What is encrypted?

Encryption is at the heart of what makes ProtonMail special. It provides a solution that is so easy to use, any one can enjoy it. As discussed in What is Encryption, Encryption is critical to keeping your data safe. The message body, and the attachments, are fully encrypted:

Message Sending

Emails sent between ProtonMail users

Emails from ProtonMail users to non-ProtonMail users

  • End-to-end encrypted if the “Encrypt for Outside” option is selected. Learn more here.
  • Otherwise encrypted with TLS if the non-ProtonMail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted, but not end-to-end encrypted, this means Gmail, Yahoo, Hotmail, etc, will be able to read these messages and hand them over. This is not possible if “Encrypt for Outside” is set and ProtonMail end-to-end encryption is enabled.

Emails from non-ProtonMail users to ProtonMail users

  • Encrypted with TLS. Unfortunately end-to-end encryption is not possible for messages sent from insecure email providers. Thus, for maximum security, your contacts should also get ProtonMail accounts.

Replies from non-ProtonMail users to ProtonMail “Encrypt for Outside” emails.

  • End-to-end encrypted.

Message Storage

  • All messages in your ProtonMail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-ProtonMail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
  • Messages sent “Encrypted for Outside” are also stored end-to-end encrypted.
  • Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.

Rate This Article

(73 out of 129 people found this article helpful)
Post Comment

70 comments

  1. David Apple

    Are users contact databases encrypted?

  2. deltaorionis

    hi,

    i would like to know, if the contact-list is stored encrypted also.
    i really like your service, thanks!

  3. Eric Anderson

    Is there a way to interoperate with non-Protonmail PGP users? Whatever its limitations, PGP is still the de facto standard for encrypted e-mail, and it would be very good to be able to at least receive (and maybe also send) PGP mail to the outside world.

  4. ProtonMail Support

    For now we do not support third party PGP services. We are working on making this available in the future.

  5. Peter Smith

    Has support for OpenPGP encryption between PM and other PGP encrypted services been added yet? (considering your reply is almost 2 years old)
    If not, is there a place where we can track progress (or news) on that feature?

  6. ProtonMail Support

    Full PGP support is in active development and we hope to have it available in the near future.

  7. Anonymous

    hi, log info connection are store ?

  8. ProtonMail Support

    The Authentication logs are stored encrypted.

  9. Abin Abraham

    hi,

    would like to know how we can put our profile photo??

  10. ProtonMail Support

    Hi,
    Unfortunately we do not have this feature at this moment.

  11. Anonymous

    On my Android phone, Proton messages, accessed through the app installed on the phone, appear unencrypted when I just hit the app button. To me, that means that if the phone is taken, and the phone password broken through, anyone could read the messages. Is there a setting that can reduce this risk? My mobile app does not have an “Advanced” setting. My phone is a Samsung Galaxy 3. Thanks.

  12. ProtonMail Support

    Hi,
    To make the Android app more secure, we have implemented PIN option: https://protonmail.com/support/knowledge-base/pin-lock-and-auto-lock-on-android/

  13. Anonymous

    Please tell me how can I change from xxx@protonmail.com to xxx@protonmail.ch

  14. ProtonMail Support

    We have made some changes for the new users. When you create a new account, you can choose which domain you want to use, .com or .ch. Once the account is created you can only use the chosen domain. You can use both domains if you upgrade to a premium pan, but your default domain will always be the one you have registered, and if you go back to a free plan, only that domain will be available.

  15. RuRu

    Come on, protonmail. This isn’t suffient information. If the article is called “What is Encrypted?” not “In which cases are emails end-to-end encrypted?”.

    Several people have asked here about Contacts. Is contact information encrypted (zero-knowledge?). Where is the reply to this obvious concern?

    Hundreds of users have requested a Calendar feature. (And they’re right: you can’t replace gmail without it.) So before I migrate totally to Protonmail, I want to know: Can I expect the calendar to be encrypted too (at least as an option)?

  16. ProtonMail Support

    Can you please tell us what other details you are interested in? We will implement Calendar as a feature.

  17. Anon Who Needs an Encrypted Book Mark Manager :(

    Encrypted Zero Knowledge book mark manager ( Like an encrypted version of the pocket app.) Also That can be set up on the cloud and or client side. And the ability for it to distinguish deep web bookmarks from normal surface web bookmarks.
    Then ill sign up for visionary.
    P.s Calendar to also 🙂

  18. Anonymous

    “Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted”
    Why not?

  19. ProtonMail Support

    They would need to be decrypted for you to be able to see them. The messages are decrypted when you open them, the subject and participants need to be displayed for you to see all the time. We are looking into this, if it can be changed in the future.

