ProtonMail Setup Guide: Getting Started with Encrypted Email

Getting started with ProtonMail is straightforward, but there are a handful of settings worth configuring on day one that most guides skip. This walkthrough covers account creation, privacy settings, custom domain setup, and a practical migration approach.

Creating Your Account

Go to proton.me and choose a plan. The free tier is a legitimate option for getting started: 1 GB storage, one email address, limited sending volume. If you know you’ll use it seriously, the Mail Plus plan ($3.99/month at time of writing) removes send limits and adds custom domain support.

Choosing your address: @proton.me and @protonmail.com are both available and functionally identical. Pick based on what you prefer for appearances — there’s no technical difference. You can add aliases later on paid plans.

Username considerations: Your Proton username is permanent. Choose carefully. If you’re using this for anything serious, avoid anything that ties to your real name if anonymity matters to you.

Phone number: Proton may ask for a phone number or email for account verification. This is to prevent spam account creation. If you’re privacy-conscious about not linking your phone to Proton, you can sometimes use a secondary email for verification, or wait and try again — verification requirements vary based on signup patterns.

Initial Account Settings

After signup, go to Settings → All Settings and review these:

Security → Two-factor authentication: Enable this immediately. Use an authenticator app (Aegis on Android, Raivo on iOS) rather than SMS. SMS 2FA is better than nothing but is vulnerable to SIM-swapping.

Security → Recovery: Set a recovery method. If you lose your password and have no recovery, your account is unrecoverable — this is a property of the encryption model. Proton cannot reset your password and maintain E2EE. Set a recovery phrase and store it somewhere safe (a password manager works well).

Email → Appearance: Minor, but worth visiting to set your display preferences for the web app.

Email → Privacy: Review these options:

• Block email tracking pixels: Enable this. Tracking pixels are invisible images embedded in marketing email that report when and where you opened a message. ProtonMail can block them.
• Request link confirmation before opening: Optional, but adds a confirmation before opening external links, reducing accidental clicks on phishing links.

Setting Up Proton Mail Bridge (Paid Feature)

If you want to use ProtonMail with Thunderbird, Apple Mail, or Outlook instead of the web app, you need Proton Mail Bridge. It runs locally and handles the encryption/decryption, presenting a standard IMAP interface to your email client.

1. Download Proton Mail Bridge from proton.me/mail/bridge
2. Install and sign in with your Proton credentials
3. Bridge will show you an IMAP hostname (127.0.0.1), port, and a generated password
4. Configure your email client with these settings:
   • IMAP: server 127.0.0.1, port 1143, SSL, the generated password
   • SMTP: server 127.0.0.1, port 1025, STARTTLS, the generated password

Bridge needs to be running for the email client to work. It starts on login by default.

Custom Domain Setup

If you have a custom domain, adding it to ProtonMail lets you send and receive email as you@yourdomain.com while using Proton’s infrastructure.

This requires a paid plan.

In Settings → All Settings → Custom Domains, click Add domain. You’ll need to add DNS records at your registrar:

1. MX records: Two records pointing your domain to Proton’s mail servers. Priority 10 and 20.
2. SPF record: A TXT record that tells receiving servers which hosts are authorized to send email for your domain. Reduces likelihood of your mail being flagged as spam.
3. DKIM records: Three CNAME records that add cryptographic signatures to outgoing mail, further verifying legitimacy.
4. DMARC record: A TXT policy record that specifies how receiving servers should handle mail that fails SPF or DKIM.

Proton’s interface walks you through each record and verifies them. DNS propagation can take 24–48 hours, though usually it’s faster.

Migrating from Gmail

If you’re moving from Gmail, you have a few options:

Option 1: Fresh start. Set your Proton address as your new primary email. Start telling contacts about the change. Let the old Gmail account receive messages that you’re no longer actively monitoring. This is the cleanest approach long-term but requires the most transition effort.

Option 2: Proton’s Easy Switch. Proton has a migration tool under Settings → Easy Switch that can import email, contacts, and calendar from Gmail. You authorize it via OAuth — you don’t give Proton your Gmail password. The tool pulls messages over and stores them encrypted in Proton. Note that imported historical email gets encrypted at rest in Proton’s storage, but the import process means Proton temporarily has access to the plaintext — it’s a data migration, not E2EE retrospectively applied.

Option 3: Gmail forwarding. Set Gmail to forward incoming email to your Proton address. This is a transitional measure that maintains deliverability while you migrate. Turn it off once you’ve updated your address with contacts and services.

Practical Migration Tips

A realistic migration takes weeks or months, not an afternoon. Don’t try to close your Gmail immediately.

Start with the high-value accounts: banking, primary services, anything sensitive. These are the ones where the privacy improvement matters most.

Use a password manager during migration — you’ll be resetting passwords on dozens of accounts. This is also a good time to audit which services you even want to keep.

For mass email and newsletters, use something like SimpleLogin or Addy.io for disposable aliases that forward to your Proton address. This keeps your actual Proton address from becoming widely distributed.

What You’ve Got After Setup

A properly configured ProtonMail account gives you:

• E2EE for mail exchanged with other Proton users
• Swiss jurisdiction (Federal Data Protection Act, generally considered strong)
• No advertising-based revenue model
• No reading of your email content for targeting
• Recovery that requires your recovery phrase (which means they genuinely can’t help you if you lose it)

The remaining limitations: metadata (sender, recipient, timing) is visible to Proton; email to non-Proton users isn’t end-to-end encrypted unless you use password-protected messages; and Proton is still subject to legal orders from Swiss authorities.

For most people, this is a substantial improvement over Google or Microsoft email. Set it up, use it, and adjust as your needs become clearer.