Every day, billions of emails travel across the internet. Most of them pass through servers owned by companies like Google, Microsoft, and Yahoo — companies that can read, scan, and analyze every word you write. Encrypted email exists to change that.
This guide explains how encrypted email works in plain language, how it differs from traditional email, why privacy-focused email isn't free, and what encryption still cannot protect you from.
Affiliate Disclosure: This page contains affiliate links. If you sign up through our links, we may earn a commission at no extra cost to you. Terms of Service
How Encrypted Email Works
Encrypted email uses a technique called end-to-end encryption (E2EE). This means your message is scrambled on your device before it leaves, and only the recipient's device can unscramble it. The email server in the middle sees nothing but unreadable ciphertext.
It's important to know that encrypted email services work as regular email too. You can send and receive emails to and from anyone — including Gmail, Outlook, or Yahoo users. Those messages won't be end-to-end encrypted (since the other side doesn't support it), but your mailbox still benefits from at-rest encryption on the provider's servers, meaning the provider itself cannot read your stored emails. E2EE only kicks in when both sender and recipient use the same encrypted service or exchange PGP keys.
1. Key Generation
When you create an account, a pair of cryptographic keys is generated — a public key (shared with others) and a private key (stored only on your device or encrypted on the server).
2. Encrypting the Message
When you compose an email, your client encrypts it using the recipient's public key. Only their matching private key can decrypt it.
3. In Transit
The encrypted message travels through servers as ciphertext. Even the email provider cannot read it — they simply relay the scrambled data.
4. Decryption
The recipient's email client uses their private key to decrypt the message, turning the ciphertext back into readable text.
Traditional Email vs. Encrypted Email
At first glance, traditional and encrypted email look the same. The difference is what happens behind the scenes.
| Feature | Traditional (Gmail, Outlook) | Encrypted (Proton Mail, Tuta) |
|---|---|---|
| Provider can read your emails | Yes — emails are stored in plaintext on their servers | No — emails are encrypted and only you hold the key |
| Emails scanned for ads | Yes — content is analyzed to serve targeted ads | No — provider cannot access email contents |
| Government data requests | Full email contents can be handed over | Only metadata (see limitations below) |
| Data used for AI training | Often — many providers now feed data into AI models | No — zero-access architecture prevents this |
| Open source & audited | Rarely — proprietary code, trust required | Often — code is public and independently audited |
| Business model | Your data is the product | You pay for the product |
What Free Email Providers Really Do With Your Data
If you're not paying for the product, you are the product. This isn't just a saying — it's the business model of every major free email provider.
-
Ad Targeting: Gmail, Outlook, and Yahoo scan your inbox to build advertising profiles. Purchase confirmations, travel bookings, newsletters — everything is analyzed to serve you personalized ads across the web.
-
Government Compliance: When law enforcement requests your data, traditional providers hand over full email contents, attachments, contacts, and login history. Google alone received over 400,000 government data requests in a single year.
-
AI Training Data: Several major providers have updated their terms of service to allow your email content to be used for training AI and machine-learning models. Your private conversations may feed the next generation of AI products.
-
Third-Party Sharing: Free providers often share data with advertising partners, analytics companies, and other third parties — sometimes without explicit user consent, buried in lengthy terms of service.
Why Encrypted Email Isn't Free
Running an email service is expensive. Servers, bandwidth, security audits, customer support, and ongoing development all cost real money. Traditional providers cover these costs by monetizing your data. Encrypted email providers can't do that — your data is inaccessible to them by design.
This is why services like Proton Mail and Tuta charge for premium plans. Their revenue comes from subscriptions, not surveillance. Free tiers exist but are limited — they serve as an introduction, not a product funded by your personal information.
"When you pay for encrypted email, you're not just buying storage — you're funding a business model that doesn't require selling your private life."
What Encryption Does NOT Protect
End-to-end encryption is powerful, but it is not a magic shield. Even with the strongest encryption, certain data remains exposed:
- Payment information — Your credit card or PayPal details used to pay for the service can be subpoenaed by law enforcement. Providers must comply with financial regulations.
- Recovery email or phone number — If you added a recovery email or phone number, this metadata can be handed over to authorities upon legal request.
- IP address and login timestamps — Unless you connect via VPN or Tor, your IP address and the times you access your account are logged and can be disclosed.
- Email metadata — Subject lines, sender/recipient addresses, and timestamps are often not encrypted. Authorities can see who you emailed and when, even if the contents remain sealed.
- Recipient's provider — If you send an encrypted email to someone using Gmail, the message is decrypted on their end and stored in plaintext on Google's servers.
Encrypted email protects the contents of your messages — but the envelope, the postmark, and the return address are still visible. Understanding these limits is essential to making informed privacy decisions.
Frequently Asked Questions
Is encrypted email legal?
Can I send encrypted email to someone using Gmail?
Is encrypted email harder to use?
What happens if I forget my password?
Should I use a VPN with encrypted email?
Ready to protect your inbox?
Proton Mail is one of the most trusted encrypted email providers — Swiss-based, open-source, and backed by strong privacy laws.
Try Proton MailWe may earn a commission if you sign up through this link, at no extra cost to you. This helps support our free privacy tools.