The case for end-to-end encrypted email, and the four services that actually deliver it

For most Australians, the inbox is the single largest unencrypted archive of personal life. Tax notices, medical bookings, conveyancing files, kids’ school enrolments, and password reset links all sit on a server somewhere in plaintext. End-to-end encryption is the small set of changes that fixes that, and the choice of provider matters more than the cryptography. Three independent services build it properly: Proton Mail in Switzerland, Tuta Mail in Germany, and Mailfence in Belgium. A fourth path, Microsoft 365 with S/MIME, sits beside them for compliance-bound enterprises. Everything else is metadata theatre.

What end-to-end encryption actually means

End-to-end encryption (E2EE) means the message is encrypted on the sender’s device and only decrypted on the recipient’s. The provider’s servers carry ciphertext. They do not hold the keys. If subpoenaed, hacked, or sold, the body of the email cannot be read. Two protocols dominate. OpenPGP, the older standard, uses asymmetric key pairs and is the basis of inter-operable encryption between providers like Proton Mail, Mailfence, and Mailbox.org. S/MIME, used in enterprise environments, ties encryption to a certificate authority and integrates with Microsoft Outlook and corporate identity systems. Both are mature. Neither is what Gmail or Outlook.com do by default.

What Gmail does is transport encryption (TLS) between mail servers. The contents land at Google in readable form. Google can scan them, index them, and if a court orders production, hand them over. The Electronic Frontier Foundation has been blunt about this for almost a decade. Of Gmail’s “Confidential Mode,” the EFF wrote that “Google can see the contents of your messages and has the technical capability to store them indefinitely.” A 2025 Ars Technica analysis of Google’s expanded Workspace E2EE feature reached the same conclusion: the feature is a Workspace administrator-managed key wrapper, not a true end-to-end model in the Proton Mail or Tuta sense. There is one important caveat to E2EE generally. As Privacy Guides notes, “When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line.” Subject lines, sender, recipient, and timestamps remain visible to the provider. The body and attachments are sealed.

Why this matters more in Australia

Under the Privacy Act 1988, Australian organisations covered by the Notifiable Data Breaches scheme must report eligible data breaches to the Office of the Australian Information Commissioner and to affected individuals when an incident is “likely to result in serious harm.” A leaked inbox carrying client medical records, financial statements, or identity documents is the textbook eligible breach. End-to-end encryption substantially narrows the blast radius. If the provider is breached, the attacker takes ciphertext. If a staff laptop with a session is stolen, the threat is one mailbox, not a server full. For accounting practices, conveyancers, GP clinics, and small consultancies handling sensitive client information, the question of which email provider sits behind the brand is now a Privacy Act question, not an IT preference.

Data sovereignty also matters. Swiss, German, and Belgian providers are bound by some of the strictest privacy regimes in the OECD. They sit outside the Five Eyes signals-intelligence partnership that links Australia, the United States, the United Kingdom, Canada, and New Zealand. That distinction is part of the case for using a European-hosted encrypted provider rather than an Australian or American one for sensitive personal mail.

Proton Mail

Proton Mail is the default recommendation for individuals. Operated by Proton AG out of Plan-les-Ouates, Geneva, it has run an OpenPGP-based encrypted webmail service since 2014. The free tier provides 1 GB of storage and one address with no credit card required. Mail Plus, the paid consumer tier, lifts storage to 15 GB and adds 10 hide-my-email aliases plus a custom domain. Proton Unlimited bundles Mail with Proton VPN, Proton Drive, Proton Pass, and Proton Calendar in a 500 GB plan, and adds Proton Workspace, the company’s office suite with end-to-end encrypted Meet video calls.

The Proton trust model is the strongest argument. The product is open source, the apps are independently audited, the encryption is OpenPGP, and the service supports hardware security keys via FIDO2 and WebAuthn. Privacy Guides, the reference site for privacy-respecting tools, lists Proton Mail first among E2EE webmail providers. The downsides are real but small. IMAP and SMTP access requires the Proton Mail Bridge desktop app on a paid plan, which adds a step for users who want to keep an existing client like Apple Mail or Thunderbird. Subject lines remain unencrypted by default, a limitation of OpenPGP itself, not of Proton.

Verdict: if a reader can pick only one encrypted email provider, this is the one. The free tier is genuinely useful for testing the workflow before paying.

Tuta Mail

Tuta Mail, the German service that rebranded from Tutanota in November 2023, takes a different approach. Rather than implementing OpenPGP, Tuta wrote its own encryption stack. The trade-off is that Tuta cannot natively send encrypted mail to a Proton Mail or Mailfence inbox using OpenPGP keys. The advantage is that Tuta encrypts more of the message envelope, including the subject line and the calendar and contact entries that ride alongside.

Tuta is the first major encrypted email provider to ship post-quantum cryptography for new accounts, designed to resist future attacks by quantum computers that may be able to break current public-key systems. The free tier offers 1 GB of storage with the encrypted calendar and contacts included. Paid plans run from a few euros per month and add custom domain support and additional aliases. Hosting is in Germany under the General Data Protection Regulation. Tuta filed a Digital Markets Act complaint against Google in April 2024 over what it described as suppression of its rankings in search, a fight that has played out publicly since. Like Proton, Tuta does not support standard IMAP or SMTP, which keeps the encryption envelope tight at the cost of third-party client compatibility.

