Introducing ProtonMail Bridge, email encryption for Outlook, Thunderbird, and Apple Mail

Email encryption for Outlook, Thunderbird, and Apple Mail

Today we are officially launching ProtonMail Bridge, which brings easy-to-use email encryption to desktop email clients.

Ever since the day that we first got the idea to create ProtonMail, one of the most enduring challenges has been how to do email security right while simultaneously making encrypted email easy enough to use for normal people. Since our early days working from the CERN cafeteria, we have been working tirelessly to address this specific problem.

In the years since, we have made many great strides towards creating usable encrypted email, first with ProtonMail’s webmail interface and then with our award-winning iOS and Android secure email apps. However, one of our goals has always been to bring easy-to-use encrypted email to desktop. The problem is formidable. Desktop systems encompass multiple operating systems with dozens of popular email clients with their own adherents, and virtually none of them natively speak PGP, the email encryption standard upon which ProtonMail is built.

Around two years ago, we created a small task force to tackle this challenge. Today, we are finally ready to present ProtonMail Bridge.

ProtonMail Bridge for MacOSWhat is the ProtonMail IMAP/SMTP Bridge?

In a single sentence, ProtonMail Bridge is an application that allows you to use your ProtonMail encrypted email account with your favorite desktop email client such as Thunderbird, Apple Mail, or Outlook, while simultaneously retaining the zero-access encryption and end-to-end encryption that ProtonMail provides. The best part is that this does not require modifying your email client or making changes to your existing workflow. Use email like you have always used it, and the Bridge will automatically encrypt and decrypt messages in the background.

How does the ProtonMail Bridge work?

The Bridge is an app that you download and install locally on your desktop or laptop computer and it runs automatically in the background.

ProtonMail Bridge Login

The Bridge essentially acts like a local email server (using the IMAP and SMTP protocols) and interacts with email clients also installed locally on your desktop computer. As a result, all encryption and decryption occur locally and thus the benefits of end-to-end encryption remain. The Bridge communicates with ProtonMail’s encrypted email server via our API, which supports end-to-end encryption, while email clients can communicate directly with the Bridge via standard IMAP and SMTP. In this way, standard email clients which do not natively support end-to-end encryption can support encryption without modification. Another way to think of it is that the ProtonMail Bridge translates end-to-end encrypted email data into a language that any email client can understand, thus “bridging” the gap between ProtonMail’s end-to-end encryption and your standard email client.

How does the ProtonMail Bridge work
Full-text search, multiple accounts, import/export

One of the powerful benefits of using the Bridge and email apps like Thunderbird, AppleMail, and Outlook is being able to use full-body text search within your encrypted emails. The Bridge decrypts messages as they arrive in your computer and delivers them to your desktop email client. These local copies are stored on your computer, so the search features of your desktop client work normally and you can search within your encrypted emails.

Another powerful benefit of the Bridge is being able to have multiple accounts added to an email client. For example, many users will have both a Gmail account and a ProtonMail account. In this scenario, you could simply drag messages between accounts using Thunderbird (for example). This essentially enables you to drag and drop an existing Gmail account into a new ProtonMail account as a way of doing “Account Import” (a dedicated account import and export tool is currently under development). Similarly, for users who want a backup of their ProtonMail data, most native email clients let you mass export your data and download it. You can also have multiple ProtonMail addresses and accounts in a single email client, and move messages between your ProtonMail accounts.

Threat Model

The Bridge preserves end-to-end email encryption, and also zero-access encryption (meaning that even we cannot read your emails). However, the Bridge does not protect your emails from end-point compromise (e.g. compromised laptop). Since the Bridge decrypts data locally, it’s important to ensure that your computer is safe. If someone breaks into your computer while using the Bridge, the unencrypted data could potentially be viewed as well.

During the installation process, the Bridge will auto-generate a “Bridge Password”. This Bridge Password is used to setup and configure your email clients. In this way you don’t need to trust your email client with your secret ProtonMail password.

JavaScript Cryptography and Open Source

Because the Bridge is locally installed, it is like our mobile apps in that it does not do decryption in a browser. Therefore, the Bridge also guards against the threat vector of somebody compromising the connection between you and ProtonMail in order to send you bad JavaScript code, or ProtonMail getting compromised and serving a malicious webpage to users.

