Your inbox knows everything about you – where you live, who you talk to, and even how large your mortgage is. You probably wouldn’t want anyone, not even your closest friends or relatives, to see this. The bad news is that Gmail, Google, and their partners all read this information. Take your privacy back and choose one of the best email alternatives to Gmail.
Google, notorious for data harvesting, was caught in 2017 scanning users’ emails for personal information and using it to serve targeted ads. The tech giant was accused of illegal wiretapping and stopped peeking into users’ emails after a class action lawsuit. However, to this day, Google bots still scan emails to detect spam and viruses, enable email searches, and use the auto-reply feature. It seemed like the scandal had been put to bed until The Wall Street Journal discovered that Google had been giving third-party apps access to customers’ emails.
These apps took privacy intrusion one step further. Not only did their bots crawl personal emails, real human beings also read them. Return Path, one of the apps that had access to Gmail data, read more than 8,000 personal emails, which it said was necessary to train AIs and ensure the quality of their work.
If the thought of someone reading your emails scares you, choose a different email provider – one that values your privacy. We reviewed 8 alternatives to Gmail that provide encryption and zero targeted ads. Here are a few things you should consider when choosing an email provider that suits your needs.
With Tutanota, your entire mailbox is encrypted, including your contact list. This data is then stored in data centers in Germany. Unfortunately, it doesn’t allow you to import and encrypt your old emails, but offers other features such as default end-to-end encryption between Tutanota users and encrypted emails to non-Tutanota users. These last emails work using pre-shared passwords.
Contrary to other email providers, Tutanota doesn’t use OpenPGP encryption and doesn’t support IMAP, POP, or SMTP. This means that it’s not compatible with other email service providers and cannot be used with third-party apps. Instead, Tutanota used their own encryption, which supports forward secrecy, meaning that a stolen encryption key will only unlock that message and the rest will stay safe.
Tutanota complies with GDPR and seems to value your privacy. It doesn’t track you or show you targeted ads. It also strips your IP address from your emails so snoopers can not see your location. It’s open-source and offers two-factor authentication too.
Posteo is another great German product that complies with strict European privacy laws. It’s also good to know that the company, which was founded over a decade ago, is entirely self-financed. This means that they have no obligations to share any data with partners or investors, but it also means that their service isn’t free.
Posteo uses OpenPGP encryption and many extra layers of encryption to ensure a high level of security. Posteo supports the IMAP protocol too, meaning that you’ll be able to access your email on any device.
The software is open-source, so anyone can have a peek into its code. You can also use Posteo completely anonymously, from registration to payment. Even if you pay with Paypal, card or another digital method, they will separate this data from your account. Subject headers, body text, metadata, attachments, contacts, and even your calendar appointments are all encrypted and stored on servers in Germany. They use zero-knowledge encryption, meaning that they couldn’t decrypt your emails even if they wanted to. The company also strips your IP address and doesn’t keep any logs.
The only drawbacks to Posteo might be that it doesn’t offer custom domains and it doesn’t have a spam folder. Suspicious emails will be either rejected or sent straight to your inbox. If you choose Posteo, it would be a good idea to perfect your spam-spotting skills with this blog post!
StarMail was founded by the Dutch private search engine Startpage team, so you can be sure that your privacy is their ultimate goal. They only gather the data they need to provide their service, such as your IP address, device model, country and clicked links. The collected data is only stored for the length of your browsing session. Only your IP address is kept for security reasons, but even then, it’s encrypted, anonymized and deleted after 3 days. The use of tracking cookies is strictly forbidden.
SmartMail offers PGP encryption, and your emails are stored at their local Dutch servers. What makes this email provider different is that they encrypt your information server-side rather than in the browser. They feel that doing so is safer than encryption in the browser, and you can read why they think so in their white paper. It also supports the IMAP and SMTP protocols and you can also create a temporary “email on the fly.”
