Hushmail Review: Does It Provide Enough Security?

Danish Shah  - Senior Editor
Last updated: September 9, 2024 Reading time: 13 minutes
Disclosure
Share
Hushmail Review

Hushmail features

3 (221)

Compared to other email providers, Hushmail lacks several advanced features. But it does include the essential features that ensure an anonymous emailing experience. The following are the features that Hushmail offers, along with some of its major drawbacks:

Strength
  • Supports OpenPGP
  • POP and IMAP support
  • Unlimited email allies
  • Secure web forms and digital signatures
  • Ad free accounts
  • HIPAA compliant
  • iOS app
  • Strips IP addresses from emails
  • Allows sending encrypted emails to non-Hushmail users.
Weaknesses
  • Based in Canada
  • No native app for Android
  • Not enough privacy and security-boosting features
  • Asks for personal information to sign up for an account.
  • No Linux client support
  • No calendar and storage drive feature

Hushmail is a secure email provider that works to keep its users’ data safe. It uses end-to-end encryption, robust encryption algorithms, and built-in OpenPGP support to secure email messages.

The email provider is HIPAA compliant, making it ideal for health professionals, lawyers, and small businesses. However, there are some drawbacks to using Hushmail, like its high price, limited features, and device compatibility.

People often criticized Hushmail’s shady logging policy and invasive jurisdiction and looked for better options. This Hushmail review will examine these issues deeply so you can decide whether to use Hushmail or choose any other secure email provider.

The above features are insufficient to conclude whether Hushmail is a reliable option. Hence, let’s test and review Hushmail in detail.

Privacy and Security

The primary purpose behind using a private email provider is to keep the confidential information stored within the inbox protected and out of the reach of prying eyes. Also, private email providers don’t track or log the IP address. Therefore, it is essential to analyze your email provider’s encryption standards, logging policy, and jurisdiction.

What type of Encryption does Hushmail use?

Encryption is a vital tool for maintaining online security and privacy. Hushmail uses standard encryption algorithms and protocols to protect your email messages. It uses TLS/SSL encryption, perfect forward secrecy, OpenPGP encryption, and HTTP Strict Transport Security (HSTS) for sending and storing emails on its servers.

When you send an email, the actual IP address from the header is replaced with the Hushmail IP address. However, the authorities can access your data since the email provider retains your IP address when you log into its services.

It uses TLS/SSL encryption for data communicated in transit to its servers, and SSL/TLS encryption is used when firms transmit emails between servers. The email body and attachments are also protected with OpenPGP encryption, requiring each recipient’s unique key. All emails and attachments are also encrypted when stored on the disk of the Hushmail servers.

In addition, Hushmail also encrypts all the emails sent to recipients who do not use Hushmail. Such emails can be encrypted using OpenPGP encryption and a security question-and-answer method.

When emails are sent to non-Hushmail users, they are stored on the Hushmail servers. The recipient receives an email informing them about receiving a secured email and providing a link to access it. The recipient can create and store their own OpenPGP keys, which increases email security.

However, since the unencrypted emails are stored on Hushmail servers, Hushmail couldn’t encrypt all the emails at rest. This creates another chance for the authorities to access users’ emails and something concerning that users won’t like at all.

Jurisdiction of Hushmail

The company that runs Hushmail is based in Canada and is a subsidiary of a U.S. firm. The US and Canada are the founding members of the Five Eyes Alliance countries, which might concern the users. Any country that falls under the global alliance countries is bound by a formal agreement to record and share intelligence information about each other’s citizens without their consent.

Besides this, the country follows data retention laws and other legislations like the CLOUD Act. Under this law, companies like the one that owns Hushmail must provide user data to US law enforcement agencies even if the data is stored on servers in another country. All of this raises significant privacy concerns for Hushmail users.

Does Hushmail Keep Logs?

Hushmail isn’t as private as other email providers, and the issue lies in its privacy policy. The policy reveals the information Hushmail logs when it logs data and what happens with the recorded data. However, some policy points are unsuitable for your digital privacy.

Hushmail, unlike other secure email providers, records the user’s information, like the previous email address, IP address, and browser type, to sign up for its services. It also asks for the phone number when subscribing to the service to send an SMS verification code. The amount of data Hushmail records is shocking and sounds intrusive to the users.

There are other data that Hushmail records and are mentioned in its privacy policy:

Hushmail Logs

More shocking is that Hushmail records the activity data for 18 months and responds to legal orders under British Colombia and Canadian laws to share the information with the authorities. This proves that the company collects and stores email metadata to comply with law enforcement warrants.

Besides this, Hushmail can decrypt the encrypted contacts, messages, and other data and hand it over to the government or other surveillance agencies. Also, the email provider doesn’t provide a transparency report or Warrant Canary, which fails to prove its stance to the customers.

