Hushmail Review 2024: Secure But not a Privacy-friendly Option

Ruheni Mathenge  - Streaming Expert
Last updated: September 4, 2024
Read time: 15 minutes Disclosure
Share

This unbiased review looks at features, security, and ease of use to see how Hushmail compares to other secure email providers out there.

Hushmail is a Canadian-based email service that has been in the industry for more than twenty years. It uses standard encryption algorithms such as TLA/SSL and OpenPGP to secure email messages. Moreover, the service boasts packages ideal for personal use, small business, and healthcare professionals.

Is it the best secure email provider for your needs? This extensive Hushmail review will give you everything you need to know about it.

Hushmail quick review

Our rating6/10
EncryptionYes
Pricing$11.99/month (Starter plan)
Customer supportLive chat, ticket, email, and live call
Money-back guarantee60-day money-back guarantee

Hushmail strengths and weaknesses at a glance

Pros
  • Compliant with HIPAA
  • Built-in OpenPGP support
  • Unlimited email aliases
  • Supports SMTP, IMAP, POP
  • Removes IP addresses from emails
  • Enables encrypted communication with non-Hushmail users
  • Native iOS app
Cons
  • Slightly pricier
  • Does not offer calendar and file storage
  • It is not open-source
  • Based in Canada (privacy-unfriendly region)

Hushmail background information

Hushmail was launched in 1999 by Hush Communication Limited. It is a Canadian-based company, a subsidiary of Hush Communication Corporation headquartered in the US.

The company guarantees the protection of your email messages. However, the privacy policy complies with warrants requesting user data from the US and Canadian governments.

Hushmail homepage

Remember that both countries are members of the 5/9/14 Eyes Alliance. They perform widespread surveillance on their citizens and share intelligence data, which helps them avoid domestic espionage restrictions.

More importantly, these countries can compel local companies to spy on their users. In fact, they may use legal orders to make the companies not notify the targets that they are snooped on. Post 9/11, the US government adopted large-scale surveillance of its population, including checking everyone’s email.

However, there are concerns that the additional compromise on your privacy will only provide ‘temporary’ solutions. 

Maintaining user privacy has caused many secure mail services to move out of Canada and the United States. Unfortunately, these anti-privacy laws also affect Canadian VPN providers.

Is Hushmail safe?

 Hushmail uses several encryption algorithms and protocols to secure your messages. They include:

  • Transport Layer Security/ Secure Sockets Layer (TLS/SSL)
  • OpenPGP
  • HTTP Strict Transport Security (HSTS)
  • Perfect Forward Secrecy (PFS)

Moreover, the specialized business accounts meet appropriate industry standards such as:

  • Hushmail for Law – Support for Attorney/Client privilege
  • Hushmail for Healthcare – HIPAA compliant

Firstly, it encrypts the email body and attachments using OpenPGP-based end-to-end encryption. The email’s recipient has a unique key that must be matched with the sender to decrypt the email.

However, the email subject and recipients are not encrypted, at least not in the same way as the body. So, Hushmail uses a secure SSL/TSL tunnel to encrypt your mail in transit, and OpenPGP encrypts it at rest. In addition to encryption, the service employs other advanced security features like certificate pinning and forward secrecy. Also, it uses HTTP Strict Transport Security (HSTS) to protect you against Man-in-the-middle attacks.

Additionally, Hushmail uses a zero-knowledge data management model that protects you against fraud. Of course, you need a password to log into your account. The password is stored as a hash, a unique string of characters representing your password. Hushmail should do more in this case since hashing a password is not enough to secure your account.

How does Hushmail work with non-Hushmail accounts?

Hushmail’s security architecture works perfectly in communications between Hushmail servers, but it’s a bit different for data transmissions between Hushmail and third-party email services. For instance, when sending an email to a third-party email service, the email is not sent directly. First, it is sent to the Hushmail servers, and then Hushmail takes charge of the authentication process.

The recipients will then receive an email bearing a link. The link leads to Hushmail servers; they must set a password. Upon clicking the link and setting the password, users can decrypt the message sent. This means the message never leaves the Hushmail servers and is always protected by OpenPGP encryption, whether sent to Hushmail servers or an external email account.


Hushmail business package

The Hushmail business plan has helpful business features, such as automatic responses. But the best of them all is the secure forms.

Hush secure forms

One feature that differentiates Hushmail from its competitors is the Hush Secure Forms. It enables you to create secure web forms inside your account. Here are some ready templates that you can use:

  • Secure file transfer – This form helps obtain confidential documents and customer files.
  • Secure contact – Your customers can start a secure conversation using this form.
  • Dental appointment request form – You can link this form with your website, email signature, and social media accounts so that your customers can book appointments.
  • Client experience survey – After offering services to your clients, you can use this form to enquire about what went well and where to improve.

