Encrypt Message for Non-ProtonMail Recipients

ProtonMail has an easy built in solution to provide end-to-end encryption for messages sent between ProtonMail Email addresses and Non-ProtonMail Email addresses. These messages do not require the recipient to install additional software or sign up for ProtonMail.

Please note, messages sent encrypted to non-ProtonMail recipients will expire after 28 days by default. You can learn more about expiring messages here.

Here’s how it works:

1. The ProtonMail user composes a message in ProtonMail:

2.  Select the Encryption button in the bottom left of the compose box and  enter a password and password hint (if desired), and select set.

Composer and Encryption button in composer in ProtonMail

 

3. Upon sending the message, a generic message is delivered into the recipients mailbox, providing them with a unique link to open the encrypted message the ProtonMail user has sent. In addition, this message contains the subject of the message, and the unique password hint if the ProtonMail user has designated one.

Encrypted email from ProtonMail to non ProtonMail account

4. Upon clicking on the link, the recipient is asked to enter the password the ProtonMail user has set in step 1.

Decrypt message using encryption password

5. Upon entering the password, the message will be de-crypted allowing your recipient to view the message and reply securely.

6. Due to the expiration time set to 28 Days by default, after the time elapses the recipient will be shown this message

Error message for wrong or expired password

*Please note- The recipient is not asked to download any software or sign up for ProtonMail at any point in this process. It is up to the ProtonMail user to find the most secure manner to communicate the password they have chosen to protect the encrypted message, to the recipient.

If you are sending encrypted email to the same email domain frequently, you may want them to learn about ProtonMail’s Custom Domain (https://protonmail.com/support/knowledge-base/custom-domains/) offering that allows seamless encryption on any custom domain.

Rate This Article

(115 out of 176 people found this article helpful)
Post Comment

57 comments

  1. LH

    It would be great if external users could reply to these encrypted messages with their own encrypted message without creating a ProtonMail account.

  2. Alex Lo

    Totally agree.

    Another recommended feature is that the receiving party can choose to store the agreed password in the browser so that he/she doesnt have to enter the passport again if I sent him/her another secure email next time.

  3. Swagat

    A password manager like lastpass/1password can be used for this.

  4. CDC

    Can you explain the difference between ProtonMail’s end to end encryption service and the use of Email Certificates? The feature of sending an encrypted outside email is very much symmetric encryption. There appears to be an absence of Email certificates for end users which is a feature of Public Key Infrastructure.

  5. tbtel

    Just to clarify, since it does not say on this page anywhere, outside users CAN send encrypted responses through protonmail. See https://protonmail.com/support/knowledge-base/can-outside-users-respond-to-encrypted-messages/

  6. Foxxy

    Sometimes people do not pay attention 🙂 It is clearly stated that you can “reply securely”.

    “6. Upon entering the password, the message will be decrypted allowing your recipient to view the message and reply securely.”

    “*Please note- The recipient is not asked to download any software or sign up for ProtonMail at any point in this process. It is up to the ProtonMail user to find the most secure manner to communicate the password they have chosen to protect the encrypted message, to the recipient.”

  7. Benjamin Lim

    *Please note- The recipient is not asked to download any software or sign up for ProtonMail at any point in this process. It is up to the ProtonMail user to find the most secure manner to communicate the password they have chosen to protect the encrypted message, to the recipient.

    Well, if I need to have a secure communication channel to communicate the password to the recipient. Then why don’t I just use that channel in the first place and skip protonmail altogether?

  8. Kirchof

    Because this additional secure channel might not be good/convenient for ongoing communications. Suppose you give your password to your target via phone, letter, scrap of paper or simply tell him. That is a once ever operation, and then you can securely email, with all the convenience that the email provides — compared to phoning (both must be available at the same time), mailing (gonna take a while till mail gets physically delivered), talking (must both be physically in one place at the same time).

  9. whitfield

    would like to have the ability to associate a pre-agreed upon password with each non-ProtonMail recipient and store that information with the Contact so that when mail is composed the password information does not have to be manually entered each time.

