PGP email encryption services
Sub Rosa: Webmail interface supports server side GPG/PGP message encryption, their servers are located outside the EU and do not store any logs, service can be accessed with Tor using a dedicated .onion address.
Countermail: Supports OpenPGP encryption and digital signatures for webmail, it also hides your IP on the headers, servers located in Sweden.
AnonymousSpeech: PGP email encryption supported, IP is hidden in the headers, the servers are located outside the US and Europe, guarantee not to reply to correspondence of foreign Governments.
Posteo: Cheap privacy email service in Germany that aims to keep customer to the minimum and comes preconfigured to use Mailvelope, a free plugin to send encrypted PGP mail.
TorGuard Email: Anonymous email service from VPN provider TorGuard, it can send and receive messages encrypted with PGP, you can have it for free if you buy their VPN service or pay for a stand alone email account.
StartMail: Made by the same company that manages privacy search engine StartPage. This email service is based in the Netherlands and the interface allows you to encrypt and decrypt emails using PGP.
4SecureMail: Support for wemail PGP encryption and signing, all emails get scanned with a ICSA-Certified antivirus, your computer IP is hidden and not forwarded with the messages.
HushMail: Web based support for PGP encryped email and digital signatures, computer IP hidden in the headers, company headquarters based in Canada.
S-Mail: PGP email encryption and digital signatures support.
SecureNym: Public/private key email encryption and digital signatures support.
Safe-Mail: Israeli company supporting PGP email encryption and digital signatures as well as using of digital certificates for sending encrypted messages using the web interface. Safe-Mail DOES NOT hide your computer IP on the headers.
NeoMailBox: Supports OpenPGP encryption and digital signatures, it will hide your IP on the headers and you can choose to host your email in the US or Switzerland.
KeptPrivate: All of your email messages are kept encrypted in their servers using the Blowfish algorithm, no support for PGP, the person you are emailing to will need a KeptPrivate email account too in order to sent emails encrypted.
E-mail clients supporting OpenPGP encryption
Claws Mail: Claws Mail supports GnuPG email encryption and decryption installing the GPG plugin. This is a multi platform email client, it works in Windows and Linux.
The Bat!: Premium email client that allows PGP email encryption, spam filtering and scripting.
Sylpheed: Open source multi platform email client and newsgroup reader supporting GnuPG email encryption.
Thunderbird: To use GnuPG email encryption with Thunderbird you will need to add the free Enigmail plugin.
Software to encrypt emails using GPG/PGP
PGP Desktop Email: Paid for business oriented application to encrypt all outgoing email communications with PGP.
Safester: Propietary mail client using OpenPGP, this tool lets you exchange encrypted messages with other users of the same software and invite non users.
ArticSoft: Premium OpenPGP encryption and digital signature software to encrypt emails and files.
GPG4Win: Windows GnuPG software for email and file encryption, you will need gnupg to make it work, this comes included in the package.
GnuPG: GnuPG, also known as GPG, is a command line tool for GPG encryption, you will need a front end GUI unless you are willing to use command line from C: to encrypt your emails.
PGP public Key servers list
Note that you only need to upload your public key to one of the servers and it will propagate to all the others, also note that all of the PGP/GnuPG encryption software comes with some predefined keyservers where to get encryption keys from.
- https://keyserver.pgp.com (PGP Corporation KeyServer)
- http://pgp.mit.edu (Massachusetts Institute of Technology Keyserver)
- http://pgp.nic.ad.jp (Japan KeyServer)
Alternative to email encryption
Lockbin: Web application to send private email messages and files, use of AES256 symmetric encryption to secure your messages in the server with the site sending a link to your contact who will need to know the password beforehand.
SendInc: Fast and free way to send encrypted email through a web form, the site is secured with SSL. A paid for version gives you extra features like more space and big attachments.
Note: The services above will log your computer IP when you send an email, the IP might not be included in the message header but it can be recovered from the server logs in case of abuse.
