ProtonMail v3.14 Release Notes

With ProtonMail version 3.14 we introduce PGP support, which includes import of PGP keys into ProtonMail contacts for encrypted communication with external PGP users, address verification with trusted keys, and several other improvements.

PGP Sending

All ProtonMail users can now associate public keys with individual addresses in their contacts to enable encrypted communication with addresses that use other PGP services. For this reason, we have added an Advanced Settings button next to each address as shown in the image below:

This opens a new modal with settings that can be personalized for each address individually:

 

Address verification

ProtonMail also allows you to trust public keys for each contact in order to enable address verification. Using trusted keys, a user can ensure that specific keys are used to encrypt the message for each contact. Because the contacts are signed, the server cannot tamper with these keys.

Manage address keys

Previously, ProtonMail only provided the option to export your existing public keys. With ProtonMail 3.14, it is now possible to export both public and private keys for addresses, to generate new keys, to mark existing ones as obsolete or compromised, or to delete them.

Improved session management

We have also added a new feature for managing your active sessions. In the Security tab in Settings (on the web version), there is now a Session Management section which shows the active sessions for the account. Here you can see which client was used to log in on the account and when. Individual sessions can be revoked, which will forcibly log out that session:

Option for reporting phishing messages

We are always working to improve our user experience by making sure the messages you receive are legitimate. However, there are cases when malicious messages do end up in our users’ mailboxes. For this reason we have added a new warning and a new report system for potential phishing messages. If a message is detected as a potential phishing attempt, a red banner is displayed, asking users to be cautious. Even if this banner does not show, but a message appears to be a phishing attempt, you can report it under the More menu with the new “Report phishing” option.

 

New modal for expiring messages

The latest version of ProtonMail also brings an improvement to expiring messages. If an expiration time is set, but it is not supported by some of the recipients, we display a new modal that lists required actions to enable expiration for all recipients. It is also possible to send the message without expiration.

Add multiple recipients from the composer

For easier use, we have added another feature enabling users to quickly add multiple recipients right from the composer. To do this, simply click on the “To”, “CC”, or “BCC” text in front of each corresponding field. This opens a modal with a list of contact, which makes it possible to search and select multiple addresses and add them to the respective fields.

 

Detect nonexistent ProtonMail addresses

Another improvement to the composer is the detection of nonexistent ProtonMail addresses. In this case, the nonexistent address will be marked with a red rectangle as shown in the image below.

 

Option to remove a contact if you mark a message as spam

Messages from addresses saved as a contact are always delivered in the Inbox if no other custom filters are set up. This may cause spam messages to arrive in the Inbox if a contact’s account has been compromised or if the spamming address has been saved by mistake.

For this reason, it is now possible to mark a message as spam and have the option to also remove the sender from the contacts list.

As always, your feedback is very welcomed and appreciated. Feel free to let us know your thoughts in the comment section below. If you have found a bug, please let us know through the Report Bug feature.

We wish you a productive day!

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Irina M

Irina is part of ProtonMail's communication team. With a background in graphic design and digital communications, she strongly supports the protection of private data and wishes to help build a safer internet for generations to come.

 

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

20 comments on “ProtonMail v3.14 Release Notes

  • When is this update going live? I have been waiting an eternity for this and its literally the only thing keeping me from signing up.

    Reply
  • Any plans to automatically publish the public keys in public servers like http://eu.pool.sks-keyservers.net/ so any other email providers can fetch the public keys of protonmail users without having to ask specifically to the user for it in the first contact email? Mailfence for instance can publish its keys and retriieve a public key from any user that is registered in the server.

    Also any plan to add a shortcut for report phising, like pressing letter “p” with a similar behaviour of pressing letter “t” to delete a conversation?

    Reply
    • You can find our public key library here: hkps://api.protonmail.ch

      We will consider the shortcut for phishing. Thank you for your suggestion!

      Reply
  • I have created new keys for Email, and made them primary, can I remove the old ones without causing any problem?

    What’s the difference between Contact encryption keys and Email keys?

    Reply
    • Hi! If you remove the old ones you will no longer be able to decrypt emails encrypted with the old keys.
      Contact encryption keys encrypt and sign the contacts, and emails encryption keys encrypt and sign emails.

      Reply
  • Allowing someone to enumerate usernames for a service is normally considered a major security hole. Why is this a “feature”?

    Reply
  • Thank you! I no longer have to go through the process of reporting suspicious emails directly to the company that the phishers are impersonating. AT&T doesn’t exactly make customer support easy on this front.

    Reply
  • Thank you so much for this update, full PGP support missing was the only thing holding me back from switching to Protonmail!

    Reply
    • Thank you for sticking around to see this feature arrive to ProtonMail. Your support means a lot. Please don’t hesitate to send us your feedback.

      Reply
  • Having all ProtonMail public keys accessible by a keyserver (hkps://api.protonmail.ch) exposes names and email addresses of ProtonMail users, as well as key certifications that ProtonMail users have been given. Wouldn’t this allow anyone to determine social graphs and search for someone’s email, which ProtonMail users may want to keep private?

    Also, the feature that allows detecting nonexistent ProtonMail addresses allows a malicious ProtonMail user to discover another ProtonMail user’s email address without the target’s knowledge and consent.

    Reply
    • There are smart rate limits in place that prevent enumeration. We don’t do key certifications so social graph data can’t be derived from the key server.

      Reply