How To: Registering a Free Secure Email Account

Here you will find information on setting up a free email account with recommended providers. These recommendations are made with privacy concerns in mind and rechor is not affiliated with any of the listed providers.

 

– Tutanota (Recommended)

– ProtonMail (Recommended)

– Gmail/Yahoo (Not recommended)

 

This post is considered a quick guide to setting up the email account and using it. If you want a more in-depth explanation of all the bells and whistles, head over to their respective sites.

Jump To:

Tutanota

– Setting Up Account

– Results

ProtonMail

– Setting Up Account

– Results

Tutanota

tutanota.com

  • Free - Premium plans available
  • End-to-end encryption and two-factor authentication
  • Type of encryption: AES with a length of 128 bit and RSA with 2048 bit. Emails to external recipients are encrypted symmetrically with AES 128 bit
  • Server Location(s): Germany
  • Encryption for the subject, body, and attachments
  • Free of charge accounts deleted if not used for six months. That email address name will not be able to be used again to prevent erroneous message delivery
  • Android/iOS apps available
  • Can add your own domain with premium plans
Con:
  • Metadata of email not encrypted – includes only the sender, recipient, and date of the email. IP addresses are removed, however

Setting Up the Tutanota Account

1. Go to: https://mail.tutanota.com/signup

 

 

2. Select your plan (Free or one of the premium plans). Click “Select.”

 

Tutanota Plans
2. Select your plan

3. Create your email address. Tutanota offers different domains to choose from, if you desire (click the ellipsis next to the domain name). Create a password, read over the General Terms and Conditions/Privacy Policy, check that you are at least 16 years old, and click “Next.”

Tutanota Register
3. Create your address and set password

4. After Tutanota sets up your account, save your Recovery Code. This is how you would reset your password or second factor authentication if you lose either. After that, click “ok.”

Tutanota Recovery Code
4. Save your recovery code

5. You’ll be taken to a login screen. Login with the credentials you just created.

6. You are now in your inbox.

Tutanota Inbox
6. Your inbox

Note: After creating my account, I was prompted and advised that my account was “marked for approval” and was unable to send or receive emails for 48 hours. This may have been a security procedure, as I was using a VPN. Keep this in mind in case you need to use your email immediately.

If you send an email from your Tutanota account to another Tutanota account, it will work just fine – nothing else is needed.

 

If you send an email from your Tutanota account to a non-Tutanota email account (Gmail/Yahoo/ProtonMail, etc.), things change a bit – you’ll need to give the recipient a password to access the contents of the email.

Here is the process when you send a Tutanota email to a non-Tutanota account:

A. Compose a new email message. Put in the recipient’s email address. If it’s not a Tutanota address, a password field will open.

B. Enter a password. This password will be used by the email recipient to see the contents of the email. You will have to give this password to the recipient via another method (phone call, text message, another email account, in person, etc.). Note: you can use any password, the password strength meter you see is for recommendation only.

Tutanota Email
B. Non-Tutanota email composition

C. Create your subject/body and click “Send.” If your password was weak, you will be prompted and told about it, but you can send the email anyway.

D. Your message is encrypted and sent.

What the Recipient Gets:

E. You will see that the email contains no information about its contents (aside from the sender)

Tutanota Email
E. The email the recipient receives

F. The recipient will click on “Show encrypted email” or paste the given link into a browser and be taken to a page asking for the password. This is the password you created as you sent the email.

Tutanota Email
F. Inside the email

G. After they enter the password and click “Show Encrypted Mailbox,” they will be taken to a Tutanota inbox and be able to read the email you sent in plain text. They can reply from there.