Furthermore, after the technical documentation of the ProtonMail Bridge code is done, we will be releasing the source code of the Bridge, so that you can even compile it yourself instead of getting the binaries from us, so there is even less need to trust us. This is an important step in our work to eliminate ProtonMail itself as a threat vector.

Using the ProtonMail Bridge

The Bridge software is easy to set up and use. The setup process consists of:

  1. Installing the Bridge app
  2. Adding your ProtonMail account to the Bridge
  3. Adding your ProtonMail account to your email client (Thunderbird, Apple Mail, Outlook)
  4. Configuring your email client’s settings (ports, password, etc).

Currently, the officially supported email clients are Thunderbird, Apple Mail, and Outlook, on both Windows and MacOS (Linux is coming in Spring of 2018). However, in theory, any IMAP email client can work with the Bridge, and in our beta testing, many were shown to work. If you are a paid ProtonMail user, you can immediately get started here:

Finally, we would like to thank the thousands of ProtonMail users who participated in the Bridge Beta over the past year. Your support and feedback was invaluable towards bringing the Bridge to fruition, and we look forward to making ProtonMail even better for the community.

Best Regards,
The ProtonMail Team

You can read the ProtonMail Bridge press release here.
ProtonMail’s media kit can be found here.
ProtonMail Bridge images can be found here.

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support!

About the Author

Irina M

Irina is part of ProtonMail's communication team. With a background in graphic design and digital communications, she strongly supports the protection of private data and wishes to help build a safer internet for generations to come.


Leave a Reply to an user Cancel reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

101 comments on “Introducing ProtonMail Bridge, email encryption for Outlook, Thunderbird, and Apple Mail

  • Would I have known that this will come I would have sent you a lot of customers for BlackFriday…
    Maybe make another good offer for Christmas time because this is really amazing and could become a very good deal.

    I will think about moving my Bussiness emails to you.

      • In order to survive as a company and further develop high-end security products, we need to monetize premium features. Thank you for understanding.

        • Why do you a require a paid account for such a basic feature? This is not premium by any stretch of the imagination.

          Very disappointed. Waiting until it becomes free so I can finally switch to Protonmail full time.

          • It must be a paid feature for now because the Bridge adds a lot of extra load onto our servers, and if we made it available for all free users, our servers might not be able to handle the load. Also, upgrading to a paid account helps us buy more servers and build more infrastructure.

          • As I like to say: You get what you don’t pay for.
            The reason why ProtonMail should exist is because other services are free so we have to agree to open up all our data to mining. If one likes or doesn’t mind having one’s data mined or not encrypted, then there’s really no reason for switching. And if the reasoning is, “I have nothing to hide,” then this service is really beyond one’s need.

          • It’s not premium? Really? How many encrypted email services do you know that offer an encryption layer for a third-party client? This is HUGE. As soon as the Linux bridge comes out, I’m sending ProtonMail my money.

        • This is fantastic news, thanks so much!

          Thank you also for monetizing your business with money rather than my personal information. There is no free lunch and I appreciate transparent motives that do not compromise my security or privacy.

        • You censure comments here, delete posts in the forum and here, you are not transparent with the people you are amateur entrepreneurs selling “security” to an amateur public with a highly questionable business model: Very limited, hierarchical and non-democratic. Poor countries can not have access on something like protonmail, the bridge platform would be a light to many people who would need a minimum of privacy offered here.

          • Hey Captain Plainut, why don’t you show them hot it is done and create your own secure email service? Then you can give it away for free to those you seem so concerned about. What are you waiting for? Please give us updates on your service and availability dates. Can’t wait!!!!!

      • How about you stop being such a whiny fuckin’ bitch. They’re already providing a great service to people for giving away secure a alternative to the gmail. If you really want a secure email server with desktop integration(for whatever reason old man), then set it up yourself. There’s nothing stopping you from setting up your own email server and domain. Or you can just shut the fuck up and enjoy the free service you’re given. The sense of entitlement from people like you is astonishing.

  • Thank you for the ProtonMail bridge!

