Encryption is at the heart of what makes ProtonMail special. It provides a solution that is so easy to use, any one can enjoy it. As discussed in What is Encryption, Encryption is critical to keeping your data safe. The message body, and the attachments, are fully encrypted:
Emails sent between ProtonMail users
- Always end-to-end encrypted.
Emails from ProtonMail users to non-ProtonMail users
- End-to-end encrypted if the “Encrypt for Outside” option is selected. Learn more here.
- Otherwise encrypted with TLS if the non-ProtonMail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted, but not end-to-end encrypted, this means Gmail, Yahoo, Hotmail, etc, will be able to read these messages and hand them over. This is not possible if “Encrypt for Outside” is set and ProtonMail end-to-end encryption is enabled.
Emails from non-ProtonMail users to ProtonMail users
- Unless PGP is used, the email message is encrypted in transit using TLS and stored on our servers using zero-knowledge encryption. It is not end-to-end encrypted, however, and might be accessible to the senders email service.
- It is possible to receive end-to-end encrypted emails from ProtonMail users using PGP. You should export your ProtonMail public PGP key and share it with contacts for them to communicate in this way with you.
Replies from non-ProtonMail users to ProtonMail “Encrypt for Outside” emails.
- End-to-end encrypted.
- All messages in your ProtonMail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-ProtonMail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
- Messages sent “Encrypted for Outside” are also stored end-to-end encrypted.
- Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.