Tutanota Password
G-1. Password prompt to decrypt
Tutanota Email
G-2. Decrypted email

ProtonMail

protonmail.com

  • Free - Premium plans available
  • End-to-end encryption and two-factor authentication
  • Type of encryption: AES, RSA, OpenPGP
  • Server Location(s): Switzerland
  • Encryption for the body, and attachments
  • May delete accounts if not active for over three months, although it is not the current practice to do such
  • Android/iOS apps available
  • Can add your own domain with premium plans
Con:
  • Email subject lines not encrypted

Setting Up the ProtonMail Account

1. Go to https://protonmail.com/signup

2. Select your plan (free or one of the premium plans). Click “Select [plan].”

 

 

 

Proton Plans
2. Select plan type

3. Enter your username and select your domain (username@domain). Enter a password and recovery email, if you so desire.

Proton Register
3. Enter your information

4. Read over the Terms and Conditions and click “Create Account” if you agree to them.

5. Confirm you are human and click “Complete Setup.”

6. You’ll be prompted to create a display name (the name recipients will see who the email is from). Create one and click “Finish.” Note: You can change this later under “Settings.”

Proton Inbox
6. Set your display name

7. You are now in your inbox

Proton Inbox
7. Your inbox

Note: If you read above with setting up a Tutanota account, you will see that my account was “marked for review” and was unable to send/receive emails for 48 hours. This did not occur with ProtonMail – my account was ready to use immediately.

If you send an email from your ProtonMail account to another ProtonMail account, it will work just fine – nothing else is needed. The one thing to note is the image of a padlock next to the recipient’s name in the “To:” field. This indicates that the message will be end-to-end encrypted

Proton Compose
Mind the padlock

Here is the process for sending a ProtonMail email to a non-ProtonMail account:

A. If you send an email from your ProtonMail account to a non-ProtonMail email account (Gmail/Yahoo/Tutanota, etc.), you need to take an extra step. When you enter their email address in the “To:” field, you will see that no padlock image shows up next to the recipient’s name as it does when you type in a ProtonMail email address [see above image]. THIS IS IMPORTANT: you need to click the padlock icon at the bottom of the email composition box to enable the encryption. If you don’t, your email will be sent without ProtonMail’s encryption.

Proton Compose
A. Click the padlock button to enable encryption to non-ProtonMail email accounts

B. After clicking the padlock icon, you will be prompted to enter a Message Password. This is a password you create that you will give to the recipient to decrypt the email. You will have to give this password to the recipient via another method (phone call, text message, another email account, in person, etc.). If you enter an optional password hint, that hint will show up unencrypted in the body of the email [see Image E]. After entering the password, click “Set” and you’ll be taken back to the main email composition box.

C. Finish your email and click “Send.” The email will be encrypted and sent to the recipient.

What the Recipient Gets:

D. You will see that the subject line is not encrypted (it is suggested you send misleading/irrelevant subject lines).

Proton Subject
D. Unencrypted subject line - encrypted body

E. Inside the email, you will see the optional “Password Hint” that I set, as well as the expiration date

Proton Email Body
E. Inside the email

F. The recipient will click on “View Secure Message” and be taken to a page asking for a password. This is the password you set when you created the email.

Proton Decrypted Email
F. Decryption prompt

G. After the recipient enters the password and clicks “Decrypt,” they will be taken to the message to read it in plain text. They can reply securely directly from there.

Proton Decrypted Email
G. Decrypted email

Why Use The Above Instead of Gmail/Yahoo?

Many people prefer to use Gmail or Yahoo due to their free and easy nature. However, when you sign up for a Gmail or Yahoo email account, you agree to allow them to read and store the content of your emails.

 

If you don’t want Google or Yahoo looking at your stuff, it’s suggested that you switch to another mail provider, such as Tutanota or ProtonMail.

If you still have questions about setting up an email account to use for rechor services, use a contact form or email at info@rechor.com

Sources:

Tutanota: https://tutanota.com, https://tutanota.com/faq, https://tutanota.com/howto/

ProtonMail: https://protonmail.com, https://protonmail.com/terms-and-conditions, https://protonmail.com/support/knowledge-base/does-protonmail-encrypt-email-subjects/

Gmail: https://policies.google.com/privacy

Yahoo: https://www.verizonmedia.com/policies/us/en/verizonmedia/privacy/index.html