Jay
What, in your opinion the best paid for email service to use for a personal account? I am using GMail but just don’t truth the company anymore, even though they’re not getting any any ad money off me because of my filtering/blocking.
I can use GnuPG, and have no secrets in my mail, but just want to be sure the US govt. cannot get to my stuff.
hacker10
I would not trust anyone with my encryption keys I would still use my own GPG keys, the only reason why I would want to use a paid for email service is if they protected stored emails from noisy third parties and regularly erased the logs, Countermail and Anonymous Speech both look good to me and are outside the US.
hacker10
john
as the nsa wiretaps on the tier1 devices and has computing capabilities to crack enrypted files there is no need for this anymore.
Matt
Anonymousspeech is a good email service, but some of its claims don’t seem to hold up. For starters, it has a tendency to abruptly go offline for a couple of days at a time for “network issues” or “server migration.”
More critically, it is NOT truly offshore and outside USA jurisdiction. During its last outage, its url redirected to its server default page, revealing that it’s actually hosted by “Server Intellect,” a USA-based company located in Florida! Does that sound “offshore” to you? And when we (several paid users) wrote to the company to ask for an explanation, we each got generic replies that avoided any response to this appalling security issue. Also, its server runs on Windows, not linux–another safety vulnerability.
Last but not least, inquiries to its forums have to pass moderators before being posted. NONE of the (fair and deserved) questions about these HUGE gaping safety holes have ever been posted and answered; they’re just deleted.
Beware; this company has had the curtain pulled back on its servers, and until they address these issues they’re not as safe as claimed! Claiming that they use a Panama-based host when their last outage “outed” them as using a USA-based host is a pretty severe blow to their credibility. And since you have to pay for features they turn out to not actually have, this is a BIG deal.
freddy kuman
Since Lavabit was shutdown last week, I personally switched over to non-USA based encrypted email SaluSafe http://salusafe.com
Its also worth mentioning that Silent Circle destroyed its secure messaging service!
Hacker10
Hello Freddy,
I see from SaluSafe “About” page that they have links to CryptoHeaven in Canada. They are already on the list so I will not be adding them again under a different name.
And Silent Circle email suspension has been announced as temporary.
hacker10
CryptoBoy
List of programs/Services using Perfect Forward Secrecy please? Thanks!
Rick Romero
VFEmail.net supports PGP (but you should use that locally once you’re familiar with it), Hides your source IP, Hides your From address in remote server logs (Metadata Mitigator), and has a TOR accessible site –
344c6kbnjnljjzlz.onion
PFS is supported in some scenarios, but not all, -yet- due to backwards compatibility requirements – see https://www.ssllabs.com/ssltest/ to test/verify any site.
Hacker10
Hello,
Thank you for the information, I already mentioned VFemail Tor hidden service here:
http://www.hacker10.com/internet-anonymity/list-of-the-best-tor-email-hidden-services/
Best of luck,
hacker10
niko
Hi there!
I just read your blog post about email encryption and if it’s ok for you I would suggest you another website to add to the list.
I’m the owner of “https://digitalenvelopes.email/”, I’m a geek guy, FLOSS fanatic and a linux system administrator. I made up this website to give a chance to my friends,
and actually to all the people that wanna try it, to use something different from big email providers. We all know privacy is a big problem with big email providers 😉
It’s built 100% using open source software.
With digitalenvelopes.email you can choose between 3 different webmail interfaces (Horde, Roundcube, Rainloop) and all of them come with the possibility to use pgp encryption,
although unencrypted messages can also be sent. Horde, Roundcube, Rainloop are all at last version and keep updated.
There are six available domains. An email is required to register, but registration is immediate so this can be a disposable one. No personal information is required to create your private email account. We don’t keep IP logs which can be linked to your username. Although the service is technically ‘free’, digitalenvelopes.email is run just by me,
and therefore relies on donations.
Niko