  20. lwinch2006

    Hi. I wondering one question.
    In the description is said that all messages are stored encrypted even if they are sent to protonmail from non-protonmail accounts, like GMail.
    But it is also said that mailbox encryption key is stored encrypted on protonmail servers so that protonmail can not use it until user enters password.
    So how is emails that are sent to the protonmail user from non-protonmail email encrypted, which key is used for this?

  21. ProtonMail Support

    When the message arrives on our servers it is encrypted with the keys for the recipient address.

  22. dr jitendra

    hi
    1.how many days emails are stored by protonmail servers?
    2. similarly how many days emails are kept in trash and/or spam?

  23. ProtonMail Support

    The messages are available until you decide to delete them. We do not delete any messages. This is not the case only with the messages sent with expiration time. Those messages are deleted once the set time passes.

  24. NewProtonUser

    Just so j get this correct, if I send an email to a non-protonmail address then it can be traced back to me?

  25. ProtonMail Support

    ProtonMail has an easy built in solution to provide end-to-end encryption for messages sent between ProtonMail Email addresses and Non-ProtonMail Email addresses. These messages do not require the recipient to install additional software or sign up for ProtonMail. You can learn more about this here: https://protonmail.com/support/knowledge-base/encrypt-for-outside-users/

  26. Nils

    So still now answer as to whether contact information that is imported to the address book on Protonmail is encrypted or not. How is it stored? How is it secured? Why is this questions being ignored?

  27. ProtonMail Support

    The contacts are stored encrypted on our servers.

  28. Martin

    Are mails between Protonmail users, both using separate custom domains, always end-to-end encrypted?

  29. ProtonMail Support

    Yes, all communication between ProtonMail users, regardless of the domain used, is always end-to-end encrypted.

  30. Anonymous ProtonMail User

    I have sent an “encrypted for outside” email to a gmail used and the reply they have sent me says “External Message Stored Encrypted” on the lock sign. Does this mean they correctly sent an end-to-end encrypted reply via the “Reply Securely” feature for secure messages sent to outsiders? Or does this mean they have skipped the “Reply Securely” and it is in fact an unencrypted email visible to gmail?

  31. ProtonMail Support

    When using the Reply securely button, the message will show up in your account as “End to end encrypted for outside reply”. “External Message Stored Encrypted” is used for any message received from outside of ProtonMail that is not end-to-end encrypted.

  32. dickie

    please provide APK in Fdroid as i have deleted all google services and apps from my rooted phone and cannot get the android app on my phone. or at least email new users a secure link to directly download the apk from you. many thanks,
    new user

  33. ProtonMail Support

    The source code for the app still needs polishing before it can be released as open source, however, we do plan on adding our app to F-droid in the future.

  34. Tom

    How are ip adresses stored at your server by using your webmail service? How do you hide the ip adress of sent emails in the protonmail mail headers?

  35. ProtonMail Support

    IP addresses are only stored in your Authentication logs if you choose to enable them. https://protonmail.com/support/knowledge-base/authentication-logs/
    The only IP addresses contained in the headers of sent messages are the IP addresses of ProtonMail’s servers, user IP addresses are never included.

  36. Eileen

    Hi I’m sick of being hacked and no privacy. And I don’t trust Facebook or gmail people accounts. They seem to have been in involved somehow.
    Question can I permanently CHANGE MY GMAIL ACCOUNT OVER TO PROTONMAIL.????

  37. ProtonMail Support

    Please take a look at this article to ease your transition from Gmail to ProtonMail: https://protonmail.com/support/knowledge-base/transitioning-from-gmail-to-protonmail/.

  38. John

    My proton mails that I receive are all encrypted. How do I unencrypt them?

  39. ProtonMail Support

    If you have reset your password, all existing messages will become encrypted because the encryption keys used are disabled. If you remember the old password, you can restore them by providing the old password in the Settings > Keys tab on the web app.
    https://protonmail.com/support/knowledge-base/restoring-encrypted-mailbox/.

  40. richard

    The connection to proton mail servers is envrypted with TLS. If i understand, you use two level of protection
    1) GPG
    2) TLS
    So, just by curiosity, is it still secure to use proton mail if TLS is broken ? (I know that this is quite a paranoid question, but on my computer, my anti virus program installed a root certificate to perform a man in the middle attack on every connection for good reasons… So, virtually TLS is broken on my computer. As I don’t check the fingerprint of the TLS certificate like everybody, virtually, it may be broken too on the public computers that I use.)

