Avoid The Hack: 5 Best Private and Secure Email Providers (Alternatives to Gmail)

/ data privacy, email

Free email has been around for... decades. However, the trust cost of these free email services comes in the form of your data - you give up your privacy in exchange for the service.

Many of these platforms use your email account to profile you for advertisers and data brokers. Some of these email service providers may scan email messages or inboxes and/or collect and use metadata. Some show ads in your inbox and/or track and profile your activities. Many free email providers don't offer robust encryption or protect from tracking mechanisms often found in inbound email messages.

If you are using email providers (and their provided apps, if applicable) - such as Gmail, Outlook.com, and Yahoo Mail - you would be much better served switching email providers to one listed here. Email providers listed here respect your privacy, promote and incorporate encryption for your inbox and messages, and don't profile users with their own data.

At a glance...

All providers listed here are ad-free, refrain from scanning inboxes/emails, and use end-to-end encryption.

Service Logo Name Primary service location Free tier Mail Client support OpenPGP support Data security Open source Go to service
tutanota logo Tutanota Germany (limited) Only Tutanota client Zero-access encryption Visit service
new protonmail logo Proton Mail Switzerland (limited) ProtonMail client; 3rd-party desktop clients Zero-access encryption avoidthehack Affiliate ( more info )
startmail logo StartMail The Netherlands Trial Third-party clients only Zero-access encryption (User Vault system) Visit service
skiff logo Skiff USA Skiff mobile clients Zero-access encryption Visit service
mailbox.org logo Mailbox.org Germany Trial Third-party clients only Zero-access encryption (except contacts and calendar) Visit service




  • Generous free tier
  • Open source
  • Anonymous registration possible
  • Zero server knowledge encryption for data

Tutanota is a privacy-friendly encrypted email provider operating out of Germany.

Registration for a Tutanota account requires no personal information such as mobile phone numbers or real names.

Emails between Tutanota users are automatically encrypted end-to-end using a hybrid combination of AES-128 and RSA-2048. Emails to external recipients (non-Tutanota addresses) are encrypted with AES-128 - a preshared password is used for sending an encrypted message to an external recipient.

All data stored in Tutanota is encrypted according to a zero-access standard; both encryption and decryption occurs locally on users' devices and Tutanota has no access to stored data. According to Tutanota's FAQ page, they can only read metadata such as sender email address, recipient email address, and date of the email.

Tutanota has a generous free tier that includes 1GB of storage, limited search capability, and an encrypted calendar. Paid tiers allow for alias addresses, inbox rules, ability to add additional users, multiple calendars, and priority support from the Tutanota team.

Tutanota is open source for anyone with the know-how and desire to audit the source code for potential security and privacy vulnerabilities.

Visit service | Source

Proton Mail



  • Open-source
  • Anonymous registration and payment possible
  • Integrated PGP support
  • Generous free tier + access to Proton VPN, Proton Drive, and Proton Calendar
  • Self-destructing messages

Proton Mail is a privacy-friendly, secure, and encrypted email provider based in Switzerland.

Registration of for a Proton Mail account does not require personal information and can be done anonymously.

Data (contacts, email messages, etc) stored with Proton Mail uses end-to-end and zero-access encryption - making it just about impossible for the provider, Proton Mail, to scan inboxes or messages. Zero-access encryption also makes it impossible for Proton Mail to hand over emails to another party. Encryption happens locally, on users' devices, prior to reaching Proton Mail's servers.

The Proton Mail web app blocks tracking mechanisms commonly found in emails, such as tracking pixels, to help prevent unintended exposure of personal information. Proton Mail's apps are open source, leveraging the global community to search for vulnerabilities and have been independent audited by third parties. Proton Mail's bridge allows for use of third-party mail clients while still retaining the encryption protection offered by Proton Mail.

Emails between Proton Mail users are automatically encrypted end-to-end and have integrated supported for OpenPGP, using the public key of the recipient to encrypt the email message. Emails sent to external parties (non-Proton Mail addresses) can be encrypted with a password. Additionally Emails sent to other Proton Mail users and password-protected emails sent to external users can be set to "self-destruct," automatically deleting from the recipient's inbox.