Past History of the Email Provider

Hush Communications Canada Inc. founded Hushmail in 1998. The company was established to send and receive private and encrypted emails and web forms from Hushmail and non-Hushmail users. Its headquarters is in Vancouver, B.C., Canada, but other server centers are also in Calgary and Alberta.

A company’s history must be clear so it’s easy for new and existing users to trust them. But this is not the case with Hushmail. After digging out the past, some evidence exposed Hushmail for sharing users’ information with the Canadian authorities.

Hushmail complies with the law and shares all stored or future emails sent or received. The company spies on its users when a court orders it to. In 2007, Hushmail provided 12 CDS emails to U.S. officials targeting steroid manufacturers.

Following the case, Hushmail’s CTO also accepted that intelligence agencies could break into the encrypted emails of the targeted user accounts through vulnerabilities in the Javascript browser application.

This incident proves that Hushmail records and shares users’ data with higher authorities despite claiming to be a secure email provider. Since this incident, no other such incidents have been reported. However, this incident was enough to prove that Hushmail had disclosed data in unencrypted form to the government.

Privacy and Security Features

Hushmail is not a versatile and feature-packed email provider. It lacks features other email providers offer, like PhishGuard, enhanced tracking protection, password-protected emails, device-level security, and more. The only advanced features that Hushmail offers are discussed below:

Secure Web Forms

Hushmail secure web forms are the latest and innovative version of the old-fashioned paper forms. You can now create a personalized web form for your business and add e-signatures. The email provider allows you to create a web form by dragging fields to your form.

You can also use ready-made templates for your business forms. All the web forms are end-to-end encrypted and HIPAA compliant, so do not worry about compromised security.

Two-Step Verification

Two-step verification is a powerful feature that Hushmail offers to increase the security of your email accounts. After signing into their accounts, the user enters a verification code received via a text message or alternate email address to authenticate their identity.

It is a handy feature that prevents unauthorized access to your email accounts. To enable this feature in your Hushmail account, go to the Preferences page by clicking on the upper right side of the menu > selecting the Security tab > tap the pencil-shaped icon to enable two-step verification.

Electronic Signatures

Electronic signatures are an efficient, legal, and easy way to get electronic documents signed quickly. If you are a Hushmail healthcare user, you can include electronic signatures on your forms. You only need to drag and drop the signature field onto the form. But before that, you have to add e-signatures to forms, and here’s how you can do it:

Log into your account > go to Form Builder> create the form you want to use > drag and drop the signature field onto your form > publish the form.

After signing the documents, you can also track the progress of pending signing requests and view the timestamped activity record of the completed and signed forms.

Hushmail uses antivirus and spam filters that rely on machine learning and pattern-matching technology to detect viruses and spam emails.

User-Friendliness

The best email provider is easy to install and set up. It must also offer a user-friendly interface and dedicated apps for desktop and mobile devices to enhance the user experience.

Is Hushmail easy to use?

Getting a Hushmail account is easy; you can set it up without issues. To get a Hushmail account, you must provide your current email address and phone number, which annoys the users. It uses a blue and white theme, giving the UI a decent look. The user interface is similar to other email providers, ensuring a convenient and personalized user experience.

Composing an email message is not all problematic in Hushmail. It is almost the same as drafting a message in Gmail; you can find all the options in the composition window. Additional options include the Form Builder button and Attach secure web form link. These features allow you to create secure forms and attach the custom forms or other prebuilt forms that Hushmail has.

Moreover, Hushmail also has a Search feature. It is simple to use and helps find all the messages when you type in the word or phrase. The email provider also offers the basic Contacts system; the contact page shows all the information about each contact rather than names and email addresses.

You can create automatic responses, folders, email aliases, and block senders. Also, Hushmail supports SMTP and IMAP, meaning you can work with the Hushmail email using any non-Hushmail account with a real client app instead of a web page.

However, Hushmail lacks calendar and file storage features, which most users don’t like.

How good is Hushmail Customer Support

It allow users to contact and receive assistance with customer support via live chat, message, or telephone. Phone and live chat support are available for a limited time from Monday to Friday between 8 AM and 4 PM Pacific time, so you can expect a bit of delay in getting responses from the support team. A message was sent inquiring about the refund policy, but the team responded after 48 hours, which was disappointing.

You can also connect with the customer support team on Twitter, LinkedIn, and Facebook. There is a Contact Us page; you can scroll down your issue and send your message, but there is no guarantee that the reply will be quick.

On top of that, the Hushmail website is full of knowledgeable resources. It includes FAQs, blogs, in-depth guides, and articles that address common issues that users encounter.

The customer support service is pretty average. Neither the live chat nor the telephone support feature is available 24/7, which delays addressing users’ problems and causes excellent annoyance.

Which devices is Hushmail Compatible with

A significant drawback of Hushmail is that it isn’t compatible with many devices and operating systems. The email provider is available for desktop users and offers a mobile app for iOS users. However, it allows users to set up Hushmail using a POP and IMAP account on Android devices.