How private is Hushmail?

Husmail privacy and security

After seeing how Hushmail works and looks like, let’s now look at whether it will maintain your privacy as it claims.

Hushmail logging policy

Hushmail is transparent about the data it retains and when and what happens to the logged information. However, certain parts of its policy are not pleasant.

As we mentioned earlier, it requires you to provide identifiable information like your Phone number, IP address, and email address.

Husmail logging policy screenshot
A screenshot of an excerpt from the Hushmail logging policy.

Hushmail indicates that it logs the following information when you sign in to your account:

  • Browser type
  • IP address
  • Date and time of the action
  • Browser language
  • Account usernames
  • File names of attachments
  • Account usernames
  • Subjects of emails
  • Sender and recipient email addresses
  • URLs are the bodies of encrypted email
  • And any other data that it considers necessary for preventing abuse and maintaining the system

Even though Hushmail uses encryption to protect your emails, it can see and record your account’s passphrases. Unfortunately, this is how it can read your protected messages.


Sharing your data with the government and gag orders

Hushmail logs a lot of personal data. Also, it can decipher encrypted messages, contacts, and other information. So, there’ll be a lot of data to hand over to government authorities if forced to do so. However, companies like ProtonMail and Tutanota store little data, so revelation about you will be minimal.

In addition, most secure email services don’t have the mechanism to decrypt encrypted messages like Hushmail. As a result, nobody will be able to read your data even if your data falls into the wrong hands.

Worse, the company will not notify you if it is compelled to provide your data to authorities. This is what it has to say:

Hushmail data sharing policy screenshot

Do Hushmail employees read users’ emails? Don’t be certain. Check out the following two excerpts from the privacy policy:

Hushmail privacy policy screenshot 1
Hushmail privacy policy screenshot 2

The above statements show that Husmail employees can look into your stuff under certain circumstances and not inform you.

From our experience, it is difficult to say that Hushmail will keep you completely secure. Here are the reasons why:

  1. Both Canada and the United States are members of the Five Eyes Alliance. This is a group of countries that conduct surveillance on their citizens and share intelligence data.
  2. Legislation known as the Cloud Act in the US forces local companies such as Hushmail Communication Corporation to provide users’ data to law enforcement. This includes even data on servers in other countries.
  3. Hushmail handles your account using a proprietary computer code. As a result, outsiders cannot see if the system truly protects your data.
  4. The OpenPGP encryption is only available on the server’s side instead of the user’s client. Also, it keeps passphrases that can be used to decrypt your information.

Hushmail interface and use

The Hushmail interface is a bit dated, with only a 2-pane setup. Also, it doesn’t have a drag-and-drop feature like other top services such as ProtonMail. Instead, you’ll have to check the box and decide what to do with the messages – Mark read, Mark unread, Move, Delete, and Report spam.

At the bottom right of the home screen, there are client display buttons for mobile and desktop. If you select the mobile option, an interface for smaller screens will appear. Notably, it is just a different version of the web page and not a separate app.

Hushmail launched the iOS app in 2016 but isn’t widely used. The app has only received 65 reviews up till now. Also, it has been rated with 2 out of 5 stars, which raises red flags. However, I found it to be fully functional, and it’s worth a try.

Hushmail ios app

Composing messages

Hushmail makes it very easy to compose a message. The composition window contains everything you’ll need, as shown below.

Hushmail messages composing

Unlike other email clients, it has an ‘Attach secure web form’ link and a ‘Form Builder’ button. These options enable you to create secure forms, input your custom forms, or use the provided prebuilt forms.

Sending messages

After composing a message, sending it is also effortless. However, besides tapping on the ‘Send’ button, you also need to decide whether to encrypt the message or not.

People on the Hushmail network

The messages you send to other Hushmail users are encrypted with OpenPGP by default, a reliable security option. However, it’s important to note that the encryption only applies to the servers and not your device. As a result, the company can still read your messages, which threatens your privacy.


Non-Hushmail users

When sending non-Hushmail users, you can consider checking or unchecking the encryption checkbox to send encrypted or unencrypted messages. If you decide to send an encrypted message, Hushmail will refer the recipient to a secure web page.


Receiving messages

There are no special actions required to receive messages. The secure email service will automatically decipher the encrypted messages you receive from Hushmail users, making them easy to read.

Deactivating the email notification feature is good if you intend to use Hushmail frequently. That is because you’ll get a notification in the other email address you provided when signing up every time you receive a message, which is very annoying.

In fact, we received numerous notifications that were clogging our other email accounts when writing this review. This is how you can deactivate the feature.

