Secure Email Recommendations
FAQ article on secure email providers and encryption tools
- The client needs to secure their email communications.
- Using a secure IM protocol like Signal or Jabber and OTR would not satisfy the client’s needs, for example because the people they need to communicate with don’t use a smartphone, or communications cannot be ephemeral, or they need a more secure way to communicate.
In general, email is an insecure channel of communication unless the email provider is trusted and secure and the messages are end-to-end encrypted. Therefore, we should guide the client to choose a trusted email provider and learn how to encrypt their emails, based on their capacities and threat model.
Trusted email providers
When assessing email providers, what we should make sure is that they offer TLS/SSL encryption and possibly 2-factor authentication (better if based on an app or a secure key, rather than on SMS), and that they allow downloading messages with an email client (POP3/IMAP).
Depending on the client’s preferences, habits, location, and focus, we can suggest them to use one of the following providers:
- Gmail - If the client is already using Gmail, and they don’t have state-level adversaries, this solution is safe enough.
- Posteo - Based in Germany. Can encrypt emails for other Posteo users. Website does not save IPs. Basic contract costs 1 euro per month. It’s possible to add additional storage, additional alias addresses and additional calendars for a low fee.
- Autistici/Inventati (A/I) - An autonomous server based in Europe that offers free email and other services and keeps no logs of their users’ activities. A/I offers its services to individuals and groups who share the principles expressed in their manifesto and policy. We should explain this to the client before they request an email. The creation of the account might take some days, as it’s not automatic and managed by volunteers.
- Kolab Now - Based in Switzerland, paid service, a good alternative to GSuite for organizations
- Other services: includes several features (file sharing, calendar, task manager, notes, own domains, group accounts)
- Riseup - an autonomous server based in the United States that offers free email and other services to activists and organizations for social change. They don’t keep logs, and issue a canary statement. To obtain an account, 2 invite codes generated by 2 different Riseup users are needed. These codes can be generated by members of the tech team who have a Riseup account.
- No 2FA
- Other services: alias address, VPN and Jabber/XMPP included
For activists, other options are listed here.
|Email Provider||Jurisdiction||Keeps logs||NGO-friendly||Webmail||POP3||IMAP||TLS||Encryption at rest||2FA||Custom domains||Office suite||Max. storage||Free/Paid|
|Posteo||Germany||No||No||Yes||Yes||Yes||Yes||Yes||Yes||No||Calendar + Address book||2 GB||Paid|
|Autistici/Inventati||Italy (servers abroad)||No||Activist-friendly||Yes||Yes||Yes||Yes||No||Yes||No||No||Unlimited||Free|
|Kolab Now||Switzerland||Yes||No||Yes||Yes||Yes||Yes||None||Yes||Yes||Yes||2 GB||Paid|
GPG encryption tools
Whatever email provider the client is using, we should explain that, unless they are encrypted with GPG, their messages will be potentially readable for anybody who has access to the providers’ servers or to their or their recipients’ devices, or can otherwise intercept their communications.
Based on the capacities of their adversaries and on the degree of confidentiality of their communications, we might need to instruct them on how to encrypt their email messages.
- For setting up GPG, see Article #18: FAQ - PGP Setup Base Article.
Depending on the client’s operating system and capacities, we can suggest them one of the following tools for encrypting their email with GPG:
- Thunderbird+Enigmail - If the client is ready to read their email on a client in their computer, the solution to recommend is Thunderbird with Enigmail.
- Mailvelope - If the client prefers to read their email in a web interface, they can encrypt and decrypt their email with Mailvelope, a Firefox and Chrome extension that is easy to use, but has some limitations both in terms of usability and security (add details) and should not be used by high-risk users.
- GPG4USB is a PGP tool that can be ran off of a USB drive and works on both Windows and GNU/Linux. This solution can be recommended to keep the client’s key pair on a separated USB stick rather than in their device.
- GPG Suite is the tool we can recommend to Mac users as an easy way to install GnuPG. It can be used with Mail for MacOS or Thunderbird and Enigmail.
K9 and OpenKeychain are the recommended tools for Android users. Before we suggest this solution to our clients, we should warn them that mobile phones are not secure and that storing a private GPG key in smartphone is risky, as the device can be lost or stolen. We should recommend they use native end-to-end encrypted messaging applications like Signal or Wire.
If the client still wants to encrypt their email from their phone, we should make sure that the client’s device is protected with full-disk encryption and a strong password. We should also recommend to use a different GPG key pair or a subkey.
Note: We should warn the client that even with PGP encryption, metadata included in the header, like the sender’s and recipient’s addresses, the subject and the timestamp, won’t be encrypted. If they need to encrypt metadata too, at the moment the only tool that allows to encrypt the header is Torbirdy, an addon for Thunderbird.
Web apps for encrypted email
For less high-risk situations where communications need to be encrypted but the client is not ready to learn how to use GPG, they can use a web service that offers a webapp for encrypting emails, like Protonmail and Tutanota. We should warn them that this solution is not as secure as using GPG and make sure that the service they choose is based on open source software.
For more recommendations on web apps for secure email, see Article #161: Recommendations on encrypted email web apps.
A technical explanation on why browser-based encryption should be considered insecure