Hushmail is a Canadian-based email service that has been in the industry for more than twenty years. It uses standard encryption algorithms such as TLA/SSL and OpenPGP to secure email messages. Moreover, the service boasts packages ideal for personal use, small business, and healthcare professionals.
Is it the best secure email provider for your needs? This extensive Hushmail review will give you everything you need to know about it.
Hushmail quick review
Our rating | 6/10 |
Encryption | Yes |
Pricing | $11.99/month (Starter plan) |
Customer support | Live chat, ticket, email, and live call |
Money-back guarantee | 60-day money-back guarantee |
Hushmail strengths and weaknesses at a glance
- Compliant with HIPAA
- Built-in OpenPGP support
- Unlimited email aliases
- Supports SMTP, IMAP, POP
- Removes IP addresses from emails
- Enables encrypted communication with non-Hushmail users
- Native iOS app
- Slightly pricier
- Does not offer calendar and file storage
- It is not open-source
- Based in Canada (privacy-unfriendly region)
Hushmail background information
Hushmail was launched in 1999 by Hush Communication Limited. It is a Canadian-based company, a subsidiary of Hush Communication Corporation headquartered in the US.
The company guarantees the protection of your email messages. However, the privacy policy complies with warrants requesting user data from the US and Canadian governments.
Remember that both countries are members of the 5/9/14 Eyes Alliance. They perform widespread surveillance on their citizens and share intelligence data, which helps them avoid domestic espionage restrictions.
More importantly, these countries can compel local companies to spy on their users. In fact, they may use legal orders to make the companies not notify the targets that they are snooped on. Post 9/11, the US government adopted large-scale surveillance of its population, including checking everyone’s email.
However, there are concerns that the additional compromise on your privacy will only provide ‘temporary’ solutions.
Maintaining user privacy has caused many secure mail services to move out of Canada and the United States. Unfortunately, these anti-privacy laws also affect Canadian VPN providers.
Is Hushmail safe?
Hushmail uses several encryption algorithms and protocols to secure your messages. They include:
- Transport Layer Security/ Secure Sockets Layer (TLS/SSL)
- OpenPGP
- HTTP Strict Transport Security (HSTS)
- Perfect Forward Secrecy (PFS)
Moreover, the specialized business accounts meet appropriate industry standards such as:
- Hushmail for Law – Support for Attorney/Client privilege
- Hushmail for Healthcare – HIPAA compliant
Firstly, it encrypts the email body and attachments using OpenPGP-based end-to-end encryption. The email’s recipient has a unique key that must be matched with the sender to decrypt the email.
However, the email subject and recipients are not encrypted, at least not in the same way as the body. So, Hushmail uses a secure SSL/TSL tunnel to encrypt your mail in transit, and OpenPGP encrypts it at rest. In addition to encryption, the service employs other advanced security features like certificate pinning and forward secrecy. Also, it uses HTTP Strict Transport Security (HSTS) to protect you against Man-in-the-middle attacks.
Additionally, Hushmail uses a zero-knowledge data management model that protects you against fraud. Of course, you need a password to log into your account. The password is stored as a hash, a unique string of characters representing your password. Hushmail should do more in this case since hashing a password is not enough to secure your account.
How does Hushmail work with non-Hushmail accounts?
Hushmail’s security architecture works perfectly in communications between Hushmail servers, but it’s a bit different for data transmissions between Hushmail and third-party email services. For instance, when sending an email to a third-party email service, the email is not sent directly. First, it is sent to the Hushmail servers, and then Hushmail takes charge of the authentication process.
The recipients will then receive an email bearing a link. The link leads to Hushmail servers; they must set a password. Upon clicking the link and setting the password, users can decrypt the message sent. This means the message never leaves the Hushmail servers and is always protected by OpenPGP encryption, whether sent to Hushmail servers or an external email account.
Hushmail business package
The Hushmail business plan has helpful business features, such as automatic responses. But the best of them all is the secure forms.
Hush secure forms
One feature that differentiates Hushmail from its competitors is the Hush Secure Forms. It enables you to create secure web forms inside your account. Here are some ready templates that you can use:
- Secure file transfer – This form helps obtain confidential documents and customer files.
- Secure contact – Your customers can start a secure conversation using this form.
- Dental appointment request form – You can link this form with your website, email signature, and social media accounts so that your customers can book appointments.
- Client experience survey – After offering services to your clients, you can use this form to enquire about what went well and where to improve.
How private is Hushmail?