Proton Mail offers a generous free tier that includes up to 1GB of storage, limited search capability, 3 folders/labels and 150 messages per day. Paid tiers allow 15 GB of storage (up to 500GB), multiple email addresses, unlimited folders/labels/filters and messages, access to an encrypted Proton Calendar, and access to SimpleLogin Premium for free for certain plans.

Proton Mail has an .onion address for its service, offering Tor support. Proton Mail supports easy migration from other popular email services like Gmail and Yahoo Mail, using Easy Switch.

avoidthehack Affiliate ( more info ) | Source




  • OpenPGP support
  • 10GB email storage
  • Unlimited aliases with StartMail domain

StartMail is a privacy-friendly and secure email service provider operating in The Netherlands. It is developed by the creators of Startpage, though unlike Startpage, StartMail has received no investment from System1.

StartMail has a "user vault system" that offers zero access encryption for data at rest; email, metadata, and user private keys are stored in the User Vault. However, contacts are not stored with zero-access encryption. Emails technically aren't delivered to users until their User Vault is opened.

StartMail has encryption and signing (via OpenPGP) available to both StartMail and non-StartMail users. Password-based encryption is available for sending emails to users not using OpenPGP. OpenPGP operations (such as encryption of a message) are handled server-side.

StartMail encourages the use of webmail (accessing email through the browser), but does have support for third-party email clients, such as Thunderbird; there is no official StartMail app. The webmail version of StartMail protects against ads and common email tracking mechanisms like tracking pixels.

StartMail offers integrated OpenPGP support, unlimited StartMail aliases, up to 10GB of storage, custom spam filter, search tools, migration of emails and contacts from other providers, and customer support.

StartMail doesn't have a free tier but does offer a 7-day free trial of all features available. StartMail's source code uses a mix of open-source and closed-source components.

Visit service

Skiff Mail



  • Anonymous registration possible
  • Generous free tier + access to Skiff Pages, Drive, and Calendar
  • Integrated "Web3" features

Skiff Mail is a privacy-friendly, Web3-integrated, and secure email service operating in the US.

Skiff Mail allows anonymous account creation as registration does not require personal information.

Data stored on Skiff Mail is end-to-end encrypted with zero-knowledge access. Email messages exchanged between Skiff users is private to the sender and receiver - no third parties (even the Skiff servers) have access to message content, not even for processing purposes. Emails sent to external recipients (addresses not @skiff) are first encrypted with a symmetric key, then with the public key of Skiff Mail's decryption service. The decryption service's public key is discarded/deleted.

Skiff Mail allows for easy migration from other common email providers, such as Gmail or Yahoo Mail. The mail import function is run by a dedicated Skiff-run service that processes and encrypts the imported mail with a Skiff Mail user's public key. Mail imported by this service is encrypted on the server.

Interestingly, Skiff Mail has some built-in Web3 features. Users can log into Skiff Mail via Metamask or Brave browser wallets.

The bulk of Skiff Mail's features are free. All Skiff Mail accounts have access to aliases, email search tools, and up to 10GB mail storage. Paid plans increase Mail (and Pages) storage up to 100GB and include priority support from the Skiff team.

There are iOS and Android versions of Skiff Mail apps available for download in their respective app stores.

Skiff Mail is open-source; anyone with the know-how and desire can audit the source code and look for security or privacy vulnerabilities. Skiff'a public source code leverages the global security community for vulnerability detection.

Visit service | Source




  • Powered by 100% clean energy
  • Option to automatically use PGP key for all emails
  • Anonymous registration and payment possible

Mailbox.org is a privacy-friendly and secure email service operating in Germany. Mailbox.org is powered by 100% environmentally-friendly energy.

Anonymous registration is possible through Mailbox.org as the service does not require personal information to establish an account.

Mailbox.org encrypts incoming mail, rendering it "unreadable" to their servers - the provider, Mailbox.org, is unable to read or scan users' inboxes. However, Mailbox.org does not use zero-access or zero-knowledge encryption for users' contacts or calendar. Mailbox.org does offer TLS check, which ensures a email will be transmitted over TLS-encrypted connections prior to sending the email.

