Write a review
  2. News
  3. Online Privacy and Security

Best email services for security and privacy

ConsumerAffairs reviewed seven of the biggest email providers to find how they compare on security and privacy. The highest scoring had newer options. Image (c) ConsumerAffairs.

Not all email providers are created equal

  • The biggest email services largely offer the same suite of security and privacy features, but some newer or more advanced options put other providers ahead, a ConsumerAffairs review of seven email services finds.
  • ProtonMail, Outlook and Gmail are the three top scoring emails for security and privacy.
  • Mail.com, AOL and Yahoo are the three lowest scoring.

When deciding on an email, security and privacy are often top of mind.

To find the best email services for security and privacy, ConsumerAffairs reviewed seven of the biggest email providers — AOL, Gmail, iCloud Mail, Mail.com, Outlook, ProtonMail and Yahoo — on 34 features.

A "yes" to a feature awarded one point as did "not applicable," which was because these were instances when the email service wasn't tracking or selling sensitive information, such as location information, to begin with.

The review only scored email services on features included in free accounts.

ConsumerAffairs weighed each of the features with the same value. But users may value certain security and privacy features more than others. Read on to see specifically how the emails compared.

What email services are best for security and privacy?

ProtonMail took the top spot with 31 points out of 34, largely because it offered security and features not found elsewhere. Outloook took second place with 30 points, followed closely by Gmail with 29 and iCloud Mail with 28.

The lowest scoring were AOL and Yahoo, notching 19 points. Mail.com got 21 points.

Yahoo and AOL have the same security and privacy features because Yahoo provides the email service to AOL.

What security and privacy features were reviewed?

Below is a table of the 34 security and privacy features ConsumerAffairs reviewed. Read on for explanations for each of these features.

Here are explanations of the features among the email services that ConsumerAffairs reviewed:

  • Authenticate through trusted device/app: Users can verify their login through a device that has signed in before or an app, such as authenticator app or email app on a smartphone. Only Mail.com doesn't have this feature.
  • Backup codes or recovery key: Users can create codes or keys they can write down or save for recovering their account or its data. AOL, Mail.com and Yahoo don't have this feature.
  • Biometric sign on: Users can sign on through biometric verification, such as their face or fingerprint. All email providers have this feature.
  • Block all attachments: Users can block all attachments sent to them, especially from emails that aren't on their safe senders or domain list. Only Gmail and Outlook have this feature.
  • Block downloading, forwarding, copying or printing emails: Users can enable a setting to stop others from easily extracting the content of their emails. Only Gmail and Outlook have this feature.
  • Blocks or warns of dangerous files, links or senders: Users are given warnings or emails are automatically blocked with suspicious or harmful content, such as viruses or file attachments. All email services have this feature.
  • Dark web monitoring: Users can get updates if their information, including password, is circulating on the dark web, likely following a data breach. Only iCloud doesn't have this feature.
  • Delete search history: Users can delete the search history in their email inbox. All email providers have this feature.
  • Disable passwords: Users can go passwordless and use a passkey instead, but this feature is very new and only available for Microsoft accounts on Outlook.
  • Expiring sent messages: Users can set their sent emails to expire from a receiver's inbox. AOL, Mail.com and Yahoo don't have this feature.
  • Hide IP address: Users can conceal their IP address, which is an identifier unique to devices. Only iCloud and ProtonMail have this feature.
  • Privately load remote content: Users have their IP address hidden when loading content, such as images, from senders, which prevents them from getting tracked. Gmail, Outlook and ProtonMail have this feature.
  • QR code sign-in: Users can sign on by scanning a QR code on their smartphone or other mobile device. Only AOL and Yahoo don't have this feature.
  • Recovery email: Users can set another email address to get back into their lost or stolen account. All emails have this feature.
  • Recovery phone number: Users can set a phone number to receive a text message to get back into their lost or stolen account. All providers have this feature.
  • Recovery phrase: Users can create a sequence of words to recover data and reset their password. Only ProtonMail has this.
  • Recovery through trusted device: Users can sign on with a computer or smartphone that it recognizes to get back into a lost or stolen account. AOL, Mail.com and Yahoo don't have this feature.
  • Report spam/phishing with one-click: Users can easily report spam or scam emails with just a single click from their inbox, instead of having to contact support. Only iCloud Mail didn't have this feature.
  • S/MIME encryption: The content of user's emails are protected with private and public keys for encryption and decryption. AOL, Mail.com Yahoo don't have this feature.
  • See sign-ons, devices and activity: Users can review activity on their account, including sign-ons, locations of sign-ons and devices. All have this feature.
  • Set safe senders or sender filter: Users can set safe senders, such as specific addresses or domains, or create a filter that does this. All have this feature.
  • Sign-on alerts: Users get alerts in their inbox when there is new sign-on activity, such as from a new device or location. Only Mail.com doesn't have this feature.
  • Sign on with passkey: Users can sign on with passkeys, which are stored to specific devices and verified through a PIN, face or fingerprint. Passkeys are more secure than passwords and gaining adoption. Only Mail.com doesn't have this feature.
  • Sign out of other browsers/sessions: Users can sign out of all active sessions from other devices or browsers. Only AOL and Yahoo don't have this feature.
  • SSL/TLS encryption: SSL/TLS encrypts the communication between email servers, while S/MIME encrypts the content of messages. All email services have this feature, but AOL and Yahoo didn't have S/MIME encryption.
  • Turn off automatic image loading: Users can prevent images from being automatically loaded. All email providers have this feature.
  • Turn off location information: Users can disable having their location tracked. All email services have this option or in ProtonMail's case, location isn't tracked at all.
  • Turn off personalized ads: Users can disable their provider tracking information about them to serve ads. All email services have this options or in ProtonMail's case, there was no data being shared for personalized ads.
  • Turn off sale and sharing of personal information: Users can prevent having their information sold or shared. All email providers have this option, or in the case of iCloud, Outlook and ProtonMail, it isn't done at all.
  • Two-password mode: Users can set two different passwords to sign on. Only ProtonMail has this option.
  • Two-step/two-factor authentication: Users can have all logins require an extra step of verification, typically through a text message or authenticator app. All email services have this option.
  • USB security key: Users can set and plug in a USB to verify they are logging in. All email providers have this option.
  • Virus protection/scanning: Users have the emails sent to them scanned for viruses or malware. Only AOL and Yahoo don't have this feature for free accounts.

Things to consider

Fortunately, the biggest email services generally offer the same typical security and privacy features, but there are exceptions for users looking for added layers of safety.

Another thing for users to consider is how enabling and adjusting security or privacy features for an email provider can differ. 

In Outlook's and Gmail's case, some of the features involve having to leave the email platform and go to your overall Microsoft or Google account settings.

And two-step verification can be simpler on some services, such as requiring a text message opposed to opening an a device or app.

On Microsoft and Mail.com, for instance, two-step verification requires an authenticator app, which can be more of a pain for users.

Stay informed

Sign up for The Daily Consumer

Get the latest on recalls, scams, lawsuits, and more

    By entering your email, you agree to sign up for consumer news, tips and giveaways from ConsumerAffairs. Unsubscribe at any time.

    Thanks for subscribing.

    You have successfully subscribed to our newsletter! Enjoy reading our tips and recommendations.

    Get the news you need delivered to you

    Sign up to receive our free weekly newsletter. We value your privacy. Unsubscribe easily.

    By entering your email, you agree to sign up for consumer news, tips and giveaways from ConsumerAffairs. Unsubscribe at any time.

    You’re signed up

    We’ll start sending you the news you need delivered straight to you. We value your privacy. Unsubscribe easily.