Verdict: the strongest pick for users who want their own encryption envelope across mail, calendar, and contacts in one app, and who do not need to interoperate with PGP keyrings outside Tuta.

Mailfence

Mailfence is the option for users who want OpenPGP and IMAP. Run by ContactOffice Group out of Brussels, Mailfence has supported PGP and digital signatures since 2013 and offers full POP3, IMAP, and SMTP access on paid tiers. That makes it the natural choice for someone who wants to keep using Apple Mail, Thunderbird, or a mobile client while still getting end-to-end encryption against a recipient who has published a PGP key. Pricing starts with a free tier of 500 MB and runs up through Base at €11 a month, Entry at €40, Pro at €78, and Ultra at €225.

Belgian privacy law adds a useful layer. Mailfence states that “only local judges can request information and they must have a court order,” and the company donates 15 per cent of Ultra plan revenue to the Electronic Frontier Foundation and the European Digital Rights advocacy group. The interface is pragmatic rather than slick, and the company’s marketing focus is on professional users rather than the consumer privacy crowd Proton and Tuta court. That suits the audience well.

Verdict: the right pick for OpenPGP power users, accountants and legal practitioners who need IMAP for desktop clients, and anyone who values funding privacy advocacy through their subscription.

Microsoft 365 with S/MIME

For Australian organisations already on Microsoft 365 Business or Enterprise, S/MIME is the most direct path to encrypted email without leaving the existing identity stack. S/MIME ties encryption to certificates issued by an internal or commercial certificate authority, integrates with Outlook on Windows, macOS, iOS, and Android, and is supported by Microsoft Purview for compliance reporting. It is not a fit for a consumer-grade reader switching from Gmail. It is a fit for a 50-person professional services firm whose clients already expect encrypted mail and whose IT team manages devices through Microsoft Intune. The encryption is real; the operational overhead of certificate distribution is the cost.

What we would skip

Two products keep coming up in search results and should not.

Skiff was a credible end-to-end encrypted email and productivity service until Notion acquired it in February 2024 and shut it down within six months. Older listicles and Reddit threads still recommend it. They are stale. Do not migrate a mailbox there.

Gmail Confidential Mode is not encryption. The EFF’s 2018 analysis called the name misleading at the time, and nothing since has changed the underlying architecture. Confidential Mode is an information-rights-management wrapper that allows the sender to set an expiry time and require an SMS passcode. The body of the message remains visible to Google. A recipient can take a screenshot. The “expiring” message stays in the sender’s Sent folder. It is a feature, not a security guarantee, and selling it as confidential is the criticism that has stuck.

Frequently asked questions

Is Gmail encrypted?

In transit, yes. Gmail uses TLS to protect messages between mail servers, and the data at rest on Google’s servers is encrypted. What Gmail is not, by default, is end-to-end encrypted. Google holds the keys to the data at rest, which means Google can read the contents and respond to lawful requests for production. End-to-end encryption requires a service like Proton Mail, Tuta Mail, or Mailfence where the provider does not hold the keys.

What is the difference between PGP, S/MIME, and proprietary end-to-end encryption?

OpenPGP is an open standard built on public-key cryptography. Two PGP users can exchange encrypted mail across providers if they have each other’s public keys. S/MIME ties encryption to certificate authorities and is dominant in enterprise email, particularly Microsoft Outlook. Proprietary end-to-end encryption, used by Tuta, is a closed implementation tuned to one provider’s stack. The trade-off is interoperability against the ability to encrypt more of the envelope.

Can I use my own custom domain with an encrypted email service?

Yes, on paid plans. Proton Mail Plus, Tuta paid tiers, and Mailfence Base and above all support custom domains. The set-up adds DNS records to point a domain at the encrypted provider’s mail servers. For a small business moving off Microsoft 365 or Google Workspace, this is the migration path that matters.

Does encrypted email satisfy Australian Privacy Act obligations?

It substantially helps but does not by itself constitute compliance. The Notifiable Data Breaches scheme requires organisations to assess and report breaches that are likely to cause serious harm. End-to-end encryption reduces the likelihood that a server-side compromise produces readable personal information, which directly reduces the harm calculation. Organisations also need access controls, staff training, incident response plans, and retention policies. Encrypted email is one layer in a defence-in-depth posture, not a substitute for the rest.

What about Apple iCloud Mail with Advanced Data Protection?

Apple’s Advanced Data Protection, available in Australia since early 2023, brings end-to-end encryption to iCloud Mail metadata and several other iCloud categories. The body of iCloud Mail itself is not end-to-end encrypted between Apple users in the same way Proton Mail is between Proton users, because the IMAP protocol Apple inherits requires the server to read messages. For Apple-only households where the threat model is iCloud account takeover rather than provider snooping, ADP is a reasonable layer. It is not a replacement for Proton, Tuta, or Mailfence for sensitive correspondence.