In order to maintain the integrity of the service, ProtonMail must take measures to avoid creation of accounts by spammers. This is because if spammers use ProtonMail to send messages, ProtonMail’s IP addresses can become blocked by major mail providers such as Gmail, Yahoo, Outlook, etc.
In order to prevent the creation of accounts by spam bots or human spammers, ProtonMail uses a variety of human verification methods. You may be asked to verify using either reCaptcha, Email, or SMS. We have an intelligent algorithm that determines the required verification method based on a number of factors.
Generally speaking, attempting to create multiple accounts will trigger more difficult verification methods such as Email or SMS, although there are also other factors that we consider. Certain Tor exit IPs also encounter this problem if they are frequently abused by spammers or attackers attempting to brute force user accounts. If you are only given the option of Email or SMS verification, and would like to avoid using Email or SMS verification, it is possible to do so by upgrading to a premium account using PayPal or Bitcoin. To do so, please email us at email@example.com
We don’t save reCaptcha results. If you are presented with Email or SMS verification, we only save a cryptographic hash of your email or phone number which is not permanently associated with the account that you create. Because hash functions are one way functions, it is impossible to derive your phone number or email from that hash. However, using the same phone number will result in obtaining the same cryptographic hash, so by comparing hashes, we can detect re-use of phone number or email addresses for human verification.