  41. ProtonMail Support

    In terms of communication between server and client, without TLS it will leak metadata but the actual message content will remain protected by the PGP encryption. If your AV software doesn’t warn on actual certificate failures, you should consider using a different program.

  42. Andrea Thompson

    I USED PROTON MAIL AS MY ALTERNATIVE MAIL TO MY HOTMAIL. DUE TO THE ENCRYPTION I CAN’T GET THE KEY THEY ARE SENDING ME TO CHANGE MY MAIL PASSWORD. HOW DO GO THROUGH THIS IT’S ALL ENCRYPTED.

  43. ProtonMail Support

    Please contact our support team using the support form at https://protonmail.com/support-form.

  44. Sabrina Royce

    Hello,
    I tried to set up 2 factor authentification yesterday. I thought it did not take.
    Now I am not able to get into my mail as I don’t have a password for the two factor verification.
    Is there another way in.

  45. ProtonMail Support

    Please contact our support team using the support form at https://protonmail.com/support-form.

  46. Jacques Bolhayon

    For the basic account (free), does this provide secured, encrypted email service?

  47. ProtonMail Support

    Yes.

  48. Anonymous

    I access Protonmail both through the website on my laptop and through the Android app. I often receive messages which are encrypted when viewed through the app, but are unencrypted when viewed on the website. How can I decrypt these messages on the app, so that they can be viewed from the app?

  49. ProtonMail Support

    This might be an issue with the app. Please contact our support team: https://protonmail.com/support-form.

  50. Anonymous

    The Attaching documents are encrypt when I use PGP with non Proton user ?

  51. ProtonMail Support

    Yes, attachments are encrypted if the recipient also uses PGP.

  52. Michael

    Guys
    I asked this in a separate support request, but I think it is worth stating here: in some organizations there is something called SSL/TLS “termination” or “SSL decryption”, where the local firewall decrypts SSL traffic by installing a specific root CA on all endpoints.
    In this case, where SSL is decrypted by the local firewall (and re-encrypted at egress), it is my understanding that my traffic to the site is still safe due to the additional layer of encryption used.
    Can you please confirm this?
    Thanks!
    Michael

  53. ProtonMail Support

    Please see: https://protonmail.com/blog/protonmail-threat-model/.
    We recommend both parties to use ProtonMail for automatic end-to-end encryption of messages. If the recipient doesn’t use ProtonMail, but uses PGP, you can check this link: https://protonmail.com/blog/protonmail-threat-model/.

  54. Anonymous

    Has third party PGP encryption been added by now?

  55. ProtonMail Support
  56. Baltasar

    how i can read my messages ?
    when a reply i don’t see “sending” or something…
    i don’t want to use no more GMAIL but i want to understand very well this kind of protonmail

  57. ProtonMail Support

    Simply open a message in your Inbox or any other folder in order to read it.

  58. Anonymous

    Can someone figure out or trace back my identity from an email I send via proton mail

  59. ProtonMail Support

    No, no personally identifiable information is transmitted, other than what you include in the message.

  60. fernando

    tengo una duda. por que todos los documentos o archivos que me envian a mi email de proton, estan cifrados y una vez descargados, no los puedo abrir? como puedo quitar esta opcion del email?

  61. ProtonMail Support

    Please contact our support team: https://protonmail.com/support-form.

  62. Dino

    After resetting my password and my emails are gone. Lets assumed i can recall the previous password, how can i now decrypt my emails so i can read them?

  63. ProtonMail Support

    You will need to reactivate the previous encryption keys in Settings > Keys.
    https://protonmail.com/support/knowledge-base/restoring-encrypted-mailbox/

  64. Brenda Z

    I am trying to open an attachment that says
    “zero access encryption and it seems I can not open it. What do I do?

  65. ProtonMail Support

    Please contact our support team: https://protonmail.com/support-form.

  66. David Graham

    Happy to be on board

  67. Zulema Lara

    Thank you proton mail team, i am very new to this and just reading the infrmation you have provided i think i am now understanding all of what and how it works. Thank you.

  68. ratnakarvk

    Dear
    Sir
    I have sent an normal email a complaint sort of thing its a information of simple wrong doing by persons to my company head can my ip address be traced by the company or by the persons on whom i had complained. i had checked with email tracker pro its showing that the email is originating from jio wifi in india can this info be protected so that i am not at risk

    Regards

  69. ProtonMail Support

    Hi,

    Sent emails don’t contain the sender’s IP address, only the IP addresses of our servers. There’s also no geographical data included anywhere in the message.

  70. GoldenEgg

    New to Proton just surfing

Leave A Comment?