  10. leslieallen

    It would be good to have a proton mail password key database for those users who cannot seem to remember their passwords… and choose to use a lazy mans way to store their passwords, ie their browser (which is actually very stupid). Which will usually provide a way for others to know their passwords… and eliminates the security they wanted in the first place. Stupid is as stupid does. Ignorance breeds ignorance. I hope you don’t implement the options that I have heard regarding passwords in these postings. But an encrypted password database would be good so that passwords can be stored and easily reached. It would also be a good thing to build into this database a way to send passwords to other users instead of using their phone or other non-secure methods of transferring passwords. People can use Signal or other text methods to pass unsecured passwords in the beginning. But Snail mail is probably the best way to send passwords in the beginning if it is long distance. Also, there should be a way to cause passwords to be changed every few days to force people if they choose it… to change their passwords frequently.
    This is obviously the weakest link in any encryption scheme. I have some ideas for passwords that change every day… with just one initial password exchange in the beginning.

  11. _webkernel_

    it would be nice to be able to send email encrypted and signed with PGP. If I need to pre-agree the password for an encrypted email that is non-sense, because I need another (other) secure way to do it. That is a duplication of means.

  12. Lewis Beeler

    I like the process for sending encrypted email to people who do not have Proton Mail. I am a Christian minister, and I live part time in the USA, and part time in another country. I believe the governments of both countries in which I live attempt to read all international emails. This is not a problem for me today, but I fear that in the near future I will be subject to arrest for distributing Bibles, and other Christian literature. Thank you Proton Mail for your service. People all over the world have the God given right to freedom of thought no matter what their beliefs might be.

  13. Nadia

    Is email sent and received encrypted without using the password? If so, is the password just an added security?

  14. ProtonMail Support

    For the message to be end-to-end encrypted when you send to a non-ProtonMail address you need to add a password.

  15. J.L

    PGP is definitely an obvious and incomprehensible ommision for Protonmail

  16. Suzy

    I would definitely concur: please implement the ability to send OpenPGP, with associated signature. That would slay the competition. So far, this is a great feature. But standard options for encryption and decryption help.

  17. Katelynn

    The process of encrypting messages for non-ProtonMail recipients is too unwieldy to do for the amount of emails that I send and receive daily … as per many of the above comments, I too look forward to a more straight-forward and streamlined way to accomplish end-to-end encryption for emails sent to non-ProtonMail recipients. In the meantime, because it’s unclear to me, can you please explain to what extent emails sent to non-ProtonMmail recipients (and the replies received back from them) are encrypted? Will my outgoing and incoming emails always be encrypted on my end by virtue of the ProtonMail server and my mailbox password? Thanks in advance for your response and support!

  18. ProtonMail Support

    For now this is the only way the messages can be end-to-end encrypted. If you send a regular message to an outside recipient, it is encrypted, and stored encrypted on our side, but we can’t do anything about the recipients side.

  19. Sally

    Has this been fixed? I had a startmail account and I could enter another person’s key and then send to them encrypted without the password hassle.

  20. ProtonMail Support

    PGP support with the option to import contact keys is currently in active development and should be available soon.

  21. Don

    This is great news! Looking forward to it.

  22. Halil

    What happens if one sends an unlocked email (one without a password) to a non-protonmail e-mail address which is also claimed to be secure (e.g., encrypted mailbox)? The message will be encrypted both on sender side and on the recipient side but what about between the servers? Thank you for the service and support.

    PS: In my humble opinion, major anonymous/secure e-mail providers should come-up with a system to send each other encrypted e-mails. I think, locking each email is a tedious and non-sustainable..

  23. ProtonMail Support

    If you send a regular message, with out a password, the message is stored encrypted on our servers but once it leaves our servers it is dependent on the recipients service.

  24. Anonymous

    What happens if an encrypted message sent to an outside user who has the password and decrypts it, then forwards it to another outside user.
    Does it go to them encrypted, or does that break the encryption protection I initiated?

  25. ProtonMail Support

    The message can be only replied to and you cannot change the senders. This means that you cannot forward the message to other recipient.

  26. Darkmatter

    All the person has to do is either highlight and copy/paste the email into a new email or if that is locked out, manually type out the email into a new email.

  27. ProtonMail Support

    This (trust) is a risk with any form of communication and does not apply to the original question. Any message sent this way will not be originating from ProtonMail and is a new message, not a forwarded message.

