Let's start off with something fairly easy: getting your email off of US soil. If you're using a Europe based provider, they can't be subpoenaed into handing over your data. That is exactly the result we are after. A US company, like Google, can be forced to hand over your data even if that data is not stored in the US, according to this article. Just another reason to avoid them like the plague.
Here are some good and mostly free options; keep in mind that a good, reliable and secure email provider is in my view well worth a few dollars. Most of the free providers also offer a paid option with more features, more storage, and so on.
These providers generally offer an English-language interface; one less thing to worry about.
All of those listed below offer built-in encryption, that you don't have to know anything about in order to use. You may feel that you do not actually need that, but it's a valuable layer of security. Then again, if your goal is just to get away from Google and/or get your email into a place where the US government can't easily reach, you have a lot more options (see links below).
|OpenMailbox (FR)||Free||Encryption, POPmail, IMAP||1 GB storage|
|ProtonMail (CH)||Free||Encryption, webmail||0.5 GB storage|
|Tutanota (DE)||Free||Encryption, webmail||1 GB storage|
|Mailfence (BE)||Free||Encryption, webmail, POPmail, IMAP||0.2 GB storage|
|StartMail (NL)||€ 49,50/year||Encryption, webmail, IMAP||10 GB storage|
You'll find more options listed here and here. These lists also show providers that do not offer built-in encryption.
Some of you are probably familiar with Lavabit. That is a privacy-concious provider whom the US government tried to force into giving up their data (and its encryption keys) in 2013 because they had an account that belonged to Snowden. The owner responded by pulling the plug and did not give up the data. Now they are (soon to be) back. I would trust these people but their service is on the geeky/techy side. They are preparing to offer 5GB of storage for $30 a year and they are quite serious about security. Not bad!
Need a free throwaway email address for one hour only, with no records kept? Here you go.
How much does having a EU provider protect you? That's hard to say. If you have a provider that you trust, the chance that they will hand your data over to the US government is definitely smaller, because they can't be forced to do that as easily as a US-based company can. So that is a certain level of security.
However, there are some reasons why 'they' can still get your data:
- The receiver may use a US provider, who may be forced to hand its data over.
Webmail is generally protected by the HTTPS protocol (S for Secure).
End-to-end encryption offers a lot more protection, but for most of us, that's just not feasible, at least not all the time. If you're interested, Enigmail combined with PGP (Pretty Good Privacy) is a good option for POP and IMAP, and runs as an add-on in Thunderbird and SeaMonkey Mail.
- Webmail is email that you read and write on a webpage, as shown by your browser of choice (such as Firefox). Can be useful to those who want to use email on the go, on computers that aren't their own. No e-mail software is needed.
- POPmail is email that you download into your own computer, using e-mail software such as Thunderbird (or Outlook, but let's not go there). Can be useful to those who want to keep control over their stored emails. Be sure to make backups now and then.
- IMAP is email that you view through e-mail software but that lives on your provider's server, not yours. Can be useful to those who use several computers for their email and want to keep things synched, yet prefer email software over webmail.
This blog post has been edited on November 13 and 16, based on feedback from readers. Thank you!
New links have been added on December 3.
More links added on February 8 2017.