The iOS app is the best because of its intuitive design and navigation. It allows you to send encrypted emails and attachments even to people who don’t use Hushmail. It also provides real-time notifications and allows you to send and receive encrypted emails for any of your aliases.

Also, the app has built-in file protection, supports face ID and touch ID protection, and is fully synced with the webmail account to ensure a seamless experience.

Hushmail: Plans and pricing

Hushmail provides personalized email plans for both individuals and businesses. While there isn’t a free option, you can opt for the 14-day trial of Hushmail Premium, the personal plan. Valued at $49.98 annually, this enticing package boasts two forms of secure email, 10 GB of storage, unlimited email aliases, and the two-step authentication security feature.

Small businesses looking to enjoy Hushmail services can choose Hushmail for Small Business. At $5.99 per month per user and a one-time setup fee of $9.99, this plan ensures you receive the same remarkable features as the Premium plan. The icing is the freedom to use your domain name and create up to 100 email addresses, all seamlessly forwarded to a single account. Should you desire email archiving capabilities, the Small Business Plus plan is available for just an additional $2 per month per user.

If you’re in the healthcare industry and require HIPAA-compliant communication, Hushmail for Healthcare is here to cater to your needs. With the ability to send secure messages to popular email services like Gmail and Hotmail, this plan ensures your sensitive information remains protected. For a modest cost of $9.99 per month, you’ll receive one email account, two secure web forms, and a generous 10 GB of storage.

The five-email account plan offers even bigger storage capacity, five secure web forms, 15 GB of storage, and support for electronic signatures, all for just $19.99 per month. And if you’re seeking even larger plans with additional email accounts and web forms, rest assured, options start at $39.99 monthly.

Furthermore, Hushmail for Law provides a specialized plan to support attorney-client privilege in the US, UK, and Canadian courts. Priced at $9.99 monthly, this plan includes a signed agreement, providing peace of mind and legal protection. Nonprofit organizations can also benefit from Hushmail at a discounted rate of $3.99 per month, while enterprise plans can be tailored to your specific requirements.

Hushmail for Healthcare, Law, and Nonprofits

Hushmail presents a simple and transparent pricing structure for small businesses and individual users. However, industry-specific email services can become a bit intricate.

In addition to the typical plans, Hushmail provides specialized services designed for healthcare, law, and nonprofits. These particular plans are not mere replicas of small business plans; they offer industry-specific features at different price points.

For example, Hushmail for Healthcare ensures compliance with HIPAA regulations, prioritizing the security and confidentiality required in the healthcare sector. On the other hand, Hushmail for Law goes a step further by including a signed agreement that asserts attorney-client privilege, catering to the specific needs of legal professionals.

The peculiar one among the industry-specific plans is Hushmail for nonprofits. While it doesn’t offer any distinct features, it is more affordable than the standard Small Business plan, with a monthly user cost of $2 lower.

For any other unique configurations, Hushmail provides Enterprise plans. This is not the case despite the name implying that these plans are exclusively for large corporations. These plans are available to anyone, enabling you to customize a plan that aligns precisely with your business requirements.

FAQs

Hushmail doesn’t offer a free version but comes with a free trial period. In March 2017, Hushmail offered a two-week free trial period on all Hushmail premium accounts. During this time, the users can test out all the features provided by Hushmail and decide if they want to continue using it or look for other options.
Hushmail offers yearly and monthly pricing plans for small businesses, healthcare professionals, law personnel, and individuals. The Hushmail account for healthcare experts starts at $9.99 monthly for one user. At the same time, the pricing plan for small businesses starts at $5.99 per month per user. It includes a private message center, email archiving option, secure web forms, electronic signatures (optional), and a signed business associate agreement (BAA).
You can get a Hushmail account for $9.99 per user and month if you’re a lawyer. It offers several features, including an agreement between Hushmail and the customers in Canada, the US, and the UK to seek judicial protection for the account. The individuals can buy a Hushmail account for $49.98 annually. Also, if a large organization is willing to use Hushmail email accounts, they can directly contact the company to design a customizable plan.
The Hushmail refund offer applies to all premium accounts. If you have subscribed to any premium plans, you can enjoy a risk-free 60-day money-back guarantee.
Hushmail offers intuitive, well-designed, and easy-to-use apps for iOS. You can use all the features that Hushmail offers on the iOS app. Besides this, Android users can also set up Hushmail accounts with the support of POP and IMAP accounts.
Hushmail is a secure email provider that ensures safe communications between healthcare professionals and patients. It is HIPAA compliant and meets the standards for compliance to protect healthcare data.

Share this article

About the Author

Danish Shah

Danish Shah

Senior Editor

Danish Shah is a legal and public policy researcher whose work focuses largely on technology regulation. At BeEncrypted, he writes about cybersecurity, Privacy, and VPN encryption. He wants to educate people about online privacy and how to regain it. Aside from his work, Danish enjoys spending time on the Baseball field. He is also an avid streamer and gamer.

More from Danish Shah

Related Posts