Does ProtonMail encrypt email subjects?

All ProtonMail data at rest and in transit is encrypted. However, subject lines in ProtonMail are not end-to-end encrypted, which means if served with a valid Swiss court order, we do have the ability to turn over the subjects of your messages. Your message content and attachments are end to end encrypted. See this article for a description of what ProtonMail data is encrypted.

 

There are two main reasons why Subject lines in ProtonMail messages are not end-to-end encrypted.

 

  1. Not Standards Compliant – ProtonMail adheres to the OpenPGP standard which largely respects the SMTP protocol. In PGP, the subject line is part of the header packet which is not end-to-end encrypted.

 

Given that PGP does not end to end encrypt subject lines, why does ProtonMail use the OpenPGP standard?

 

The reason is interoperability. By adhering to OpenPGP, we enable not just end-to-end encrypted messaging with other ProtonMail users, but compatibility with any PGP user worldwide. This means anybody, regardless of what email provider they use, can send end-to-end encrypted messages to ProtonMail users. The importance of this cannot be overstated. This also allows us to integrate with other services like Facebook. With OpenPGP, ProtonMail isn’t just a standalone encrypted email service, we become part of an entire encrypted ecosystem.

 

  1. Allow for subject line search – By construction, end-to-end encrypted data is not searchable. This is because searching through several gigabytes of emails cannot be properly done on a browser. It must be done on the ProtonMail servers, and with end-to-end encryption, the ProtonMail servers don’t have the ability to read the data. If subject lines were encrypted, it would be impossible to search through emails by subject. This is a huge detriment to everyday email usability.

 

This situation may change in the future as encryption technology evolves (for example, projects like Mylar being developed at MIT), but at present, searching encrypted data is still far off.

What can I do to protect the subject lines of my email communications?

Even though ProtonMail subject lines are not end-to end encrypted, it is exceptionally difficult for a third party to get access to them. Access would require breaching Swiss data privacy laws and getting a court order that is approved by a Swiss judge.

 

If you really want to be absolutely sure the subject lines of your emails are safe, we suggest using generic or misleading subject lines in the subject field and putting the actual subject in the message body.

Rate This Article

(31 out of 48 people found this article helpful)
Post Comment

9 comments

  1. John

    So if I understand it right.

    1. I send an email from Protonmail to Protonmail.
    2. Despite the third party intercepts the email, they cannot read nor the subject nor the email.
    3. If they get a Swiss warrant, they can read subject, but not email.

    Correct?

    What method is used to encrypt the subject?

    Thank you for your answer.

    John

  2. Ron

    PUT a Notice on ALL USER COMPOSING/SEND PAGE
    Telling them that the Subject info is NOT Encrypted !!!
    Educate them… MOST people will Believe the Subject data IS Encrypted.

    THIS IS VERY IMPORTANT.

  3. user-fr

    The PGP is at this day safe. But in 1 or 2 years for exemple ?

    All data is keep by Swiss country, and from others country out of Swiss who can see data in Swiss without problem.

    So, for Fun, a text not so clear in PGP is maybe all time better 🙂

  4. Noah

    You have a very thorough Q&A section, and I like the “how does this work?” links in the settings window. I think this is definitely something that should have a quick note on the Compose panel with a link to this page.

  5. Chris

    What logging does ProtonMail do? I know that a user can turn on security logging which captures the IP address from which the user logs into their inbox – does ProtonMail save this information or is it cleared from your logs when the user clears it in their settings? Do you log the user’s IP address anyway even if they do not have security logging turned on? What other information do you capture/log from a user’s session with their ProtonMail inbox, and how long do you store that information?

  6. curious

    I read the instructions to forward gmail emails to proton mail to relocate old emails. Doesn’t this put your proton mail email address at risk since gmail captures all forwarded and sent messages and contacts and that is how gmail “links” you to people you have previously emailed, or are in your phone’s gmail contacts?

  7. ProtonMail Support

    Gmail won’t have access to your ProtonMail password, so your ProtonMail account is safe.

  8. jstn

    If you are not an educated user, educate yourself. The world is where it is because no one cares and because of ignorance.
    Protonmail team is not your mom & pop …

    Great job PM and never give privacy/security for ‘ease of use’ – we are sick of that bull****

  9. Mikey

    Sorry, wrong section (I know, but tired looking for it)

    I would love to see a ‘snooze’ function (reminder function) on mails.

    Even Gmail, etc. has it nowaday… PLEASE !!!

    Possible???

    Time frame?

Leave A Comment?