Why should you look for a Gmail alternative?
Google, notorious for data harvesting, was caught in 2017 scanning users’ emails for personal information and using it to serve targeted ads. The tech giant was accused of illegal wiretapping and stopped peeking into users’ emails after a class action lawsuit. However, to this day, Google bots still scan emails to detect spam and viruses, enable email searches, and use the auto-reply feature. It seemed like the scandal had been put to bed until The Wall Street Journal discovered that Google had been giving third-party apps access to customers’ emails.
These apps took privacy intrusion one step further. Not only did their bots crawl personal emails, real human beings also read them. Return Path, one of the apps that had access to Gmail data, read more than 8,000 personal emails, which it said was necessary to train AIs and ensure the quality of their work.
What should you look for in a Gmail alternative?
If the thought of someone reading your emails scares you, choose a different email provider – one that values your privacy. We reviewed 8 alternatives to Gmail that provide encryption and zero targeted ads. Here are a few things you should consider when choosing an email provider that suits your needs.
- Jurisdiction and privacy policies. All of the email providers mentioned below are based in Europe and have to comply with GDPR rules. They all have strict privacy policies too, but none would refuse to share your data if required by court order. However, some have policies that secure your data well enough that they wouldn’t have much to give. This is especially true of providers with zero-knowledge policies.
- Encryption standard. PGP is an industry-recognized encryption standard that encrypts information client side. It has many limitations, so many email providers offer OpenPGP encryption, which is an open-source PGP standard. OpenPGP means that your data is encrypted in the web browser or in the cloud, and you can send end-to-end encrypted messages between anyone using the same encryption standard.
- IMAP, SMTP and/or POP protocols.These protocols give you access to encrypted emails from mobile apps or third-party software like Mozilla Thunderbird.
- Custom domains.This feature is great for small teams and businesses who want to have custom domain email addresses.
- Open source means that the email provider’s code is public and anyone can search it for vulnerabilities. This generally makes for a more secure and dependable service as those problems are found and announced or fixed.
- Anonymous payment. Some apps will let you use cryptocurrency or even send in cash. Others will separate your digital payment details from your email account.
- Anonymous registration. This feature is great if you want to stay truly anonymous and keep your identity private.
The best Gmail alternatives
So which email account would be the safest? Scroll down to learn about each of these Gmail alternatives in more detail.
With Tutanota, your entire mailbox is encrypted, including your contact list. This data is then stored in data centers in Germany. Unfortunately, it doesn’t allow you to import and encrypt your old emails, but offers other features such as default end-to-end encryption between Tutanota users and encrypted emails to non-Tutanota users. These last emails work using pre-shared passwords.
Contrary to other email providers, Tutanota doesn’t use OpenPGP encryption and doesn’t support IMAP, POP, or SMTP. This means that it’s not compatible with other email service providers and cannot be used with third-party apps. Instead, Tutanota used their own encryption, which supports forward secrecy, meaning that a stolen encryption key will only unlock that message and the rest will stay safe.
Tutanota complies with GDPR and seems to value your privacy. It doesn’t track you or show you targeted ads. It also strips your IP address from your emails so snoopers can not see your location. It’s open-source and offers two-factor authentication too.
Posteo is another great German product that complies with strict European privacy laws. It’s also good to know that the company, which was founded over a decade ago, is entirely self-financed. This means that they have no obligations to share any data with partners or investors, but it also means that it’s not a free email service.
Posteo uses OpenPGP encryption and many extra layers of encryption to ensure a high level of security. Posteo supports the IMAP protocol too, meaning that you’ll be able to access your email on any device.
The software is open-source, so anyone can have a peek into its code. You can also use Posteo completely anonymously, from registration to payment. Even if you pay with Paypal, card or another digital method, they will separate this data from your account. Subject headers, body text, metadata, attachments, contacts, and even your calendar appointments are all encrypted and stored on servers in Germany. They use zero-knowledge encryption, meaning that they couldn’t decrypt your emails even if they wanted to. The company also strips your IP address and doesn’t keep any logs.
The only drawbacks to Posteo might be that it doesn’t offer custom domains and it doesn’t have a spam folder. Suspicious emails will be either rejected or sent straight to your inbox. If you choose Posteo, it would be a good idea to perfect your spam-spotting skills with this blog post!
StartMail was founded by the Dutch private search engine Startpage team, so you can be sure that your privacy is their ultimate goal. They only gather the data they need to provide their service, such as your IP address, device model, country and clicked links. The collected data is only stored for the length of your browsing session. Only your IP address is kept for security reasons, but even then, it’s encrypted, anonymized and deleted after 3 days. The use of tracking cookies is strictly forbidden.