    Within the last week, news arrived that the NSA (based in the US) has been arguing in surveillance court that the NSA should be able to ask US-based tech companies to provide a backdoor on encrypted US products *and to mandate that this request be kept secret*. This request can also be stepped-up to become a requirement.

    Get the picture? Every day the US reassures us the we can trust it with our electronic communications. Now, we regularly discover the US is actually determined to get our data. It’s a shame they feel they have to act this way.

    Eventually, secure communication will be a given, not the exception. At it’s current pace, Gmail will serve as a wasteland for spam emails, a service now provided for most people in a Yahoo account. This ProtonMail bridge will now make my Thunderbird email a pleasure to use.


  • Thanks for the always evolving service. I’m currently waiting eagerly for the Linux release of the bridge!

    Remarks about the links at the end of the article: “ProtonMail Bridge press release here” leads to a broken link, and “ProtonMail Bridge images can be found here” leads to a dropbox folder, when I believe a self-hosted folder would me much more professional.

  • WHen will Bridge be available for Linux?
    As a LONG time paid subscriber and Linux user, I find this very frustrating. I am sure a not insignificant percentage of your user base is Linux users. I will continue to support protonmail. I hope this situation is resolved very soon.

      • It is incredibly frustrating to pay the same money as a Windows or Mac user and be told to wait months for your version (GNU/Linux). My money has the same value, and I pay for my account with ProtonMail. Part of the reason I use ProtonMail is because I value security and privacy, which are also major reasons why I use GNU/Linux instead of Windows or a Mac. Oh, irony.

  • Until this is open source (and no proprietary blobs hidden in the code!) and available in Linux distros repositories, I’m out.

  • I know the bridge uses IMAP/SMTP and therefore does not support anything other than mail, but do you have plans to implement some kind of extra protocol to be able to sync contacts and calendar (when it’s done) via the bridge as well?

    • Hi Peter,

      Setting up your own CalDAV and CardDav server is quite easy (unlike having your own mail server, which is near impossible).
      Especially if you already have a NAS running.

  • I have just installed the new bridge for Thunderbird on Windows. It is working beautifully. I had to upgrade to a paid account but was going to do this in any case as soon as IMAP support was available.

    Brilliant! You’ve cheered me up after all the Brexit madness in UK!

  • Thanks for evolving the Premium features! Love having Protonmail as a choice compared to the free (data mining personal information) email services!

  • Great feature! …your Black Friday event was a GREAT deal …adding this as another carrot would’ve sealed the deal with anyone I know. The bridge was the missing piece.

    Keep up the great work guys! Really awesome email service.

    • Premium features like the ProtonMail Bridge help us have the funds to further develop ProtonMail and allow us to sustain the unlimited free accounts we’re offering.

  • I wish you would have announced this 2 weeks ago before the Black Friday sale… If so, it would have been an automatic purchase. Hopefully it comes up again.

  • We have been testing ProtonMail using a free account and are impressed. With the bridge, we are leaning towards moving our business to a paid account. In the post, there is mention of the bridge working with desktops. In our case it would be Mac OS X with Apple Mail. How would this work for email on our iPhones?

    Looking forward to your guidance.

  • Why is the connection between protonmail servers and the bridge not simply imap? Why should this be a specialized tool for protonmail? Why is that non-standard (non-imap) connection increasing server load?

    If you had:

    protonmail svr — (imap) —> local cipher bridge — (imap) —> local MUA

    it would actually decrease server load, because the gui objects would not be needed. And such a bridge would be useful independent of protonmail.

    • The reasons are the following:

      a)IMAP has certain expensive operations which we do locally instead, so this helps us manage server load;

      b) anything like this that downloads entire inboxes as opposed to thin clients (which do not) is going to increase server load regardless of communication protocol;

      c) At a minimum, key management is not handled by the IMAP protocol, which is one of the functions of the Bridge, but this applies to all the other ‘extras’ that we want to do that don’t fit neatly into IMAP, such ProtonMail authentication, which is significantly more secure than IMAP, 2FA, etc.

  • Wow! Incredible work! This is very exciting to see.

