Encryption is at the heart of what makes ProtonMail special. It provides a solution that is so easy to use, any one can enjoy it. As discussed in What is Encryption, Encryption is critical to keeping your data safe. The message body, and the attachments, are fully encrypted:
Message Sending
Emails sent between ProtonMail users
- Always end-to-end encrypted.
Emails from ProtonMail users to non-ProtonMail users
- End-to-end encrypted if the “Encrypt for Outside” option is selected. Learn more here.
- Otherwise encrypted with TLS if the non-ProtonMail mail server supports it (most providers such as Gmail, Yahoo, Hotmail, etc, support TLS). Note, since these messages are encrypted, but not end-to-end encrypted, this means Gmail, Yahoo, Hotmail, etc, will be able to read these messages and hand them over. This is not possible if “Encrypt for Outside” is set and ProtonMail end-to-end encryption is enabled.
Emails from non-ProtonMail users to ProtonMail users
- Encrypted with TLS. Unfortunately end-to-end encryption is not possible for messages sent from insecure email providers. Thus, for maximum security, your contacts should also get ProtonMail accounts.
Replies from non-ProtonMail users to ProtonMail “Encrypt for Outside” emails.
- End-to-end encrypted.
Message Storage
- All messages in your ProtonMail mailbox are stored with zero-access encryption. This means we cannot read any of your messages or hand them over to third parties. This includes messages sent to you by non-ProtonMail users, although keep in mind if an email is sent to you from Gmail, Gmail likely retains a copy of that message as well.
- Messages sent “Encrypted for Outside” are also stored end-to-end encrypted.
- Subject lines and recipient/sender email addresses are encrypted, but not end-to-end encrypted.