Encrypted Email Providers Compared: ProtonMail, Tuta, Mailbox.org, and Skiff

There are more encrypted email providers than most people realize, and they differ in meaningful ways. Here’s a structured comparison of the major ones.

What All of These Share

Before the differences: all providers discussed here share a common baseline.

• End-to-end encryption between users on the same platform
• HTTPS for web access
• No advertising-based revenue
• Logging policies that are more privacy-respecting than Gmail or Outlook
• Jurisdictions with stronger privacy laws than the US (Germany, Switzerland, Austria)

If you’re coming from Gmail and just want something better, any of these is a substantial improvement. The differences below matter more as you go deeper.

ProtonMail

Jurisdiction: Switzerland
Encryption standard: PGP (OpenPGP)
Subject-line encryption: No (body + attachments only)
Desktop app: No (requires Bridge for desktop email clients, paid feature)
IMAP support: Via Bridge only (paid)
Custom domains: Paid plans
Free tier: 1 GB, 1 address, 150 messages/day send limit
Paid starting price: ~$4/month
Open source: Server code closed; client code open source

Best for: Users who want PGP compatibility, people building a broader privacy stack (Proton offers VPN, Drive, Calendar, Password Manager), anyone who wants a well-funded company with a long track record.

Notable limitation: No native desktop app. Bridge is required for Thunderbird/Outlook integration, and Bridge is a paid feature. Subject lines not encrypted by default.

Tuta

Jurisdiction: Germany
Encryption standard: Proprietary (AES + RSA, post-quantum updates in progress)
Subject-line encryption: Yes
Desktop app: Yes (native apps for Windows, macOS, Linux)
IMAP support: No
Custom domains: Paid plans
Free tier: 1 GB, 1 address
Paid starting price: ~€3/month
Open source: Yes (server and client)

Best for: Users who want stricter default encryption (subjects encrypted), people who want a native desktop app without a bridge layer, GDPR-focused users who want German jurisdiction.

Notable limitation: No PGP — Tuta’s proprietary encryption doesn’t interoperate with external GPG tools. No IMAP, so you’re locked into Tuta’s apps for desktop use.

Mailbox.org

Jurisdiction: Germany
Encryption standard: PGP / S/MIME
Subject-line encryption: No
Desktop app: No (webmail; IMAP supported so use any client)
IMAP support: Yes (standard, no bridge required)
Custom domains: Paid plans
Free tier: None (30-day trial)
Paid starting price: €1/month (Light), €3/month (Standard)
Open source: Client open source; server closed

Best for: Power users who want a full-featured email service that works with any email client over standard IMAP, anyone who needs PGP or S/MIME with proper key management, users who want a more traditional email experience with better privacy.

Notable limitation: No free tier. The cheapest plan is quite limited (2 GB, single address, no video conferencing). Less consumer-friendly than Proton or Tuta. Requires some comfort with email configuration for full PGP use.

Standout feature: Mailbox.org has the most traditional email infrastructure. It works over standard IMAP without any bridge software. If you’ve used email for 20 years and know what you’re doing, Mailbox.org’s flexibility is valuable.

Skiff Mail

Skiff offered an interesting encrypted workspace — email, documents, and cloud storage in one platform. Note: Skiff was acquired by Notion in early 2024 and the Skiff products, including Skiff Mail, have been shut down. This is included as a warning: if you’re seeing Skiff recommendations online, check the date — the service no longer accepts new users or operates.

Posteo

Jurisdiction: Germany
Encryption standard: PGP (with at-rest encryption option)
Subject-line encryption: No
Desktop app: No (standard IMAP)
IMAP support: Yes
Custom domains: Not supported
Free tier: None
Paid starting price: €1/month
Open source: No

Best for: Budget-conscious users who want a reliable, privacy-respecting German provider with standard IMAP support. Very simple and cheap.

Notable limitation: No custom domains at all. You get a @posteo.de, @posteo.net, or a handful of other Posteo domains. If you need a custom domain, look elsewhere. Also German-only customer support.

Decision Framework

I want the simplest encrypted email with no configuration:
→ Tuta (free tier, native apps, sensible defaults)

I want PGP compatibility and key portability:
→ ProtonMail or Mailbox.org

I want to use Thunderbird or Apple Mail without extra software:
→ Mailbox.org or Posteo (standard IMAP)

I want native desktop apps without a bridge:
→ Tuta

I want the full privacy ecosystem (VPN, Drive, Password Manager):
→ ProtonMail / Proton suite

I want the cheapest paid privacy email:
→ Posteo (€1/month) or Tuta (€3/month with more features)

I want subject-line encryption:
→ Tuta

I want a German GDPR jurisdiction:
→ Tuta, Mailbox.org, Posteo

I want Swiss jurisdiction:
→ ProtonMail

What None of Them Solve

Worth stating clearly: none of these providers makes email to non-encrypted-email users private. If you email someone on Gmail, Google receives that email. The encryption only works end-to-end when both parties use compatible tools.

For high-privacy communication between two specific people, email is the wrong tool regardless of provider. Signal, Wire, or other end-to-end encrypted messengers are better choices for that use case. Encrypted email providers are best for protecting you from your own provider’s data collection and improving your general email hygiene — not for airtight confidentiality with arbitrary recipients.