    Are there plans at all to allow for users to use their own private/public key pair alongside the encryption Protonmail offers? It’s great that I can exchange encrypted emails with other protonmail users without worrying about anything. However, the password protected option for non-protonmail users is cumbersome and I’ve been successful in getting more and more my friends and family up and running with Enigmail and Thunderbird. The ability to use my protonmail account with those with other email providers but with a key pair would be huge. Is that feasible and in the roadmap at all?

    Thanks again for all you do

  • When you say Linux coming soon, do you mean some weeks, or some months? I have a paid plan, but was considering leaving because I dislike the browser interface. I’ll stay for now, but really want to get that Linux version.

    On that not, is this Open source, and will I be able to compile it myself? I don’t really like using pre-built software.

    • The Linux version of ProtonMail Bridge will be available in the Spring of 2018. At the moment the app is not open source, but it will be in the near future.

      • You, a security and privacy focused company, are releasing an app for Linux users and it’s open source? You must be very out of touch with your users.

      • You write “It must be a paid feature for now because the Bridge adds a lot of extra load onto our servers, and if we made it available for all free users, our servers might not be able to handle the load.”

        So make it open source in order to setup the installation on my own server?

  • Thanks for that, keep going!

    Also thanks for monetizing your system, people complaining about premium services and those who want everything free clearly don’t understand why ProtonMail exists.

  • This is great! Is there any plans to release a bridge app for Andriod and/or iOS? I know many people have there perfected email app, and calendar app and many like to use there default phone contacts app.

  • This is amazing! I hope you guys make a birdge app for iOS and/or Andriod so we can use our favorite email apps, contact apps and calendar apps!

  • Such a nasty installer. It leaves a lot of files when you uninstall.
    Also, this is a software hog: such a big file for such a small service.
    And I feel tricked into having to install it only to find out that I don’t qualify for the service. Shame on you !

  • Very cool. As soon as it’ll be available on linux I’ll give it a try. So far I’m good with the web ui.

    Thanks for the great service.

  • Absolutely wonderful news for an email (and computers) user with a very basic and limited IT skills.
    This is a huge achievement.
    Now, I will pay for an new protonmail account!
    Thank you.

  • I was wrong with the business model of Protonmail, I thought that bridge would have at least the basic user, this is monopoly practice unfortunately the target audience of protomail really are lay people and geeks who can pay dearly for an account here.

    Anyone who has at least a superficial technical knowledge will agree that Bridge only for paid accounts is at least questionable are there other functions to be taking money but managing accounts in regular mail clients … not this should not. I even question if the Protonmail support messages here are real, I believe it is not.

  • Do I understand the timeline correctly? Linux version will be released in spring 2018, making Linux version open-source some time after that, possibly not until 2019?

    Like others said, a lot of security-conscious people use Linux and demand software to be open-source, so although we like the course of Protonmail development overall, we still can’t use it in the most secure (and convenient) way. Additionally you could get help from the community developing, debugging, testing and documenting the tool, making it less expensive for the company.

    Just like others I’m willing to pay for the service as an individual as well as to migrate our organization’s email to Protonmail, but waiting for this crucial feature to be available effectively.

    Thanks for making all these efforts though, generally speaking this is a long time awaited feature!

    • We have requested ‘Whitelisting’ for the ProtonBridge application from various Anti-Virus companies/providers.
      Many of them have replied, however, some have not. We hope this will be entirely solved with the next version of the application.

      • I’m looking forward to a 100% clean record. I can’t wait to use this Bridge, it’s a major breakthrough.

        Meanwhile, if I were the developer, I would find out which component triggers the false positive – and alter it. I would accomplish this by removing various parts of the application and submitting it to VirusTotal. That’s how I’ve done it with some applications in the past.

        • Thank you for the tip! Unfortunately, the reasons why false positives are triggered are mostly outside of our control. E.g. “this application has not been downloaded by enough users using this antivirus system”. Unless we are a large company with a lot of users, we must go through the whitelisting process.

  • Paid feature? I’m out.
    I’ve never paid for an email service and never will because my threat model simply doesn’t warrant it.
    Sad to see that your vision of protecting civil liberties online is trumped by your business model.
    The argument that this feature adds a lot of extra load onto your servers is just bs because how much of a technical challenge can it be to throttle/limit access for free accounts, seriously?

