Why end-to-end email encryption matters

Illustration of email encryption

You need an email address to exist at all in the online world. Signing up for YouTube, Facebook, Twitter, Reddit, or any other online service requires one. It’s also our go-to method of communication for online banking, purchasing, and business deals. As a result, over half the world’s adult population uses email, and we trust it with a great deal of our personal information. However, your email is not always as safe or as private as you might think.

Email is interoperable, meaning that Gmail accounts can communicate with Yahoo accounts which can communicate with ProtonMail accounts and so on. Unfortunately, that also means that if you email someone who uses an email service with poor privacy protections (like Gmail), your messages may be subject to its privacy policies, regardless of what email service you use.

All major email providers will give some level of protection against eavesdropping or tampering of their users’ emails, but most do not provide the maximum privacy and security available. We believe that everyone deserves email privacy and security, and that means ensuring that no one else has access to your emails, and that is why we protect your emails with end-to-end encryption (E2EE).

What is end-to-end encrypted email?

When you send an email, your message is routed from server to server until it reaches your recipient’s inbox. All major email providers use TLS (Transport Layer Security), which provides an encrypted route for your email as it is sent between servers. This keeps your message private while it is in transit.

However, with TLS encryption, your emails are decrypted once they reach your email provider’s server rather than upon reaching your recipient’s device. This gives email providers that only use TLS access to all the messages stored on their servers.

By comparison, end-to-end encrypted email is inaccessible to anyone but the intended recipient, making it much more secure. End-to-end encrypted email is encrypted at the source (your device) and only decrypted once it reaches its endpoint (the recipient’s device).

As only the two ends of the conversation are able to access and read end-to-end encrypted email messages, your email provider, ISPs, and government bodies are unable to access the information enclosed.

However, end-to-end email encryption only works if both people are using PGP or the same E2EE email service, such as ProtonMail. (We use PGP encryption to ensure ProtonMail users can communicate privately with other PGP users who share their public key, even if they don’t use ProtonMail.) If you email someone who uses an email service that only uses TLS (such as Gmail), your messages will be subject to its privacy policies and accessible by that email provider, even if you email them from a ProtonMail account.

To navigate these privacy issues, we use both end-to-end encryption and zero-access encryption to protect your emails. You can also use our ‘Encrypt for Outside’ function to send end-to-end encrypted messages to users who do not have an E2EE email service  —  these messages are password protected and expire after 28 days.

Why should email providers use end-to-end encryption?

Although TLS allows email services to securely transport your emails, there are considerable privacy and security risks involved if your emails are not end-to-end encrypted. Emails that are not sent using end-to-end encryption can be decrypted by the email provider.

Less vulnerable to attack

As most email providers hold all of your messages on their servers, any hacker that is able to penetrate those servers will also have access to all of your information and the information of everyone else whose emails are stored on that server. 

The most recent and perhaps most serious breach of this kind is the Microsoft Exchange hack, though there is a long history of email server hacks, with victims including Yahoo, Sony, and even the NSA.

Data privacy

Email providers such as Google are known for gathering huge amounts of data on their users. Although Google stopped scanning emails for advertising purposes back in 2017, Gmail’s bots can still access your emails’ content for other purposes, such as applying labels to your emails and communicating with other Google apps. When users install ‘add-ons’ to their Gmail account, they are also sometimes unknowingly giving up their entire inbox to be read by third-party developers.

Perhaps more worryingly, data that is stored unencrypted on an email provider’s server can be seized during legal proceedings or investigations. Depending on the data protection laws that your home country has in place, there can be low thresholds to making these types of data requests. Once a data request is made, email providers often have no choice but to comply.

Essentially, whether by brute force or legal compliance, if your email provider does not store your emails with end-to-end encryption, you cannot control who can access your information.

Protect your privacy online

At ProtonMail, we’re creating trusted ways for people to stay in control of their information at all times. We believe that everyone deserves privacy online and that the internet should serve the interests of all people rather than selling your data to the highest bidder.

Online privacy is much more than encrypted email, but it’s a good place to start. You can sign up for a free secure ProtonMail account here. With a ProtonMail account, you can also send private emails to non-ProtonMail accounts using our Encrypt for Outside option. For further privacy online, we also have a free secure VPN that protects your internet browsing activity.

