Share in comments!

Important publications

What is UBA? 6 August 2019
What is DLP systems? 13 February 2019