After seeing how Hushmail works and looks like, let’s now look at whether it will maintain your privacy as it claims.
Hushmail logging policy
Hushmail is transparent about the data it retains and when and what happens to the logged information. However, certain parts of its policy are not pleasant.
As we mentioned earlier, it requires you to provide identifiable information like your Phone number, IP address, and email address.
Hushmail indicates that it logs the following information when you sign in to your account:
- Browser type
- IP address
- Date and time of the action
- Browser language
- Account usernames
- File names of attachments
- Account usernames
- Subjects of emails
- Sender and recipient email addresses
- URLs are the bodies of encrypted email
- And any other data that it considers necessary for preventing abuse and maintaining the system
Even though Hushmail uses encryption to protect your emails, it can see and record your account’s passphrases. Unfortunately, this is how it can read your protected messages.
Sharing your data with the government and gag orders
Hushmail logs a lot of personal data. Also, it can decipher encrypted messages, contacts, and other information. So, there’ll be a lot of data to hand over to government authorities if forced to do so. However, companies like ProtonMail and Tutanota store little data, so revelation about you will be minimal.
In addition, most secure email services don’t have the mechanism to decrypt encrypted messages like Hushmail. As a result, nobody will be able to read your data even if your data falls into the wrong hands.
Worse, the company will not notify you if it is compelled to provide your data to authorities. This is what it has to say:
Do Hushmail employees read users’ emails? Don’t be certain. Check out the following two excerpts from the privacy policy:
The above statements show that Husmail employees can look into your stuff under certain circumstances and not inform you.
From our experience, it is difficult to say that Hushmail will keep you completely secure. Here are the reasons why:
- Both Canada and the United States are members of the Five Eyes Alliance. This is a group of countries that conduct surveillance on their citizens and share intelligence data.
- Legislation known as the Cloud Act in the US forces local companies such as Hushmail Communication Corporation to provide users’ data to law enforcement. This includes even data on servers in other countries.
- Hushmail handles your account using a proprietary computer code. As a result, outsiders cannot see if the system truly protects your data.
- The OpenPGP encryption is only available on the server’s side instead of the user’s client. Also, it keeps passphrases that can be used to decrypt your information.
Hushmail interface and use
The Hushmail interface is a bit dated, with only a 2-pane setup. Also, it doesn’t have a drag-and-drop feature like other top services such as ProtonMail. Instead, you’ll have to check the box and decide what to do with the messages – Mark read, Mark unread, Move, Delete, and Report spam.
At the bottom right of the home screen, there are client display buttons for mobile and desktop. If you select the mobile option, an interface for smaller screens will appear. Notably, it is just a different version of the web page and not a separate app.
Hushmail launched the iOS app in 2016 but isn’t widely used. The app has only received 65 reviews up till now. Also, it has been rated with 2 out of 5 stars, which raises red flags. However, I found it to be fully functional, and it’s worth a try.
Composing messages
Hushmail makes it very easy to compose a message. The composition window contains everything you’ll need, as shown below.
Unlike other email clients, it has an ‘Attach secure web form’ link and a ‘Form Builder’ button. These options enable you to create secure forms, input your custom forms, or use the provided prebuilt forms.
Sending messages
After composing a message, sending it is also effortless. However, besides tapping on the ‘Send’ button, you also need to decide whether to encrypt the message or not.
People on the Hushmail network
The messages you send to other Hushmail users are encrypted with OpenPGP by default, a reliable security option. However, it’s important to note that the encryption only applies to the servers and not your device. As a result, the company can still read your messages, which threatens your privacy.
Non-Hushmail users
When sending non-Hushmail users, you can consider checking or unchecking the encryption checkbox to send encrypted or unencrypted messages. If you decide to send an encrypted message, Hushmail will refer the recipient to a secure web page.
Receiving messages
There are no special actions required to receive messages. The secure email service will automatically decipher the encrypted messages you receive from Hushmail users, making them easy to read.
Deactivating the email notification feature is good if you intend to use Hushmail frequently. That is because you’ll get a notification in the other email address you provided when signing up every time you receive a message, which is very annoying.
In fact, we received numerous notifications that were clogging our other email accounts when writing this review. This is how you can deactivate the feature.
- Click the ‘Options’ icon at the top right of the home screen
- Choose ‘Preferences’ from the menu
- Go to ‘About your tab’ and scroll down to disable Email notification
Searching for messages
Remarkably, the search function is modest and efficient. All you need to do is type in a keyword to get the messages containing the word.
