If you’re using ProtonMail as your email client, you already have a leg up on security. It’s a client that natively supports encryption and pays close attention to security. But if you don’t turn on ProtonMail encryption to non-Proton recipients, it’s not doing much good! Let’s change that.
ProtonMail’s email system ensures that your emails are encrypted from Point A to Point B so that only you can read them. And in this tutorial, you’ll learn everything about how to send and receive an encrypted email in ProtonMail.
Table of Contents
If you’d like to follow along step-by-step in the tutorial portion of this article, please be sure you have the following:
- A web browser – ProtonMail is a web-based email provider. It works for web browsers, like Google Chrome, Mozilla Firefox, or Microsoft Edge.
- A free ProtonMail account
What is ProtonMail?
ProtonMail would be your best pick for a web-based end-to-end email provider. In other words, ProtonMail is more private than other email providers such as Gmail. How? ProtonMail stores all emails in their server in an encrypted format for security.
Not even the people from ProtonMail have access to your encryption key—meaning only you can read your emails. As per Swiss Privacy Laws, the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) offer some of the world’s strongest privacy protection to all user data.
ProtonMail also stated, “As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.”
Sending Encrypted Email with ProtonMail
Encrypting emails is free with ProtonMail but limits some features from a paid subscription.
To start encrypting email with ProtonMail, follow the steps below.
1. First, log in to your ProtonMail account.
2. Now, click Compose at the top-left corner of the page to compose a new email and a non-ProtonMail recipient.
If you’re sending an email to other ProtonMail email recipients, your job is already done for you. ProtonMail automatically encrypts emails sent between mailboxes.
3. Click on the padlock icon in the bottom left of the email message editor box. This action will bring up a box allowing you set an encryption password on your email.
4. In the Encrypt for non-ProtonMail users box, provide a password. When you send this email, the recipient must know the encryption password before they can read the message. When you have defined a password, click on the SET button to confirm it.
5. On the email editor screen again, you should now see a padlock icon beside the recipient’s email address, as shown below.
6. Click on the SEND button to send the email and know that it’s fully encrypted even for non-ProtonMail recipients!
Receiving Encrypted Email with ProtonMail
Perhaps you need to receive emails using ProtonMail. Unfortunately, not every email provider supports end-to-end encryption like ProtonMail does. If you receive an email from a non-ProtonMail account though, ProtonMail will automatically encrypt it once it reaches ProtonMail.
Receiving Email from Other ProtonMail Users
If both the sender and recipient use ProtonMail, the entire delivery process is already encrypted end-to-end. You can verify this by hovering over the padlock on a ProtonMail email sent from another ProtonMail user.
Receiving Email from Non-ProtonMail Providers
When you receive an email that wasn’t encrypted by the originating email provider, hover over the padlock icon beside the sender’s email address. You’ll see below that it says Stored with zero access encryption.
ProtonMail automatically encrypts incoming email from non-ProtonMail email providers with a feature called zero-access encryption. This feature ensures you are the only person that can decrypt the email. But, if someone sent you an unencrypted email using another email provider, like Gmail, Gmail still has a copy of that unencrypted email.
Receiving Encrypted Email From Outlook
Other email providers have other ways to encrypt and read email messages. One of the most popular email clients is Outlook. Let’s now cover how you can read an encrypted email sent from Outlook.
Each email provider handles encryption differently. If you receive email from other email providers and email clients, those instructions will differ.
Outook has two ways to encrypt messages; S/MIME certificates and Microsoft 365 Message Encryption (Information Rights Management). To read messages sent via these two methods is a bit different.
S/MIME (Secure/Multipurpose Internet Mail Extensions) lets you encrypt and digitally sign your emails. The email content will be reverted to a readable form only when opened using the correct decryption key. Both the sender and recipient require digital certificates for the S/MIME encryption to work.
Reading Emails Encrypted via S/MIME
If the sender used an S/MIME certificate to encrypt the email, you’d see instructions to open the email by installing Outlook app on your computer, as shown below.
From here, you’d simply click on the email and follow the instructions.
Reading Emails Encrypted via Microsoft 365 Message Encryption
If the sender used Microsoft 365 Message Encryption to encrypt the email, the steps are a bit different. To read emails encrypted in this manner, once you receive the email in ProtonMail:
1. Open up the email in ProtonMail.
2. Click on the Read the message button in the email body. This action will open a new tab on your web browser.
3. On the sign-in page, since you’re not using an Outlook or Hotmail account, click on Sign in with a One-time passcode; this will send a passcode to your ProtonMail account.
4. Open the email sent to your ProtonMail account and copy the passcode.
5. Once you’ve done that, go back to your browser and provide the passcode in the text field, then click on Continue.
After going through the One-Time Passcode to verify your identity, you’ll get redirected to a Microsoft Outlook environment to view the email’s content, like in the screenshot below.
At this point, you already know how to send encrypted emails and how to read them. Not only that but also why ProtonMail is a much better option than other email providers for sending a secure email.
More from Adam The Automator & Friends
Find out how many of your Active Directory users are using leaked passwords by running a free read-only scan with Specops Password Auditor.
Why not write on a platform with an existing audience and share your knowledge with the world?
We've put together a list of the resources we, at ATA, can wholeheartedly recommend.