29th Jul 2018

ProtonMail update adds address verification and full PGP encryption support

By Huseyin Kaya

With Address Verification and PGP support, ProtonMail is now the only email provider that lets users verify encryption keys and send PGP emails straight from their mailbox, making the service more secure and convenient than ever before.

ProtonMail emails are already protected with end-to-end encryption, meaning the company does not have access to user data. Address Verification adds an additional layer of protection by ensuring that a malicious attacker cannot trick a ProtonMail user into sending an encrypted email that can be intercepted and decrypted.

Address Verification prevents an attacker from introducing a malicious encryption key by verifying the encryption keys used in each message exchange. This prevents the successful execution of a Man-in-the-Middle (MITM) attack, even in the event of a compromise of ProtonMail's encryption key servers. Address Verification ensures that the correct encryption key is used every time. This is a security feature that is not available in any other email service.

“ProtonMail has a unique mission to protect many of the world's journalists and activists, which we take very seriously,” said ProtonMail CEO and Founder Dr. Andy Yen, “Address Verification is a way to provide additional protection to users with sensitive security needs."

Along with Address Verification, ProtonMail is also announcing PGP support, which makes ProtonMail's encryption fully interoperable. Any PGP user can now exchange encrypted emails with ProtonMail users, making automatic end-to-end encryption possible even if both parties aren't using ProtonMail.

"We believe that encrypted communication systems should be open, and not a walled garden controlled by a single entity." Yen said, "That's why achieving interoperability is important for us, and we believe this will help make encrypted email as ubiquitous as email itself."

Source: ProtonMail