  28. Denis English

    Well dahhhh…that’s like saying “my password isn’t secure” after you write it up and send it around. Of course you can publicize secrets.

  29. hristo

    Is it possible to try and fetch the PGP key of the recipient of an outside user, if there is one available, and encrypt the message using that? As well as attaching my public key.

  30. ProtonMail Support

    Not yet, but we have plans to do this later.

  31. Robert Laing

    Any progress on this?

  32. DrSnap

    Yes, any progress since 2016?

  33. Anonymous

    It would be nice if emails in the “sent folder” noted whether the email was sent encrypted and kept a record of the password when sent encrypted to a non-protonmail user.

  34. Nemo

    Is it possible to send unencrypted emails to people who do not have Protonmail (e.g., people with AOL, gmail, iCloud, Yahoo). If it’s possible to send unencrypted emails, will such emails also be stored unencrypted on your servers?

  35. ProtonMail Support

    Messages are always stored encrypted in your mailbox. For more information about what is encrypted when sending messages outside of ProtonMail, take a look at the following article: https://protonmail.com/support/knowledge-base/what-is-encrypted/.

  36. Anonymous

    Bravo
    Fantastique

  37. Darkmatter

    If your sending an email to someone who won’t have a decrypt key and your just trying to send an email anonymously does ProtonMail automatically hide the IP address of the emailer so the recipient can’t see your location or no? Also, I decided to be on the safe side to use your free version of your VPN and have it set to route through one of your secure servers. It is currently connected and running, and after I got it up and running I restarted my web browser to make sure it used the VPN. So if the above answer is no, can I assume that by using your VPN the person receiving the email won’t see the correct IP address if they try to look it up?

    Thanks

  38. ProtonMail Support

    Only ProtonMail’s IP address is included in the message headers, user IP addresses are completely safe, even without the use of VPN.

  39. Jan

    This solution is elegant but in a high output-setting a little bit complicated. Would it be possible to include encryption towards extern recipients into the bridge? As an alternative an app would be helpful (or even better) that can be addressed via the send to/share dialogue. Finally saving a strong random password together with the contact and using this automatically for encryption would be awesome.

  40. Dion Moult

    No updates in 2018?

  41. Proton Editor

    We are working on improving encrypted sending for outside users, but we cannot give you an ETA on any changes yet.

  42. pwruzr

    It’s a complex process encryption of non protonmail email services it’s like you have to design IT to do all the work from the proton side without any intervention from the recipient of your sent email SINCE one persons outlook on security vastly differs from the next nothing at all can depend on the recipient since you never can know for sure ahead of time if something was dependant on them that it will be done you have to assume it won’t all you can possibly do to make the recipient is to design IT so they won’t be able to reply to IT, A HUGE ANNOYING siren should suffice….lol this is how I think I can never depend on others to follow thru on a security feature just because I do ..most don’t care so many angles that have to be taken into consideration ..OH I GOT IT MAKE PGP A STANDARD FOR ALL EMAIL AND IF THEY DONT DO OR SKIP A SIMPLE STEP THAT WOULD COMPROMISE THE EMAIL THE SIREN IDEA STILL IS AN OPTION MAKE SIREN OVERRIDE THEIR SPEAKER SETTINGS AND MORE BUT THIS WONT HAPPEN YOU CANT FORCE PEOPLE TO REALIZE WE ARE FACING SERIOUS ISSUES THESE DAYS …LOL OK IM OUT

  43. Denis English

    Thank you for this informative post; I’m starting to understand how it works. I wondered how the sender encrypts the message to be sent; I didn’t know the little symbol says “encrypt this message”! Maybe you could clarify that from the get go. When I push buttons here, there is a delay, maybe because I have the blue light filter on. Whatever the cause, it prevented me from determining the function of the important encryption symbol, so fix that. Thanks.

  44. Jon Postyn

    How can I setup ProtonMail Bridge to work with 2 computers – a desktop (Mac) and a MacBook?
    I would like to use the same email address for both computers.

  45. ProtonMail Support

    To set up the ProtonMail Bridge on multiple computers, you will need to follow the installation and setup instructions for the Bridge found at https://protonmail.com/bridge/install.
    If you need any assistance, please contact our support team at contact@protonmail.ch, via the report bug button or using the support form at https://protonmail.com/support-form.