Contacts
Hushmail has a Contact system with a particularly convenient feature. Rather than just a list of names, the contact page shows a load of information, as you can see in the image below. This means you’ll get all the data you need about a person without opening their contact.
It might seem like a lot of work if you have many contacts. However, the search function on the home page will address the problem. Hushmail also imports contacts from other email services that support CSV format.
The preference section
We touched on Hushmail’s preference section when discussing disabling email notifications. But the segment has much more to offer. Although I cannot describe all the possibilities, I’ll try to show you some of the things you can do here. These are some of the tabbed pages available:
- Composing
- About you
- Reading
- Automatic response
- Spam
- Email aliases
- Billing
- Security
Integration with other email services
Due to its IMAP, POP, and SMTP support, you can send messages to non-Hushmail users. This enables you to access your Hushmail account with the client app rather than through a web page. Fortunately, it provides instructions on how to manage your account with third-party apps.
Hushmail customer support
The secure email service lets you contact customer support through live chat, telephone, and email. The Phone support is available Monday to Friday between 9 AM and 5 PM Pacific time. Unfortunately, you won’t be able to contact the support if you are on a free trial.
On top of that, the Hushmail website contains several articles that address common issues. You will probably find answers to your questions here.
Subscribing to it and the pricing
Hushmail offers a single personal package and several business plans. Unfortunately, it doesn’t offer a free tier, but you can subscribe to a Hushmail personal Premium account, which costs $49.98/year and $119 for 3 years and comes with a 60-day money-back guarantee. It includes two secure email forms, 10GB storage, two-step authentication, and encrypted email.
The Small Business plan is available at $10.79. This package is designed for small businesses, nonprofits, startups, and any type of organization. It has web forms with e-signatures and encrypted emails that will secure and anonymize your communications. Its features are similar to the Premium package, but an extra $4.50/ month is for email archiving.
Furthermore, the Hushmail for Healthcare plan is perfect for sending HIPAA-compliant emails and web forms. Fortunately, it allows you to send protected messages to traditional services such as Hotmail and Gmail.
A single email account, two secure web forms, and 10GB storage are priced at $11.99 per month. Conversely, five email accounts and web forms, electronic signature support, and 10GB storage cost $24.99/month. In addition, a bigger plan with up to 10 email accounts and web forms is also available at $47.99/month.
It’s perfect for many healthcare professionals, including dentists, psychologists, therapists, optometrists, physical therapists, chiropractors, etc.
Finally, the Hushmail for Law plan costs $10.79/month. This is an excellent solution for attorneys and legal professionals. Encrypted emails and web forms with e-signatures help to retain the attorney-client privilege. Remarkably, it includes a signed Business Associate Agreement applicable in the UK, the US, and Canada.
Hushmail alternatives
Hushmail’s primary focus is emailing. However, if you need a comprehensive office suite, you can opt for Mailbox.org. Besides, secure private email offers an address book, calendar, spreadsheet, word processor, and cloud storage.
Moreover, choose Protonmail if you need more security and privacy. It doesn’t require you to provide too much personal information when signing up and observes a no-logs policy. In addition, the service encrypts the email subject lines, unlike Hushmail.
Our thoughts about Hushmail
This Hushmail review shows that it is a reliable email service with competent security features. In fact, secure forms make it an excellent option for companies that require a secure communication channel, and HIPAA compliance will come in handy for healthcare professionals who need to secure sensitive medical data.
However, the provider is headquartered in Canada and is a subsidiary of a US company. These are not privacy-friendly jurisdictions; your information can be handed over to the government if requested.
Also, because the encryption applies on the servers instead of on your device, Hushmail can decrypt your messages. Therefore, unless you require to utilize the specific business features it offers, we suggest you look for alternatives such as ProtonMail to maintain your privacy.
FAQs
Hushmail is one of the best services to send encrypted emails and secure forms. The service protects your messages through OpenPGP encryption, ensuring only the intended recipients can view the contents and attachments.
There is no free version of Hushmail. It is a paid service that comes with a 60-day money-back guarantee.
Hushmail offers a 60-day money-back guarantee to help you test its services risk-free. The refund applies to both personal and business plans.
Hushmail has a stylish, easy-to-use application for iOS devices that comes with all Hushmail features. However, Android users have to set up a Hushmail account with the support of IMAP and POP accounts.
Hushmail complies with HIPAA standards for protecting healthcare data. It offers secure email services that enable safe communication between patients and healthcare professionals.