My ProtonMail review

Good things at a glance:

  • Custom domains
  • Wildcard email support
  • ProtonVPN is excellent
  • Search is decent considering mail is encrypted!

Not so good things:

  • Cost
  • Lack of native IMAP/SMTP etc due to nature of the service, but ProtonMail bridge is a good half way house.

Your e-mail address is pretty much the in road to your whole digital identity. If your email account is compromised, a simple "forgotten my password" form will allow the attacker to reset your password across all services you use.

ProtonMail is the world's largest secure email service, developed by CERN and MIT scientists. The software is open source and protected by Swiss privacy law.

For a while, there have been options in most email clients to prompt for 2FA such as SMS verification. This is helpful, but (hypothetically) your email could still be read by your email service provider or a rogue employee with the right authentication/keys.

It also means if there is a breach, such as the Yahoo 3 billion accounts breach it is possible that all your emails could be read.

Should I jump ship to an encrypted solution from Gmail if I've already used the service for years?

It used to be the case that Google would essentially use all your emails to tailor your ads. Considering this includes things like your health records, order confirmation notices and services you are subscribed to, it is a big deal to sign this over.

It has been reported that Gmail nowadays does not sell your inbox to advertisers to fine tune campaigns.

Google had said its policy was not to target ads in Gmail based on personal information, such as race, religion, sexual orientation, health, or financial data, and that information extracted from a user’s email will only be used for ads in Gmail. Users may now opt out of receiving personalized ads in Gmail, but they may not opt out of email scanning.

https://www.nytimes.com/2017/06/23/technology/gmail-ads.html

What if my digital life has already been indexed by Google?

Sure, as I have had my Gmail account for 10+ years it is clear that Google will have a pretty good idea about my spending habits, websites I use and the rest, it is never too late to take control of your inbox.

The most important thing in your inbox would be the control over Forget my password and 2FA tokens. This would be a very easy way to breach your accounts.

Accounts, personal domains etc.

βœ… Account setup is relatively easy, providing you know how to create DNS records including those for SPF, DKIM and DMARC.

πŸ’° If you have more than 5GB of email, as I imagine a lot of long time Gmail users will have, it's a steep incline from €14 to €30 euros a month for the email service.

Web E-mail app

βœ… The web email app works well. It is missing all the bells and whistles of Gmail, which is a good thing! It is a very lean client, pretty much like most webmail clients and the interface is familiar.

ProtonMail Bridge: How to connect your IMAP mail client

ProtonMail provide a bridge app so you can use IMAP/SMTP in your favourite mail client.

βœ… It is quite reliable
πŸ•° Mail delivery seems to be slow.
πŸ”„ Syncing IMAP mailboxes is VERY slow at 0.2messages/second throughput!

ProtonVPN

This is useful, especially the dual VPN "secure core" just in case a VPN server is compromised.

Summary

My main gripe with ProtonMail is the cost, I think its really high for an email solution, but a great project to support.