A personal take on email privacy, why it matters even if you have "nothing to hide," and what I did about it. All opinions are my own — do your own research before making any decisions.
Think about what flows through your email account in any given week: bank statements, healthcare appointment reminders, utility bills, travel bookings, shopping receipts, subscription renewals. Individually, none of it feels particularly sensitive. Taken together, it's a remarkably complete profile of who you are, where you live, what you spend, who you see, and what matters to you.
There's also a dimension most people overlook: your inbox is the master key to your entire digital life. "Forgot your password?" almost always means "we'll send a reset link to your email." Whoever controls that inbox can, in practice, access everything tied to it.
Most major free email providers — Gmail, Outlook, Yahoo — are advertising businesses. The service is free because your data is the product. That doesn't mean anything necessarily sinister is happening, but it does mean their incentives aren't aligned with your privacy. I reached a point where I wanted to make a deliberate choice rather than accept the default. Privacy and convenience exist on a spectrum — there's no single right answer, but there are usually better ones.
Once you decide your inbox deserves more care, the path forward has two parts — and they work best together.
Move your email to a service whose business model is a paid subscription, not advertising. Several strong options exist — I've compared the ones I evaluated below.
Register a personal domain (like yourdomain.com) and use it as your address. This separates your identity from any single provider and keeps you in control long-term.
When your address is you@gmail.com, Google owns the relationship.
When it's you@yourdomain.com, you do — regardless of who handles
the mail behind the scenes.
yourdomain.com)
and point it at a trusted provider via a DNS setting called an MX record. The
provider handles everything — you just own the address.
If a provider closes, locks your account, or changes its terms, you update your MX record and new mail routes to a different provider within minutes. You can still recover passwords and usernames tied to that address — which matters enormously in a lockout scenario.
Switching providers is a DNS change, not a life event. No need to notify every bank, employer, subscription, and contact of a new address. Your requirements can evolve without penalty.
Whatever you want before the @ is yours — no competing for
usernames. Most providers also support aliases:
shopping@yourdomain.com,
newsletters@yourdomain.com, keeping categories of mail
organized and separate.
Run multiple mailboxes across different providers on a single domain. For
example, a primary address for day-to-day mail and a subdomain like
you@secure.yourdomain.com routed to a more security-focused
provider for sensitive correspondence.
These are the requirements I used when evaluating options — a reasonable starting point for anyone making the same decision.
I created accounts at each of these and used them before forming an opinion. This table reflects my personal experience — verify current features yourself as offerings change over time.
| Provider | Privacy focused | Encryption | Calendar | Accept invites | Contacts | Contact sync | IMAP / CalDAV / CardDAV | Mobile app | Custom domain | Comments |
|---|---|---|---|---|---|---|---|---|---|---|
| ProtonMail | Yes | Yes — E2E + zero-knowledge, leader in category | Yes | Yes | Yes | No | Via Proton Bridge | Yes | Yes | Excellent privacy and end-to-end encryption. Promptly encrypts plain text emails upon receipt. However, does not have Calendar support beyond web and cannot sync contacts outside of website and mobile application. Additionally, cannot invite nor accept calendar invites. Can import and export email via IMAP and their built-in options if you ever switch the service. |
| Tutanota | Yes | Yes — E2E + zero-knowledge, leader in category | Yes | Paid only | Yes | No | No — native apps only | Yes | Yes | Similar privacy and security to ProtonMail. Can send and receive calendar invites with a paid subscription. Contacts cannot be synced beyond their web and native applications. Import service for importing email, but must manually select each email and export individually if you opt to leave the service — this may be a non-issue for some but makes switching time-consuming. |
| Mailbox.org | Yes | Yes — requires opt-in PGP or Mailvelope | Yes | Yes | Yes | Yes | Full IMAP + CalDAV + CardDAV | No | Yes | Overall attractive service, but there are numerous negative anecdotes of customer service issues and a high rate of false positives of accounts being locked or blocked from sending due to anti-spam algorithms. Webmail UI leaves a lot to be desired. |
| Mailfence | Yes | Yes — requires opt-in PGP or Mailvelope | Yes | Yes | Yes | Yes | Full IMAP + CalDAV + CardDAV | No | Yes | Very promising and struck the right balance of security, privacy, and convenience. However, similar to Mailbox.org there are negative anecdotes on customer support issues, it lacks a native mobile app, and reportedly has issues with planned and unplanned outages. |
| FastMail | Yes | No built-in E2E — PGP via Mailvelope or Thunderbird | Yes | Yes | Yes | Yes | Full IMAP + CalDAV + CardDAV | Yes | Yes | Excellent collective of features and functions — built-in zero-knowledge and end-to-end encryption is really the only item left out. Robust documentation including automated CalDAV and CardDAV setup on mobile. Generous aliases and catch-all support for custom domains. |
All providers above offer TLS in transit and encryption at rest as a baseline. Watch out for providers that market "secure" services but only secure the physical data center (fences, guards, access control) rather than encrypting the data itself — encryption at rest should be a default expectation, not a selling point.
These came up frequently in community discussions but didn't meet my personal criteria at the time of evaluation:
Email is a good place to start, but it's one piece of a broader picture. A few other areas worth thinking about:
Extensions like uBlock Origin, Malwarebytes Browser Guard, and Disconnect block trackers and malicious scripts across browsers (Firefox, Chrome, Brave, Edge, Safari).
Pi-hole running on a Raspberry Pi blocks ads, malware, and unwanted telemetry for every device on your network — no per-device configuration needed.
For sensitive documents (tax files, 2FA recovery codes, explanation of benefits), consider encrypting before upload using 7-Zip, VeraCrypt, or Cryptomator — even if you're using a large cloud provider. Self-hosting Nextcloud is another option for full control.
The communities and publications below were invaluable when I was working through these decisions.