Support for OpenPGP exists within Mailbox.org; even if external recipients of OpenPGP-encrypted emails do not use PGP themselves, Mailbox.org automatically provides temporary, secured "guest" inboxes. Mailbox.org users can also choose to have incoming and outgoing emails encrypted automatically using a PGP key.

The service has support for cryptographic algorithms supporting Perfect Forward Secrecy (PFS) to prevent catch-and-exploit attacks - in other words, potential decryption of traffic captured today. Mailbox.org has undergone external, third-party security audits.

Mailbox.org doesn't have dedicated apps for specific platforms - instead, it uses webmail. Mailbox.org does have support for third-party mail clients, such as Thunderbird and Canary.

Mailbox.org doesn't have a free tier but does offer a 30-day free trial for most of its subscription tiers. Paid plans offer 2 to 25 GB of mail storage, @mailbox.org aliases, spam and virus protection, and cloud storage.

Visit service

Criteria for secure email providers

At a minimum, to be listed as a recommendation on avoidthehack, secure email providers must:

Zero-access encryption

Encrypted and secure mail services must provide zero-access encryption for inbox and messages.

Ideally, secure email services will also provide zero-access encryption for data such as contacts and calendars (if applicable).

Minimal data collection at sign-up

Secure email providers must engage in minimal data collection at sign-up. Preferably, services should allow anonymous registration.

Support multi-factor authentication (MFA)

MFA protects accounts in the event the account password is somehow compromised; it is commonly referred to as a "second layer of protection."

Ideally, services listed here would support strong forms of MFA such as time-based codes (TOTP) and/or hardware keys.

Reduce information in email headers

Email providers should reduce potentially identifying information from leaking in email headers. Email headers can reveal IP addresses, device details, and email client details when a message is sent; this information may be shared unintentionally by the user. Reducing excess information included in email headers helps protect user privacy.

Reduce the effectiveness of email tracking

Email providers should put effort in reducing the effectiveness of common email tracking methods by default. Common email tracking methods include:

  • Pixel tracking
  • "Read receipts" (when an email is opened)
  • Link tracking

Private payment methods

Traditional payment methods can de-anonymize users seeking true anonymity. Email service providers listed here should take at least one form of private (either anonymous or pseudonymous) form of payment:

  • Bitcoin
  • Monero
  • Cash
  • Gift cards

Custom domains

Email providers listed here support custom domains; a user can bring their own domain for use with the email service, such as .

Email aliasing

Email providers listed here support email aliasing.

Email aliasing is a forwarding email address; it obscures the "real" email address, helping to preserve user privacy and in some cases, reduce the effectiveness of leaked emails in breaches.


These aren’t bare minimum requirements, but are certainly preferable when listing a secure email service on avoidthehack:

PGP Support

Email service providers would provide some level of pretty good privacy (PGP) support.


Preference is for mail clients (if applicable) and implementation to be open-source to promote transparency. Open-source implementations leverage the global security community for finding and patching vulnerabilities.

Support for 3rd-party mail clients

Ideally, email providers listed here would support 3rd-party email clients, which give the user more choice on how they access their email. However, this is not a strict requirement for listing here.

Final thoughts

Given the amount of information passes through and is stored in our inboxes, it makes sense to use an email provider that respects your privacy. When it comes to email, like many other privacy tools and services, encryption is highly important because strong encryption offers both enhanced security and better privacy.

While convenient, free email services that don't offer strong encryption and/or collect data - frequently by scanning incoming messages, inboxes, accessing user contacts, and collecting/analyzing/storing metadata, do not benefit your privacy and should be avoided were possible.

A zero-access or zero-knowledge encrypted mailbox protects your emails and inbox from access by third parties - including from the service provider themselves. An inbox encrypted with zero-access encryption also alleviates threats stemming from data leaks and the "handing over" of user emails.

Users should migrate to private and secure mailboxes were possible. In addition to the privacy and security benefits, users may find privacy-friendly and encrypted email providers are just as user-friendly as more common "free" email providers and provide more robust email-related tracking protections in everyday uses of their inboxes.

With that said, stay safe out there!

Next Post Previous Post