  46. DrSnap

    Ok, i was testing this out just now. Indeed the encrypted message could be replied to by the outside party, but then, when the protonmail user, replies again THE MESSAGE WILL NOT BE IN THE SAME ENCRYPTED THREAD but will be sent as an unencrypted plain text email. All replies in the thread should be encrypted by that pw BY DEFAULT.

  47. Joe Kocon

    A user can opt “to use regular text to” message someone. See Wikipedia for this simple, clear statement. Proton, I’m considering getting a Proton account so I’m studying the pros and cons. After checking four different sites including this one I went to Wikipedia where I got the short sweet answer. (Try it, you may like it.) Thank you Wikipedia!

  48. Stig Poulsen

    After reading Qs&As and comments in the relevant Support Categories I still can’t figure out the clear answer to the simple question which many others also have posed:more or less indirectly : “Is it with the free version of ProtonMail possible to send to a receiver “outside of ProtonMail” an email which the receiver can open “as usual” to directly read it, without any previuos activity related to “unlocking”/handling passwords/etc ?
    In other words: Is it possible for the receiver to handle emails sent from ProtonMail similarly to emails recieved from “the usual senders” (without peculiar encrypting means) ?

  49. ProtonMail Support

    All ProtonMail users, regardless of which plan they are using, can send messages to non-ProtonMail addresses without using the Encrypt option. Please note that these messages will not be end-to-end encrypted, but they are stored encrypted in the Sent folder. While ProtonMail will not have access to the sent message, the recipient’s mail provider may be able to read the message contents.

  50. Stig Poulsen

    Thank you very much for this answer!
    I think you now have relieved serious concerns from many potential future users, by letting them know that they with ProtonMail can work with different levels of security, and therefore also can communicate “as usual” to receivers not requiring your high security level. The main point here is that your future users now know they only need one email-address with you to handle all emails regardless of seecurity level! Great! Prepare your capacity for an invation of new users!

  51. Damian Meyer

    Why do I have to have a password for every email I want to self destruct? It would be nice if it were a bit more subtle and didn’t draw unwanted attention to the fact the email will disappear. This allows people who would normally just ignore an email until it disappeared to now have the chance to take screen shots or save the email in other ways.

  52. ProtonMail Support

    Message expiration is only available for encrypted messages. If you are sending messages to non-ProtonMail addresses, you need to choose a password in order to send it as an encrypted message. You can read more about message expiration in this article: https://protonmail.com/support/knowledge-base/expiration/

  53. VinziForNow

    It’s a wonder that so many people don’t, even after you explain it to them, that “encryption” is comprised of three parts:
    •Encryption at the sending machine
    •Encryption in transit
    •Decryption at the receiving machine.

    It’s still been useful for me to read through these queries and responses. It did take me some time and practice to feel comfortable with encryption and some of the queries reminded me of my own learning curve.

    I’m not on the ProtonMail staff, just an interested user. I much appreciate protonmail’s attempts to make encryption available to more users.

  54. Timoteo

    The instructions state that a “generic message is delivered….”. I have sent test emails to the intended recipient then to myself at a different e-address to see what was actually being seen on the other end. In all cases only a message asking for the password is sent. There is a “unique link” to open…but only if the recipient already has the password. How does the recipient get the pw if it’s not readable in a secured link that does not itself require the password? How does a sender include a hint if the person receiving the mail doesn’t know the answer, or if it’s a hint other people can decipher easily? Sorry; maybe I’m misreading the instructions every time, or the supposed link is missing only in my case, but I can’t see how this is supposed to work. And the recipient’s key? What do I need to do with that?

  55. ProtonMail Support

    You will need to communicate the password to the recipient through another channel, or you can set a password that can be easily explained to the intended recipient using the Password Hint field, but would be difficult for someone else to guess.
    ProtonMail does not have the option to add public keys for contacts yet, this will become available once full PGP support is implemented.

  56. Anonymous

    hi

    how people receive protonmail encrypted end to end with password can open this message if he not know this password ???

    thanks

  57. ProtonMail Support

    You will need to communicate the password to the recipient through another channel, or you can set a password that can be explained using the Password Hint field. If you use a Hint, please make sure to select a password that cannot be guessed by anyone other than the intended recipient.

Leave A Comment?