What is encrypted?

Encryption is at the heart of what makes ProtonMail special. It provides a solution that is so easy to use, any one can enjoy it. As discussed in What is Encryption, Encryption is critical to keeping your data safe. The message body, and the attachments, are fully encrypted:

Message Sending

Emails sent between ProtonMail users

Emails from ProtonMail users to non-ProtonMail users

  • End-to-end encrypted if the “Encrypt for Outside” option is selected. Learn more here.
  • Otherwise encrypted with TLS if the non-ProtonMail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted, but not end-to-end encrypted, this means Gmail, Yahoo, Hotmail, etc, will be able to read these messages and hand them over. This is not possible if “Encrypt for Outside” is set and ProtonMail end-to-end encryption is enabled.

Emails from non-ProtonMail users to ProtonMail users

  • Encrypted with TLS. Unfortunately end-to-end encryption is not possible for messages sent from insecure email providers. Thus, for maximum security, your contacts should also get ProtonMail accounts.

Replies from non-ProtonMail users to ProtonMail “Encrypt for Outside” emails.

  • End-to-end encrypted.

Message Storage

  • All messages in your ProtonMail inbox is stored end-to-end encrypted. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-ProtonMail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
  • Messages sent “Encrypted for Outside” are also stored end-to-end encrypted.
  • Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.

 

Rate This Article

(72 out of 125 people found this article helpful)
Post Comment

41 comments

  1. David Apple

    Are users contact databases encrypted?

  2. deltaorionis

    hi,

    i would like to know, if the contact-list is stored encrypted also.
    i really like your service, thanks!

  3. Eric Anderson

    Is there a way to interoperate with non-Protonmail PGP users? Whatever its limitations, PGP is still the de facto standard for encrypted e-mail, and it would be very good to be able to at least receive (and maybe also send) PGP mail to the outside world.

  4. ProtonMail Support

    For now we do not support third party PGP services. We are working on making this available in the future.

  5. Peter Smith

    Has support for OpenPGP encryption between PM and other PGP encrypted services been added yet? (considering your reply is almost 2 years old)
    If not, is there a place where we can track progress (or news) on that feature?

  6. ProtonMail Support

    Full PGP support is in active development and we hope to have it available in the near future.

  7. Anonymous

    hi, log info connection are store ?

  8. ProtonMail Support

    The Authentication logs are stored encrypted.

  9. Abin Abraham

    hi,

    would like to know how we can put our profile photo??

  10. ProtonMail Support

    Hi,
    Unfortunately we do not have this feature at this moment.

  11. Anonymous

    On my Android phone, Proton messages, accessed through the app installed on the phone, appear unencrypted when I just hit the app button. To me, that means that if the phone is taken, and the phone password broken through, anyone could read the messages. Is there a setting that can reduce this risk? My mobile app does not have an “Advanced” setting. My phone is a Samsung Galaxy 3. Thanks.

  12. ProtonMail Support

    Hi,
    To make the Android app more secure, we have implemented PIN option: https://protonmail.com/support/knowledge-base/pin-lock-and-auto-lock-on-android/

  13. Anonymous

    Please tell me how can I change from xxx@protonmail.com to xxx@protonmail.ch

  14. ProtonMail Support

    We have made some changes for the new users. When you create a new account, you can choose which domain you want to use, .com or .ch. Once the account is created you can only use the chosen domain. You can use both domains if you upgrade to a premium pan, but your default domain will always be the one you have registered, and if you go back to a free plan, only that domain will be available.

  15. RuRu

    Come on, protonmail. This isn’t suffient information. If the article is called “What is Encrypted?” not “In which cases are emails end-to-end encrypted?”.

    Several people have asked here about Contacts. Is contact information encrypted (zero-knowledge?). Where is the reply to this obvious concern?

    Hundreds of users have requested a Calendar feature. (And they’re right: you can’t replace gmail without it.) So before I migrate totally to Protonmail, I want to know: Can I expect the calendar to be encrypted too (at least as an option)?

  16. ProtonMail Support

    Can you please tell us what other details you are interested in? We will implement Calendar as a feature.

  17. Anon Who Needs an Encrypted Book Mark Manager :(

    Encrypted Zero Knowledge book mark manager ( Like an encrypted version of the pocket app.) Also That can be set up on the cloud and or client side. And the ability for it to distinguish deep web bookmarks from normal surface web bookmarks.
    Then ill sign up for visionary.
    P.s Calendar to also 🙂

  18. Anonymous

    “Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted”
    Why not?

  19. ProtonMail Support

    They would need to be decrypted for you to be able to see them. The messages are decrypted when you open them, the subject and participants need to be displayed for you to see all the time. We are looking into this, if it can be changed in the future.

