Private Mail Guide
Home Posts Topics
Find Your Setup Tools Glossary Resources About

Tools

A curated directory of 7 tools we use, evaluate, and recommend across the AI security landscape — with our take on each.

Interactive tool

Find Your Private Email Setup →

A short wizard that turns your constraints into a concrete plan: which provider, the alias strategy to pair with it (e.g. Proton + SimpleLogin), the migration steps, and the caveats.

Encrypted Email Providers

Proton Mail

open-source (clients) Free 1GB; €4.99/mo paid

Swiss end-to-end-encrypted email. IMAP/SMTP via the Bridge. Tor onion service. PGP-compatible for inter-provider encryption.

Our take

Our default recommendation. Largest ecosystem (Drive, Pass, VPN, Calendar) and the only one with a real Tor onion service. Subject lines aren't encrypted — Tutanota is better on that single dimension.

Tutanota

open-source (server + clients) Free 1GB; €3/mo paid

German E2EE mail provider. Encrypts subject lines as well as bodies. Custom mail protocol — no IMAP/SMTP, so you cannot use desktop clients.

Our take

Best metadata protection in the category. The trade-off is the closed protocol — if you depend on Thunderbird or Apple Mail, this isn't workable. Best for users who live in webmail or mobile.

Mailbox.org

proprietary €3/mo

German privacy-focused mail with full IMAP/SMTP support and opt-in PGP. Not E2EE by default — adds privacy through hosting and policy.

Our take

Best pick when you need standard IMAP/SMTP plus privacy-respecting hosting. Not E2EE out of the box, so the threat model is "trust mailbox.org" rather than "trust no provider".

Alias & Forwarding Services

SimpleLogin

open-source Free 10 aliases; €30/yr unlimited

Email-alias service owned by Proton. Generates forwarding addresses. Custom-domain aliases on paid tier. Self-hostable.

Our take

Default alias provider. Self-hostable, open-source, owned by a vendor with a clear privacy mission. The free tier covers most personal use; custom-domain aliases need paid.

AnonAddy / addy.io

open-source Free 20 aliases; $3/mo Lite

Independent alias service. Self-hostable. PGP-encrypted forwarding option. Larger free-tier allowance than SimpleLogin.

Our take

Best non-Proton alias service and the one we'd recommend if you want to stay outside the Proton ecosystem. PGP-encrypted forwarding (encrypts at the relay) is a feature SimpleLogin lacks.

PGP Tooling

GnuPG (GPG)

open-source Free

Reference OpenPGP implementation. Underlies most desktop mail-encryption clients. Modern versions support ECC keys (ed25519/cv25519).

Our take

Still the canonical OpenPGP toolchain. UX is rough but every desktop mail-encryption story routes through it. Generate ed25519 subkeys, not 4096-bit RSA — smaller, faster, equally secure.

Mailvelope

open-source Free

Browser extension adding OpenPGP to Gmail, Outlook web, and Yahoo Mail.

Our take

Best option when you're stuck on Gmail or Outlook web and need occasional PGP encryption. Not a substitute for a real E2EE provider, but useful as a bridge.