Encrypted email

I’m still trying to figure out whether or not to purchase a Helm server. I’ve read that the email is not encrypted - would using ProtonMail solve that issue?


Hi there -

Email is encrypted on the server and transmission to and from the server is over encrypted TLS sessions. Encrypting the content of emails is handled by email clients. You can check out something like Mozilla Thunderbird which has native support for utilizing OpenPGP for encrypting email content with your contacts: OpenPGP in Thunderbird 78 | The Thunderbird Blog

Helm co-founder/CEO

1 Like

This is a complicated issue and there are several parts to it.

  • Email in transit: This is (now) commonly protected by TLS as mail is sent between mail servers. Its not required or mandated, so if the TLS connection doesn’t work, messages can/will be sent as plain text.
  • Email at rest: This is handled by the mail server, and in the case of the helm, the storage is encrypted (we can get technical about this if you really want to).
  • Email clients: The clients have 2 parts here, 1st is the connection to the mail server (in this case, the helm) and that is protected via TLS. The 2nd part is covered under end-to-end encryption. This is optional. By that, I mean that not all clients support it, and not all people have encryption keys. If you have a client that supports it, and if your recipient has made a public key available for you to use, then you can send end-to-end encrypted email. If not, it won’t work. We can also go into detail here if you wish.

I wrote this article a number of years back you might find helpful.


You specifically mention Thunderbird, but which client integrates most efficienty (in this context) with the Helm v2? Is there a step-by-step checklist? (e2ee email is the reason I’ve placed a deposit for a Helm.)

Edit: I clicked your OpenPGP link and then followed the blog rabbithole. The FAQ rabbithole was probably much more helpful to the second question I asked: OpenPGP in Thunderbird - HOWTO and FAQ | Thunderbird Help

Louisk, thank you for your explanation and links. I’m a software/protocols/hardware noob (but learning as quickly as I can), and appreciate your inputs.

Comments like this {edit:} yours {end edit} are nearly priceless.

I assume when you ask about client integration and efficiency you’re asking about what the user process looks like for the client. End-to-end encryption has nothing to do with the email server (it can’t, or it wouldn’t be end-to-end). The answer about user process for the client is probably not going to make you happy. The best one I’ve seen was the official PGP product that acted as a proxy between the client and the mail server (I’m not suggesting you use/buy any particular product). It was mostly painless to setup, provided you didn’t have trouble (technically) setting up a POP/IMAP mail client. All of the others I’ve seen are much more manual and the setup process is more involved. I’m not aware of any single place to look for comparisons of client integrations with (open)PGP short of web searches and a fair bit of elbow grease. If you choose to go down this route, you may wish to setup a virtual machine to do your testing on and then once you find a solution you like, you can do the final setup on your primary machine(s).

Louis, thank you again.

I was referring not just to setup but operational excellence. I wouldn’t mind if something had more steps to set it up and maintain it if it ran flawlessly on its host. Since I’m still so inexperienced in a lot of areas, it’s mostly a matter of not knowing what I even need to consider.

Setting up a virtual machine to do testing might be a good exercise in and of itself for me. The openpgp.org site has app suggestions, but as we move away from Apple and towards (various) Linux, I’ll have to keep on my toes.