Encrypt Message for Non-ProtonMail Recipients

ProtonMail has an easy built in solution to provide end-to-end encryption for messages sent between ProtonMail Email addresses and Non-ProtonMail Email addresses. These messages do not require the recipient to install additional software or sign up for ProtonMail.

Please note, messages sent encrypted to non-ProtonMail recipients will expire after 28 days by default. You can learn more about expiring messages here.

Here’s how it works:

1. The ProtonMail user composes a message in ProtonMail:

2.  Select the Encryption button in the bottom left of the compose box and  enter a password and password hint (if desired), and select set.

Composer and Encryption button in composer in ProtonMail

 

3. Upon sending the message, a generic message is delivered into the recipients mailbox, providing them with a unique link to open the encrypted message the ProtonMail user has sent. In addition, this message contains the subject of the message, and the unique password hint if the ProtonMail user has designated one.

Encrypted email from ProtonMail to non ProtonMail account

4. Upon clicking on the link, the recipient is asked to enter the password the ProtonMail user has set in step 1.

Decrypt message using encryption password

5. Upon entering the password, the message will be de-crypted allowing your recipient to view the message and reply securely.

6. Due to the expiration time set to 28 Days by default, after the time elapses the recipient will be shown this message

Error message for wrong or expired password

*Please note- The recipient is not asked to download any software or sign up for ProtonMail at any point in this process. It is up to the ProtonMail user to find the most secure manner to communicate the password they have chosen to protect the encrypted message, to the recipient.

If you are testing this feature with your own email you may be interested in: Outside Encrypted messages not working properly?

If you are sending encrypted email to the same email domain frequently, you may they learn about ProtonMail’s Custom Domain (https://protonmail.com/support/knowledge-base/custom-domains/) offering that allows seamless encryption on any custom domain.

Rate This Article

(113 out of 175 people found this article helpful)
Post Comment

22 comments

  1. LH

    It would be great if external users could reply to these encrypted messages with their own encrypted message without creating a ProtonMail account.

  2. Alex Lo

    Totally agree.

    Another recommended feature is that the receiving party can choose to store the agreed password in the browser so that he/she doesnt have to enter the passport again if I sent him/her another secure email next time.

  3. CDC

    Can you explain the difference between ProtonMail’s end to end encryption service and the use of Email Certificates? The feature of sending an encrypted outside email is very much symmetric encryption. There appears to be an absence of Email certificates for end users which is a feature of Public Key Infrastructure.

  4. tbtel

    Just to clarify, since it does not say on this page anywhere, outside users CAN send encrypted responses through protonmail. See https://protonmail.com/support/knowledge-base/can-outside-users-respond-to-encrypted-messages/

  5. Foxxy

    Sometimes people do not pay attention 🙂 It is clearly stated that you can “reply securely”.

    “6. Upon entering the password, the message will be decrypted allowing your recipient to view the message and reply securely.”

    “*Please note- The recipient is not asked to download any software or sign up for ProtonMail at any point in this process. It is up to the ProtonMail user to find the most secure manner to communicate the password they have chosen to protect the encrypted message, to the recipient.”

  6. Benjamin Lim

    *Please note- The recipient is not asked to download any software or sign up for ProtonMail at any point in this process. It is up to the ProtonMail user to find the most secure manner to communicate the password they have chosen to protect the encrypted message, to the recipient.

    Well, if I need to have a secure communication channel to communicate the password to the recipient. Then why don’t I just use that channel in the first place and skip protonmail altogether?

  7. whitfield

    would like to have the ability to associate a pre-agreed upon password with each non-ProtonMail recipient and store that information with the Contact so that when mail is composed the password information does not have to be manually entered each time.

  8. leslieallen

    It would be good to have a proton mail password key database for those users who cannot seem to remember their passwords… and choose to use a lazy mans way to store their passwords, ie their browser (which is actually very stupid). Which will usually provide a way for others to know their passwords… and eliminates the security they wanted in the first place. Stupid is as stupid does. Ignorance breeds ignorance. I hope you don’t implement the options that I have heard regarding passwords in these postings. But an encrypted password database would be good so that passwords can be stored and easily reached. It would also be a good thing to build into this database a way to send passwords to other users instead of using their phone or other non-secure methods of transferring passwords. People can use Signal or other text methods to pass unsecured passwords in the beginning. But Snail mail is probably the best way to send passwords in the beginning if it is long distance. Also, there should be a way to cause passwords to be changed every few days to force people if they choose it… to change their passwords frequently.
    This is obviously the weakest link in any encryption scheme. I have some ideas for passwords that change every day… with just one initial password exchange in the beginning.

  9. _webkernel_

    it would be nice to be able to send email encrypted and signed with PGP. If I need to pre-agree the password for an encrypted email that is non-sense, because I need another (other) secure way to do it. That is a duplication of means.

  10. Lewis Beeler

    I like the process for sending encrypted email to people who do not have Proton Mail. I am a Christian minister, and I live part time in the USA, and part time in another country. I believe the governments of both countries in which I live attempt to read all international emails. This is not a problem for me today, but I fear that in the near future I will be subject to arrest for distributing Bibles, and other Christian literature. Thank you Proton Mail for your service. People all over the world have the God given right to freedom of thought no matter what their beliefs might be.

  11. Nadia

    Is email sent and received encrypted without using the password? If so, is the password just an added security?

  12. ProtonMail Support

    For the message to be end-to-end encrypted when you send to a non-ProtonMail address you need to add a password.

  13. J.L

    PGP is definitely an obvious and incomprehensible ommision for Protonmail

  14. Suzy

    I would definitely concur: please implement the ability to send OpenPGP, with associated signature. That would slay the competition. So far, this is a great feature. But standard options for encryption and decryption help.

  15. Katelynn

    The process of encrypting messages for non-ProtonMail recipients is too unwieldy to do for the amount of emails that I send and receive daily … as per many of the above comments, I too look forward to a more straight-forward and streamlined way to accomplish end-to-end encryption for emails sent to non-ProtonMail recipients. In the meantime, because it’s unclear to me, can you please explain to what extent emails sent to non-ProtonMmail recipients (and the replies received back from them) are encrypted? Will my outgoing and incoming emails always be encrypted on my end by virtue of the ProtonMail server and my mailbox password? Thanks in advance for your response and support!

  16. ProtonMail Support

    For now this is the only way the messages can be end-to-end encrypted. If you send a regular message to an outside recipient, it is encrypted, and stored encrypted on our side, but we can’t do anything about the recipients side.

  17. Halil

    What happens if one sends an unlocked email (one without a password) to a non-protonmail e-mail address which is also claimed to be secure (e.g., encrypted mailbox)? The message will be encrypted both on sender side and on the recipient side but what about between the servers? Thank you for the service and support.

    PS: In my humble opinion, major anonymous/secure e-mail providers should come-up with a system to send each other encrypted e-mails. I think, locking each email is a tedious and non-sustainable..

  18. ProtonMail Support

    If you send a regular message, with out a password, the message is stored encrypted on our servers but once it leaves our servers it is dependent on the recipients service.

  19. Anonymous

    What happens if an encrypted message sent to an outside user who has the password and decrypts it, then forwards it to another outside user.
    Does it go to them encrypted, or does that break the encryption protection I initiated?

  20. ProtonMail Support

    The message can be only replied to and you cannot change the senders. This means that you cannot forward the message to other recipient.

  21. hristo

    Is it possible to try and fetch the PGP key of the recipient of an outside user, if there is one available, and encrypt the message using that? As well as attaching my public key.

  22. ProtonMail Support

    Not yet, but we have plans to do this later.

Leave A Comment?