StartMail offers PGP encryption, and your emails are stored at their local Dutch servers. What makes this email provider different is that they encrypt your information server-side rather than in the browser. They feel that doing so is safer than encryption in the browser, and you can read why they think so in their white paper. It also supports the IMAP and SMTP protocols and you can also create a temporary “email on the fly.”
You can pay for your subscription by cryptocurrency or card. If you choose the latter, your payment data will be assigned a unique number and separated from your account details.
Runbox is a user-friendly and provides majority of the features you would a private email provider. The company is based in Norway, so it has strict constitutionally-guaranteed privacy policies. Runbox is also a socially responsible business that uses renewable hydropower energy.
You can use Runbox or a third-party domain to create your email address, which will also work on a mobile app. Importing your emails is also easy, but if you need any guidance, you can find more information in their dedicated How-to section.
The company says they don’t monitor your activity or share any data with third parties. They also allow users to check its code as it runs on an open-source platform. You can pay for your subscription in cryptocurrency or send in an anonymous cash payment.
The only downside is that Runbox’s end-to-end PGP encryption isn’t on by default. You will need to set it up yourself, which might require some technical knowledge. You can find a full guide on their website. Besides, Runbox automatically scans your emails for spam and viruses, which might cause some privacy concerns. Unfortunately, the company doesn’t state whether this changes once you set up the encryption.
This Belgian private email provider seems like a perfect all-rounder. It cares about your privacy, offers OpenPGP encryption, and has features like calendar and contact functionality. It also allows you to migrate your domain.
What makes Mailfence stand out is that it enables users to send encrypted messages to recipients that don’t support OpenPGP. It uses symmetric encryption to derive an encryption/decryption key from the password you set for your encrypted message. You can even set an expiry date before sending it. The receiver will get a URL leading to your message, which can only be accessed with a password. How the recipient gets the password is up to you.
Even though Mailfence offers some unique features, it unfortunately logs “IP addresses, message-ID’s, sender and recipient addresses, subjects, browser versions, countries, and timestamps.” Unlike other private email providers, its code is also not open-source.
The CounterMail interface might look a little bit outdated and not that user-friendly, but it has 10+ years of experience and some of the strongest encryption available. Like its competitors, it uses OpenPGP, but only CounterMail offers 4,096-bit encryption keys along with their no-logs policy. Your information is stored on servers in Sweden, which, like other European countries, has strict privacy laws.
This service offers a built-in password manager and an extra layers of security, i.e. their servers server have full disk encryption and your connection to the servers passes through a tunnel to prevent IP leaks and man-in-the-middle attacks. However, all of these security features mean that CounterMail is one of the most expensive email providers on the market. It also supports cryptocurrency payments and custom domains.
The Swiss Proton Mail, like other providers, offers PGP encryption for your emails in transit and encryption for your data at rest. Your data is encrypted on the client side under a zero-knowledge policy, meaning that your encryption key stays on your device and your messages cannot be seen by Proton Mail team. It also offers a “self-destructing message” tool that ensures that your emails delete themselves after a certain period of time. The downside is that Proton Mail doesn’t encrypt metadata, headers, or the subject lines of your emails.
This popular email provider started as a crowdfunding project that supported the freedom of the internet. It was even promoted by American media as “the only email system the NSA can’t hack.” However, they were quickly offered huge investments from a few US-based companies, which they accepted.
So, is Proton Mail safer than Gmail? Without a doubt. They encrypt their users’ messages, so even if someone managed to get into their servers, they wouldn’t be able to decrypt anything. Proton Mail also doesn’t track its users’ personal data: they don’t scan emails, log IP addresses, or require personally identifiable information to sign up. It also offers a free email service, although you can pay for extra storage and features.
Mailbox is a great all-rounder that was launched in Germany in 2014 after the Snowden revelations. It’s an ad-free and secure email provider that offers a calendar, contact lists, a task planner, and cloud storage. Individuals, teams, or businesses can use Mailbox, and it also supports third-party email clients.
This email provider features mandatory SSL/TLS-encrypted data transmission and PGP encryption for your data at rest. All emails are stored in two separate servers in Germany, so if anything happens to one of them, your data will stay safe.
Mailbox cares about your privacy and supports anonymous registration and payment. You can pay by cryptocurrency or even send cash via mail. They also firmly believe that your data is truly yours. They don’t read your emails, not even for statistical reasons, nor do they share any information with third parties. They only log your IP address, which they need for security purposes and for the access control feature, but even this data is deleted after 4 days.
Gmail has many privacy problems that leave its users in doubt. If you decided to opt for one of these alternatives to Gmail, check our guide on how to permanently delete your Google account. Decided to give Google another chance? Check if your Gmail wasn’t hacked and make sure to use additional security and privacy tools, like a reliable NordPass password manager, encryption software, and a VPN.
Want to read more like this?
Get the latest news and tips from NordVPN.