How to Use ProtonMail to Send Secure, Encrypted Emails

ProtonMail

ProtonMail is a secure email service that prioritizes privacy and security. You can use the service to send encrypted messages that should only be read by the intended recipient. There are a few ways to do this, depending on what security or email provider the recipient is using.

Option 1: Email Another ProtonMail User

If you are sending a message to another ProtonMail user, your email will be encrypted automatically. The recipient won’t need to do anything to decrypt the message and can simply click or tap on the email to read it.

Every part of the process undergoes some sort of encryption. The connection between your computer and the server is encrypted, the contents of the email on the server are encrypted, and only the recipient has the correct key to be able to decrypt the message on the other end. Attachments are also secured.

Domains that use @protonmail.com, @protonmail.ch, and @pm.me will use this high-level encryption. ProtonMail also allows you to use a private domain name with the service, so it’s possible to use internal encryption on non-ProtonMail domains, too.

You’ll know that an email has come from a ProtonMail account (and thus, that it’s been encrypted internally) when you see a purple padlock in the “From” field next to your contact’s email address.

In order to communicate with someone securely, you might want to ask them to set up a ProtonMail account just for that purpose. They can even configure ProtonMail to send them a notification email whenever they receive a new secure message in ProtonMail. The contents of the message stay private, and they can sign in to ProtonMail to view it.

RELATED: What Is ProtonMail, and Why Is It More Private Than Gmail?

Option 2: Set up PGP with Non-ProtonMail Users

PGP stands for “Pretty Good Privacy,” and makes for an email-friendly method of end-to-end encryption that uses both a public key and a private key. PGP lets you send encrypted emails to people who aren’t using ProtonMail—as long as they have PGP set up.

To send an email to a recipient using PGP, you’ll need to know their public key (and to receive an email encrypted with PGP, the recipient must know your public key).

Exchanging keys is an important part of this process. You can attach your public key to any outgoing email by clicking the “More” drop-down button in the compose email interface and checking “Attach Public Key.”

You can set this behavior as a default under Settings > Security by enabling “Automatically attach public key” in ProtonMail’s preferences.

The recipient will need to send their public key in order to receive your encrypted mail, so you’ll have to communicate this to them. You can add a recipient’s public key to your ProtonMail account using a few different methods:

  • By clicking the “Trust Key” button that appears above an email that contains a PGP public key and making sure to check the “Use for Encryption” box in the pop-up that appears.
  • By adding a contact under the Contacts tab, then clicking on Advanced Settings followed by “Upload Key” and locating the file your contact sent you. Make sure that you select “Use for Encryption” for outgoing mail.
protonmail.com

With keys exchanged and associated with the right email addresses, you should be able to communicate securely, regardless of which email provider the recipient is using.

You’ll see a green padlock near the “From” field when an email has been encrypted with PGP. If your contact is also digitally signing the messages, this green padlock will have a tick in it.

ProtonMail

PGP is a powerful tool, but it can be confusing to set up. It’s certainly not for everyone, and signing up for a free ProtonMail account (which takes care of the key exchange for you, invisibly) might be an easier option. Or, rather than using PGP—which can be complicated—you can try the next method.

Option 3: Send Password-Protected Self-Destructing Emails to Anyone

In addition to offering internally encrypted mail and great support for PGP, ProtonMail has one more failsafe for sending secure mail. It’s a bit of a hack, but it works fine for your friends who insist on sticking to Gmail, Outlook.com, or any other email service provider.

Here’s how it works:

  1. You compose an email message like normal.
  2. The message is encrypted and locked behind a password of your choosing, and you hit Send.
  3. The recipient receives a message telling them that there is an encrypted email waiting for them, along with a link.
  4. The recipient clicks on the link, which points to a ProtonMail webpage with a password field.
  5. The recipient decrypts the message and is able to read it in their web browser.
  6. The message expires 28 days later (or sooner) without the contents ever being disclosed to any non-ProtonMail servers.

This method is much simpler than setting up PGP or convincing your friends to switch email providers, but it’s probably not practical for frequent communication.

It’s also worth noting that the recipient could pass the link on to anyone else (along with the password), which would compromise confidentiality. Never assume that a message is going to stay private just because you’ve used a service like ProtonMail. You’re also trusting the person you’re emailing to keep your communications private.

To use the feature, compose an email in ProtonMail, then click on the “Encryption” padlock icon in the bottom-left corner of the window. Enter and confirm your password before adding a password hint—if you like. The hint is optional.

Click “Set” to encrypt the message, then click the “Expiration Time” hourglass icon if you want the message to expire sooner than in 28 days.

You can then hit Send to send your email like normal. The recipient won’t see any of your message (apart from the password hint) in their inbox, although the message will appear to have come directly from your ProtonMail account.

This method has its uses, but it also has drawbacks. Some recipients might not trust your message, as clicking links in email isn’t always the greatest idea. While regular email messages can last forever, these messages expire after 28 days and are almost impossible to search for unless you know the subject line.

Is It Time to Switch to ProtonMail?

ProtonMail is a well-established secure email provider, but it’s not the only one. Tutanota and Posteo are two fine alternatives, but there are many more out there.

If you’re coming from Gmail and wondering what you’ll be giving up, take a look at our ProtonMail and Gmail comparison.