2016 Email Security Roadmap

January 1st, 2016 in Security

For 2016, we are looking forward to another year of progress towards building easy-to-use secure email. Today, we are publishing our first security roadmap. Over the course of 2015, we have taken several big steps towards making ProtonMail the easiest to use secure email service. Some highlights of 2015 include the release of ProtonMail 2.0, …

Secure Email DDoS Protection

Guide to DDoS protection

December 15th, 2015 in Security

Last month, secure email came under DDoS attack, this is how we added DDoS protection to ProtonMail.   Dec 16, 2015 Update: After we publicly posted the data at the end of this post, the attackers swiftly retaliated with a 59 Gbps attack. We were able to successfully mitigate with help from Radware. We knew …

ProtonMail Bug Bounty Proram

ProtonMail Bug Bounty Program

August 12th, 2015 in Security

At ProtonMail, our goal is to build the world’s most secure email service. In order to do this, community participation in securing ProtonMail is essential, and that is the spirit behind our bug bounty program. By getting security issues reported and fixed, we can better protect the millions around the world that use ProtonMail for …

Summary of HSTS Support in Modern Browsers

May 28th, 2015 in Security

This a guest blog post by Mazin Ahmed, an external security expert who has helped test and audit ProtonMail. We hope it will educate our readers about web security. HTTP Strict Transport Security (HSTS) is a web security policy that is made to protect secure HTTPS websites against downgrade attacks that is used to perform …

ProtonMail Upgrades SSL Certificates

February 13th, 2015 in Security

Last week, we underwent the process of fortifying our SSL certificates. As part of our effort to provide the highest level of security and privacy to our users, we have upgraded every single certificate that we use. The new SSL certificates have several marked improvements over the previous ones. All certificates now use the highest …

ProtonMail’s SSL Certificate

November 3rd, 2014 in Security

January 19th, 2016 update: We have upgraded our SSL certificate!  The new fingerprint can be found in our knowledge base: https://protonmail.com/support/knowledge-base/protonmails-ssl-certificate/ NOTE: ProtonMail may use different SSL certificates for our subdomains, the information below only pertains to our main site protonmail.com ProtonMail is all about privacy and we want to do our best to protect everyone’s …

Password Managers

August 23rd, 2014 in Security

Since the original article below was first published in 2014, we have made many improvements to how ProtonMail supports password managers. ProtonMail now supports three of the most popular password managers: LastPass, KeePass, and 1Password on both the webmail and our secure email mobile apps for iOS and Android. To learn more about how to …

Update about reported XSS issue

July 8th, 2014 in Articles & News, Security

A couple of days ago, a video was circulated online that claimed ProtonMail is susceptible to a XSS (cross site scripting) issue which raised some concerns among ProtonMail users. We want to clarify that this does not impact the current version of ProtonMail. ProtonMail is constantly making security improvements through our beta process and we …

No more captcha

June 7th, 2014 in Articles & News, Security

EDIT: 6/6/2014 – Due to this update, it might be necessary to clear your browser cache before trying to log into ProtonMail, otherwise the mailbox decryption step may fail. Effective immediately, we have removed the captcha from the ProtonMail login systems. Frankly, it was not very effective at deterring brute force attacks and makes the …

Updated SSL certificate, plus dedicated security email

June 4th, 2014 in Articles & News, Security

We have made a couple changes to ProtonMail in the past 24 hours. First, we have gotten a new SSL certificate from SwissSign which is our certificate authority (SwissSign is largely owned by the Swiss government). This new certificate allows for wildcards so subdomains like www.protonmail.ch no longer throw invalid certificate errors, and there is …

ProtonMail Security Contributors

May 25th, 2014 in Security

At ProtonMail, security is our highest priority and something that we work on day and night to improve. We have been very fortunate to have several individuals and organizations step forward to assist us with security auditing. We are a small group that is largely supported by donations and grants so we typically do not offer …

The ProtonMail Threat Model

May 19th, 2014 in Security

In this article, we will describe both the threats ProtonMail’s free and paid email accounts are designed to guard against, and also the threats ProtonMail is NOT designed to counter. From a high level, our premise is that a service like the now-defunct Lavabit does add value, despite some inherent weaknesses. We designed ProtonMail around many of …

Get your secure email account
Create Account

Proton Technologies AG

Chemin du Pré-Fleuri, 3
CH-1228 Plan-les-Ouates, Genève, Switzerland

For support inquiries, please visit

For security related discussions