All of ProtonMail’s user data is stored exclusively in European countries with strong privacy protections, such as Switzerland. This means that unlike other email providers, ProtonMail does not fall under the jurisdiction of intrusive anti-privacy laws and cannot be coerced into working with the NSA.

End-to-end email encryption FAQ

How does end-to-end encrypted email work?

End-to-end email encryption (E2EE) works by using a set of keys to encrypt the email before it is sent and decrypt the message upon receipt. One key is a ‘public key’ that is used to encrypt emails that are sent to you, and the other key is a ‘private key’ that is only known to you (or your device).

The public key encrypts email messages in such a way that they are only able to be decrypted by the intended recipient, with the corresponding private key. As long as the private key is kept private, your emails remain secure.

For an in-depth guide to how E2EE works, you can read the ProtonMail guide to end-to-end encryption.

What is zero-access encryption?

When someone emails your ProtonMail account from an email provider that does not use end-to-end encryption, we will immediately encrypt that email upon receiving it using your public encryption key. Once it has been encrypted with your public key, you become the only person that is able to decrypt that email on our servers. This is called zero-access encryption, and it ensures that your information remains safe, even if the ProtonMail servers were somehow breached.

How can I use end-to-end encryption for my emails?

The simplest way to ensure the emails you send are end-to-end encrypted is to use ProtonMail, as we offer end-to-end encryption as standard, combined with zero-access encryption to keep your emails as private and secure as possible.

E2EE only works if those you are emailing are also using end-to-end encryption to protect their emails. If you use ProtonMail to send an email to an email account that does not use end-to-end email encryption, their email provider will be able to see those messages. So it’s best if both parties are using ProtonMail.

At ProtonMail, we have zero access to user data, so any emails you send using your ProtonMail account are inaccessible to us, and we are unable to hand over your data to any third parties. In addition, we use open source cryptographic libraries, which helps ensure that the encryption algorithms we use are vetted and do not have any known security vulnerabilities.

Can end-to-end encrypted emails be hacked?

While emails with end-to-end encryption are much more secure than emails that are sent via TLS, it cannot be said that any email is “unhackable”. The best way to protect your end-to-end encrypted emails is to ensure you use a strong, unique password for your ProtonMail account. 

If you repeat your password across services, it is possible that a security breach on one of those other services will result in your password being leaked. Using a strong and unique password for each of your accounts and devices means that even if one password is leaked, the rest of your accounts online remain secure. End-to-end email encryption works best when combined with other internet privacy protections such as using a VPN to protect your internet browsing activity and ensuring two-factor authentication is enabled whenever possible, in addition to using strong passwords.

Feel free to share your feedback and questions with us via our official social media channels on Twitter and Reddit.

About the Author

Lisa Whelan

Lisa is an activist, writer, and internet privacy advocate. A defender of the right to privacy for people everywhere, Lisa joined Proton to spread awareness and further enable freedom online.


Comments are closed.

2 comments on “Why end-to-end email encryption matters

  • Hello there,

    How would using Protonmail protect you from keylogging and similar attacks that would seem from the outset to preempt encryption?

  • If I understand your architecture correctly, a ProtonMail user sending an email will have her message encrypted by her browser (by a copy of OpenPGP.js served by protonmail.com) and your backend never sees the cleartext of the email. This is basically what we mean by end-to-end encryption.

    How do you perform spam and virus filtering on such encrypted emails?

    I understand that there is some communication going between the server and in-browser components of ProtonMail that allows the sender side to know whether the email is going to be sent with or without end-to-end encryption, so in case of an external recipient without encryption, it will forego the encryption. In that case your backend is naturally going to be able to see the cleartext being sent. Same for incoming email from external providers: you do the filtering before it is encrypted with the recipient’s public key and delivered to her mailbox. So far so good.

    But for outbound PGP-encrypted email, or email sent to another ProtonMail user, the in-browser encryption will ensure that only the recipient is able to decrypt the message. To me, this cannot be reconciled with the need to perform spam and virus filtering. Or are ProtonMail users open to abuse and malware from other ProtonMail users?

    You expressly state that all email between ProtonMail accounts is protected by end-to-end encryption. At the same time, I simply cannot imagine that you (as a provider with several million mailboxes, offering free account signups to members of the public) can afford to do without spam filtering on ALL your email traffic.

    I hope I managed to make my concern clear. Can you please shed some light on it?