Learn How Protonmail Encryption Works and Enjoy Its Benefits

Published:14 April 2021 - 4 min. read

Azure Cloud Labs: these FREE, on‑demand Azure Cloud Labs will get you into a real‑world environment and account, walking you through step‑by‑step how to best protect, secure, and recover Azure data.

If you’re using ProtonMail as your email client, you already have a leg up on security. It’s a client that natively supports encryption and pays close attention to security. But if you don’t turn on ProtonMail encryption to non-Proton recipients, it’s not doing much good! Let’s change that.

ProtonMail’s email system ensures that your emails are encrypted from Point A to Point B so that only you can read them. And in this tutorial, you’ll learn everything about how to send and receive an encrypted email in ProtonMail.

Prerequisites

If you’d like to follow along step-by-step in the tutorial portion of this article, please be sure you have the following:

  • A web browser – ProtonMail is a web-based email provider. It works for web browsers, like Google Chrome, Mozilla Firefox, or Microsoft Edge.
  • A free ProtonMail account

What is ProtonMail?

ProtonMail would be your best pick for a web-based end-to-end email provider. In other words, ProtonMail is more private than other email providers such as Gmail. How? ProtonMail stores all emails in their server in an encrypted format for security.

Not even the people from ProtonMail have access to your encryption key—meaning only you can read your emails. As per Swiss Privacy Laws, the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) offer some of the world’s strongest privacy protection to all user data.

ProtonMail also stated, “As ProtonMail is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.”

ProtonMail Encryption : Sending Encrypted Email

Encrypting emails is free with ProtonMail but limits some features from a paid subscription.

To start encrypting email with ProtonMail, follow the steps below.

1. First, log in to your ProtonMail account.

2. Now, click Compose at the top-left corner of the page to compose a new email and a non-ProtonMail recipient.

If you’re sending an email to other ProtonMail email recipients, your job is already done for you. ProtonMail automatically encrypts emails sent between mailboxes.

Composing a New Email
Composing a New Email

3. Click on the padlock icon in the bottom left of the email message editor box. This action will bring up a box allowing you set an encryption password on your email.

Encrypting an Email
Encrypting an Email

4. In the Encrypt for non-ProtonMail users box, provide a password. When you send this email, the recipient must know the encryption password before they can read the message. When you have defined a password, click on the SET button to confirm it.

Requiring Password to View the Email
Requiring Password to View the Email

5. On the email editor screen again, you should now see a padlock icon beside the recipient’s email address, as shown below.

Email is Now Fully Encrypted
Email is Now Fully Encrypted

6. Click on the SEND button to send the email and know that it’s fully encrypted even for non-ProtonMail recipients!

Receiving Encrypted Email with ProtonMail

Perhaps you need to receive emails using ProtonMail. Unfortunately, not every email provider supports end-to-end encryption like ProtonMail does. If you receive an email from a non-ProtonMail account though, ProtonMail will automatically encrypt it once it reaches ProtonMail.

Receiving Email from Other ProtonMail Users

If both the sender and recipient use ProtonMail, the entire delivery process is already encrypted end-to-end. You can verify this by hovering over the padlock on a ProtonMail email sent from another ProtonMail user.

Receiving Automatically Encrypted Email From ProtonMail
Receiving Automatically Encrypted Email From ProtonMail

Receiving Email from Non-ProtonMail Providers

When you receive an email that wasn’t encrypted by the originating email provider, hover over the padlock icon beside the sender’s email address. You’ll see below that it says Stored with zero access encryption.

ProtonMail automatically encrypts incoming email from non-ProtonMail email providers with a feature called zero-access encryption. This feature ensures you are the only person that can decrypt the email. But, if someone sent you an unencrypted email using another email provider, like Gmail, Gmail still has a copy of that unencrypted email.

Receiving Unencrypted Email From Another Email Provider
Receiving Unencrypted Email From Another Email Provider

Receiving Encrypted Email From Outlook

Other email providers have other ways to encrypt and read email messages. One of the most popular email clients is Outlook. Let’s now cover how you can read an encrypted email sent from Outlook.

Each email provider handles encryption differently. If you receive email from other email providers and email clients, those instructions will differ.

Outook has two ways to encrypt messages; S/MIME certificates and Microsoft 365 Message Encryption (Information Rights Management). To read messages sent via these two methods is a bit different.

S/MIME (Secure/Multipurpose Internet Mail Extensions) lets you encrypt and digitally sign your emails. The email content will be reverted to a readable form only when opened using the correct decryption key. Both the sender and recipient require digital certificates for the S/MIME encryption to work.

Reading Emails Encrypted via S/MIME

If the sender used an S/MIME certificate to encrypt the email, you’d see instructions to open the email by installing Outlook app on your computer, as shown below.

From here, you’d simply click on the email and follow the instructions.

Viewing S/MIME Encrypted Email
Viewing S/MIME Encrypted Email

Reading Emails Encrypted via Microsoft 365 Message Encryption

If the sender used Microsoft 365 Message Encryption to encrypt the email, the steps are a bit different. To read emails encrypted in this manner, once you receive the email in ProtonMail:

1. Open up the email in ProtonMail.

2. Click on the Read the message button in the email body. This action will open a new tab on your web browser.

Viewing Encrypted Email in Gmail Sent with Outlook
Viewing Encrypted Email in Gmail Sent with Outlook

3. On the sign-in page, since you’re not using an Outlook or Hotmail account, click on Sign in with a One-time passcode; this will send a passcode to your ProtonMail account.

Signing in with One-Time Passcode
Signing in with One-Time Passcode

4. Open the email sent to your ProtonMail account and copy the passcode.

5. Once you’ve done that, go back to your browser and provide the passcode in the text field, then click on Continue.

Entering the One-Time Passcode
Entering the One-Time Passcode

After going through the One-Time Passcode to verify your identity, you’ll get redirected to a Microsoft Outlook environment to view the email’s content, like in the screenshot below.

Viewing Decrypted Email
Viewing Decrypted Email

Conclusion

At this point, you already know how to send encrypted emails and how to read them. Not only that but also why ProtonMail is a much better option than other email providers for sending a secure email.

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!