  20. lwinch2006

    Hi. I wondering one question.
    In the description is said that all messages are stored encrypted even if they are sent to protonmail from non-protonmail accounts, like GMail.
    But it is also said that mailbox encryption key is stored encrypted on protonmail servers so that protonmail can not use it until user enters password.
    So how is emails that are sent to the protonmail user from non-protonmail email encrypted, which key is used for this?

  21. ProtonMail Support

    When the message arrives on our servers it is encrypted with the keys for the recipient address.

  22. dr jitendra

    hi
    1.how many days emails are stored by protonmail servers?
    2. similarly how many days emails are kept in trash and/or spam?

  23. ProtonMail Support

    The messages are available until you decide to delete them. We do not delete any messages. This is not the case only with the messages sent with expiration time. Those messages are deleted once the set time passes.

  24. NewProtonUser

    Just so j get this correct, if I send an email to a non-protonmail address then it can be traced back to me?

  25. ProtonMail Support

    ProtonMail has an easy built in solution to provide end-to-end encryption for messages sent between ProtonMail Email addresses and Non-ProtonMail Email addresses. These messages do not require the recipient to install additional software or sign up for ProtonMail. You can learn more about this here: https://protonmail.com/support/knowledge-base/encrypt-for-outside-users/

  26. Nils

    So still now answer as to whether contact information that is imported to the address book on Protonmail is encrypted or not. How is it stored? How is it secured? Why is this questions being ignored?

  27. ProtonMail Support

    The contacts are stored encrypted on our servers.

  28. Martin

    Are mails between Protonmail users, both using separate custom domains, always end-to-end encrypted?

  29. ProtonMail Support

    Yes, all communication between ProtonMail users, regardless of the domain used, is always end-to-end encrypted.

  30. Anonymous ProtonMail User

    I have sent an “encrypted for outside” email to a gmail used and the reply they have sent me says “External Message Stored Encrypted” on the lock sign. Does this mean they correctly sent an end-to-end encrypted reply via the “Reply Securely” feature for secure messages sent to outsiders? Or does this mean they have skipped the “Reply Securely” and it is in fact an unencrypted email visible to gmail?

  31. ProtonMail Support

    When using the Reply securely button, the message will show up in your account as “End to end encrypted for outside reply”. “External Message Stored Encrypted” is used for any message received from outside of ProtonMail that is not end-to-end encrypted.

  32. dickie

    please provide APK in Fdroid as i have deleted all google services and apps from my rooted phone and cannot get the android app on my phone. or at least email new users a secure link to directly download the apk from you. many thanks,
    new user

  33. ProtonMail Support

    The source code for the app still needs polishing before it can be released as open source, however, we do plan on adding our app to F-droid in the future.

  34. Tom

    How are ip adresses stored at your server by using your webmail service? How do you hide the ip adress of sent emails in the protonmail mail headers?

  35. ProtonMail Support

    IP addresses are only stored in your Authentication logs if you choose to enable them. https://protonmail.com/support/knowledge-base/authentication-logs/
    The only IP addresses contained in the headers of sent messages are the IP addresses of ProtonMail’s servers, user IP addresses are never included.

  36. Eileen

    Hi I’m sick of being hacked and no privacy. And I don’t trust Facebook or gmail people accounts. They seem to have been in involved somehow.
    Question can I permanently CHANGE MY GMAIL ACCOUNT OVER TO PROTONMAIL.????

  37. ProtonMail Support

    Please take a look at this article to ease your transition from Gmail to ProtonMail: https://protonmail.com/support/knowledge-base/transitioning-from-gmail-to-protonmail/.

  38. John

    My proton mails that I receive are all encrypted. How do I unencrypt them?

  39. ProtonMail Support

    If you have reset your password, all existing messages will become encrypted because the encryption keys used are disabled. If you remember the old password, you can restore them by providing the old password in the Settings > Keys tab on the web app.
    https://protonmail.com/support/knowledge-base/restoring-encrypted-mailbox/.

  40. richard

    The connection to proton mail servers is envrypted with TLS. If i understand, you use two level of protection
    1) GPG
    2) TLS
    So, just by curiosity, is it still secure to use proton mail if TLS is broken ? (I know that this is quite a paranoid question, but on my computer, my anti virus program installed a root certificate to perform a man in the middle attack on every connection for good reasons… So, virtually TLS is broken on my computer. As I don’t check the fingerprint of the TLS certificate like everybody, virtually, it may be broken too on the public computers that I use.)

  41. ProtonMail Support

    In terms of communication between server and client, without TLS it will leak metadata but the actual message content will remain protected by the PGP encryption. If your AV software doesn’t warn on actual certificate failures, you should consider using a different program.

Leave A Comment?