  1. Click the ‘Options’ icon at the top right of the home screen
  2. Choose ‘Preferences’ from the menu
  3. Go to ‘About your tab’ and scroll down to disable Email notification

Searching for messages

Remarkably, the search function is modest and efficient. All you need to do is type in a keyword to get the messages containing the word.

Contacts

Hushmail has a Contact system with a particularly convenient feature. Rather than just a list of names, the contact page shows a load of information, as you can see in the image below. This means you’ll get all the data you need about a person without opening their contact.

Hushmail contacts screenshot

It might seem like a lot of work if you have many contacts. However, the search function on the home page will address the problem. Hushmail also imports contacts from other email services that support CSV format.

The preference section

We touched on Hushmail’s preference section when discussing disabling email notifications. But the segment has much more to offer. Although I cannot describe all the possibilities, I’ll try to show you some of the things you can do here. These are some of the tabbed pages available:

  • Composing
  • About you
  • Reading
  • Automatic response
  • Spam
  • Email aliases
  • Billing
  • Security

Integration with other email services

Due to its IMAP, POP, and SMTP support, you can send messages to non-Hushmail users. This enables you to access your Hushmail account with the client app rather than through a web page. Fortunately, it provides instructions on how to manage your account with third-party apps.

Hushmail customer support

The secure email service lets you contact customer support through live chat, telephone, and email. The Phone support is available Monday to Friday between 9 AM and 5 PM Pacific time. Unfortunately, you won’t be able to contact the support if you are on a free trial.

Hushmail customer support

On top of that, the Hushmail website contains several articles that address common issues. You will probably find answers to your questions here.

Subscribing to it and the pricing

Hushmail offers a single personal package and several business plans. Unfortunately, it doesn’t offer a free tier, but you can subscribe to a Hushmail personal Premium account, which costs $49.98/year and $119 for 3 years and comes with a 60-day money-back guarantee. It includes two secure email forms, 10GB storage, two-step authentication, and encrypted email.

hushmail small business plan

The Small Business plan is available at $10.79. This package is designed for small businesses, nonprofits, startups, and any type of organization. It has web forms with e-signatures and encrypted emails that will secure and anonymize your communications. Its features are similar to the Premium package, but an extra $4.50/ month is for email archiving.

Furthermore, the Hushmail for Healthcare plan is perfect for sending HIPAA-compliant emails and web forms. Fortunately, it allows you to send protected messages to traditional services such as Hotmail and Gmail.

A single email account, two secure web forms, and 10GB storage are priced at $11.99 per month. Conversely, five email accounts and web forms, electronic signature support, and 10GB storage cost $24.99/month. In addition, a bigger plan with up to 10 email accounts and web forms is also available at $47.99/month.

It’s perfect for many healthcare professionals, including dentists, psychologists, therapists, optometrists, physical therapists, chiropractors, etc.

law plan

Finally, the Hushmail for Law plan costs $10.79/month. This is an excellent solution for attorneys and legal professionals. Encrypted emails and web forms with e-signatures help to retain the attorney-client privilege. Remarkably, it includes a signed Business Associate Agreement applicable in the UK, the US, and Canada.

Hushmail alternatives

Hushmail’s primary focus is emailing. However, if you need a comprehensive office suite, you can opt for Mailbox.org. Besides, secure private email offers an address book, calendar, spreadsheet, word processor, and cloud storage.

Moreover, choose Protonmail if you need more security and privacy. It doesn’t require you to provide too much personal information when signing up and observes a no-logs policy. In addition, the service encrypts the email subject lines, unlike Hushmail.

Our thoughts about Hushmail

This Hushmail review shows that it is a reliable email service with competent security features. In fact, secure forms make it an excellent option for companies that require a secure communication channel, and HIPAA compliance will come in handy for healthcare professionals who need to secure sensitive medical data.

However, the provider is headquartered in Canada and is a subsidiary of a US company. These are not privacy-friendly jurisdictions; your information can be handed over to the government if requested.

Also, because the encryption applies on the servers instead of on your device, Hushmail can decrypt your messages. Therefore, unless you require to utilize the specific business features it offers, we suggest you look for alternatives such as ProtonMail to maintain your privacy.

FAQs

Hushmail is one of the best services to send encrypted emails and secure forms. The service protects your messages through OpenPGP encryption, ensuring only the intended recipients can view the contents and attachments.

There is no free version of Hushmail. It is a paid service that comes with a 60-day money-back guarantee.

Hushmail offers a 60-day money-back guarantee to help you test its services risk-free. The refund applies to both personal and business plans.

Hushmail has a stylish, easy-to-use application for iOS devices that comes with all Hushmail features. However, Android users have to set up a Hushmail account with the support of IMAP and POP accounts.

Hushmail complies with HIPAA standards for protecting healthcare data. It offers secure email services that enable safe communication between patients and healthcare professionals.