david.dev


Protonmail Review

04/04/2021

#email #security #protonmail


I have been using Protonmail for several years with some ups and down. In 2018 I think I stopped using it because it was suddenly unavailable for serveral hours but I have now decided to revisit it in 2021.

For starters, Protonmail is a secure email provided based in Switzerland (both the company and the servers). But what is a secure email and why do you need one ?

We use emails daily for sensitive communications. But emails (and email attachments) are not particularly safe because are stored as simple files inside your server (if you self-host your email) or the server of your provider. Think about some plain text files and you get the picture.

Emails are generally not encrypted so if you host your emails on gmail, office 365 or any other email cloud provider they do have complete access to your emails. Additionally, these cloud email servers are normally in several locations (e.g. US or EU servers).

It doesn't really mean that everyone at Google or Microsoft will read your emails, but it means they can. There are also solutions to add encryption on the top of other cloud providers but these are far that user friendly. The security issue is not the cloud provider access to your emails but the fact that if the system of the cloud provider is compromised the cyber criminals will have full access to your emails and data.

In this short review I am considering only the protonmail paid subscription as a business email alternative. There is also a free option but since you can't use custom domains with that was never interesting for business use.

Protonmail subscription start at 4€ a month for plus account, 8€ for professional and 30€ for visionary that comes with extra storage space and support for multiple accounts and domains. There are discount for paying for an annual (-20%) or two years (-33%) subscription in advance.

Security: Protonmail offers not just an end to end encryption but stores the emails encrypted with zero knowledge and access. Since your emails can't be read even by protonmail, nobody without your encryption password can.

Web interface/App: The web interface is simple and no frills. Very few frills if you compare this with google gsuite or office 365. For instance, you can't set a default font to compose or view emails. This is a very simple features to implement so I am not sure why it was not done yet. There are some other annoyances like you cannot select all the emails in a folder but only 50 at a time (again not sure why this was not implemented in the last years?). What is however new is the possibility to use a "bridge" that allows you to decrypt and encrypt emails on the fly while using your favourite email client (e.g. Thunderbird, Apple Mail etc). so the web interface becomes not that problematic.

On Mobile however, you need to use the Protonmail app. I don't have any major issue with the app beside (again!) the impossibility to set your own font either for viewing or composing emails. It is such a trivial feature to add that I am totally puzzled on why it is not implemented yet.

Admin and Custom Domains Setup: The setup of custom domains is fairly straightforward. The wizards walks you through all the relevant process to add SPF and DKIM without any issue whatsoever. Simple and efficient.

Import/Export Tool: Another important feature for business (and rightly available only to paid users) is the import-export tool. It was added at the end of 2018 and I think is really very useful. It allows you to import your emails from files or IMAP but also to export them (e.g. for backup purposes). Such a tool is missing from all major email providers. I like the idea that you can easily export your emails (but note: you would need to use your own encryption to archive them. Once downloaded the emails are not encrypted).

Mass Delete emails from the interface: You can only delete 50 emails at at time through the web interface. What if you need to delete 50 pages worth of emails? I have found online this little script that works fine, just in case you need to move to the trash multiple emails:

 a = setInterval( function () { var o = document.getElementById("selectAll"); o.click() }, 5000); 
     b = setInterval( function () { var o = document.getElementsByClassName("moveElement-btn-trash"); 
     o[0].click() }, 6000);

Conclusions: Beside some limitations, Protonmail is the only Swiss based provider to offer a straightforward secure email solutions. The pricing is higher than your standard business email (especially if you need a lot of storage) but I found it a very good alternative to the traditional business email providers like G-Suite and Office 365.