  • Apologies if this is a dumb question but am I compromising security if I use both my Gmail account and Protonmail account as separate accounts within the same Mac OSX Mail app on my Mac device (i.e. could Google theoretically read my Protomail from the Mail app)?

    • It’s not a dumb question. Your ProtonMail security is not compromised if you add your ProtonMail account alongside Gmail to Apple mail. However, the emails reside in your computer unencrypted, hence you must be careful to protect your local device from being compromised. The security of your local device is not covered by our threat model.

  • I’m wondering how some use cases will be handled by this (haven’t tested it yet but am curious). How can I tell in advance whether a message to someone will be end to end encrypted or not? I assume any message to a protonmail account will be encrypted (as that’s the entire point of this bridge), but some proton accounts use custom domains. Ditto with receiving messages — presumably any message from a Protonmail user is end to end encrypted, but some users use custom domains. Is there some indication in the client or the message headers that the message was secure?

    Lastly, on the web client one can send encrypted messages to non-Protonmail users by putting in a OTP to encrypt the message (and then communicating the OTP to the user through another secure channel). I assume that this is not possible with traditional email clients using bridge?

    Thanks in advance.

    • First point – Unfortunately because we do not control the interface of the client we cannot indicate whether an email is going to be end-to-end encrypted on the client itself. However all messages send to other ProtonMail users will be encrypted by default.

      Second point – this is currently not possible with the Bridge for a similar reason (no way to control the third party client interface). However we are looking at implementing a solution in the future where users will be able to add passwords to their encrypted contacts and the Bridge will use these passwords by default when sending to these contacts.

  • Hey folks! Really happy to hear this update. Want to use your service so dearly but it appears that Bridge is not compatible with my imap client – Airmail 3. Any ETA on that compatibility? Thanks for all your work – much appreciated!

    • Our team is working on implementing more email clients in the future. Unfortunately, we can’t speculate a release date at the moment.

  • Hello,

    You don’t want to make your servers open-source for security reasons, because of the antispam, and I guess because of your business model, which is totally ok.

    Do you plan to license some parts of the ProtonMail servers, such as the Bridge or the encrypted contacts, under a FOSS license?

    Best regards.

  • Great news!
    However, as many others have pointed out… not providing a Linux version is a pretty big drawback. Once that is out I might actually consider a payed plan, too.

  • I would like a confirmation that unencrypted emails in transit between my local machine with Bridge and your servers are encrypted. If a government level adversary intercepts my internet traffic, what will they see? Thank you.

    • The email contents leaving your local machine with Bridge sent to ProtonMail servers are encrypted in transit and at rest with PGP. Metadata is encrypted in transit with TLS. If malicious individuals break TLS, they can read certain metadata, but no message or attachment content. Email content is always encrypted with PGP between your device and our servers, whether it is the Bridge, the web client, or the mobile apps.

  • Are your webmail solutions such as encryption of an e-mail with a password or expiration of an e-mail after a specified time period available under Outlook with Protonmail Bridge?

    • Hi! You can do this with ProtonMail Bridge. Export all of your emails and then delete them from our servers to achieve the same thing.

  • it sounds wonderful. It will be wonderful. But:

    someone who is no IT-Specialist or had never been able to adopt all Words, phrases, shortcuts, nemaes, technical standards will not understand what you talk about.

    Even if you are a well educated person that uses over 50 applications and was programming himself 25 years ago is not able to understand what you do and what to do….. the basic problem of all these new ( necesRY) TOOLS IS THAT customers are overwhelmed by a ” soecialist-language” they do not understand.

    I personally beleive that you will boost your services when you transform your technical information into humanbeeings language and country by country. English is widely understood and spoken but IT-english is a zoo-language with hundreds of abbriviations nobody understands.

    I am very soory but I feel really cockeyed, even after reading it three times.

    My requirements are: I have a website for my coomunication to the outside plus an web-Mail account. This site and its mail account I would like to secure. Plus I hold 5 Mailaccounts with telekom, of which I would like to secure two accounts.

    I feel absolutely helpless with what I see at yours. My ability with your services is nil, because ma knowledge is 25 years old and nothing fits in.
    Henry paul