You can pay for your subscription by cryptocurrency or card. If you choose the latter, your payment data will be assigned a unique number and separated from your account details.
Runbox is a user-friendly and provides majority of the features you would a private email provider. The company is based in Norway, so it has strict constitutionally-guaranteed privacy policies. Runbox is also a socially responsible business that uses renewable hydropower energy.
You can use Runbox or a third-party domain to create your email address, which will also work on a mobile app. Importing your emails is also easy, but if you need any guidance, you can find more information in their dedicated How-to section.
The company says they don’t monitor your activity or share any data with third parties. They also allow users to check its code as it runs on an open-source platform. You can pay for your subscription in cryptocurrency or send in an anonymous cash payment.
The only downside is that Runbox’s end-to-end PGP encryption isn’t on by default. You will need to set it up yourself, which might require some technical knowledge. You can find a full guide on their website. Besides, Runbox automatically scans your emails for spam and viruses, which might cause some privacy concerns. Unfortunately, the company doesn’t state whether this changes once you set up the encryption.
This Belgian private email provider seems like a perfect all-rounder. It cares about your privacy, offers OpenPGP encryption, and has features like calendar and contact functionality. It also allows you to migrate your domain.
What makes Mailfence stand out is that it enables users to send encrypted messages to recipients that don’t support OpenPGP. It uses symmetric encryption to derive an encryption/decryption key from the password you set for your encrypted message. You can even set an expiry date before sending it. The receiver will get a URL leading to your message, which can only be accessed with a password. How the recipient gets the password is up to you.
Even though Mailfence offers some unique features, it unfortunately logs “IP addresses, message-ID’s, sender and recipient addresses, subjects, browser versions, countries, and timestamps.” Unlike other private email providers, its code is also not open-source.
The CounterMail interface might look a little bit outdated and not that user-friendly, but it has 10+ years of experience and some of the strongest encryption available. Like its competitors, it uses OpenPGP, but only CounterMail offers 4,096-bit encryption keys along with their no-logs policy. Your information is stored on servers in Sweden, which, like other European countries, has strict privacy laws.
This service offers a built-in password manager and an extra layers of security, i.e. their servers server have full disk encryption and your connection to the servers passes through a tunnel to prevent IP leaks and man-in-the-middle attacks. However, all of these security features mean that CounterMail is one of the most expensive email providers on the market. It also supports cryptocurrency payments and custom domains.
The Swiss ProtonMail, like other providers, offers PGP encryption for your emails in transit and encryption for your data at rest. Your data is encrypted on the client side under a zero-knowledge policy, meaning that your encryption key stays on your device and your messages cannot be seen by ProtonMail team. It also offers a “self-destructing message” tool that ensures that your emails delete themselves after a certain period of time. The downside is that ProtonMail doesn’t encrypt metadata, headers, or the subject lines of your emails.
This email provider started as a crowdfunding project that supported the freedom of the internet. It was even promoted by American media as “the only email system the NSA can’t hack.” However, they were quickly offered huge investments from a few US-based companies, which they accepted. This might raise some security concerns for some as ProtonMail might be obliged to share some information with their investors.
Mailbox is a great all-rounder that was launched in Germany in 2014 after the Snowden revelations. It’s an ad-free and secure email provider that offers a calendar, contact lists, a task planner, and cloud storage. Individuals, teams, or businesses can use Mailbox, and it also supports third-party email clients.
This email provider features mandatory SSL/TLS-encrypted data transmission and PGP encryption for your data at rest. All emails are stored in two separate servers in Germany, so if anything happens to one of them, your data will stay safe.
Mailbox cares about your privacy and supports anonymous registration and payment. You can pay by cryptocurrency or even send cash via mail. They also firmly believe that your data is truly yours. They don’t read your emails, not even for statistical reasons, nor do they share any information with third parties. They only log your IP address, which they need for security purposes and for the access control feature, but even this data is deleted after 4 days.
For more tips on cybersecurity, subscribe to our monthly blog newsletter below.