Hushmail is a secure email provider that works with the mission of keeping its users' data safe. It uses end-to-end encryption and robust encryption algorithms and has built-in OpenPGP support to secure your email messages.
The email provider is HIPAA compliant; hence, it is an ideal service for health professionals, lawyers, and small businesses. However, there are some drawbacks to using Hushmail, like its high price, limited features, and device compatibility.
Also, because of Hushmail's shady logging policy and invasive jurisdiction, people often criticized it and looked for other better options. This Hushmail review will look at these things deeply so you can decide whether to use Hushmail or choose any other best secure email provider.
Hushmail Features
Compared to other email providers, Hushmail lacks several advanced features. But it does include the essential features that ensure an anonymous emailing experience. The following are the features that Hushmail offers, along with some of its major drawbacks:
Strength
Weaknesses
The features listed above are not enough to conclude if Hushmail is a reliable option to use or not. Hence, let's test and review Hushmail in detail.
Privacy and Security
The primary purpose behind using a private email provider is to keep the confidential information stored within the inbox protected and out of the reach of prying eyes. Also, private email providers don't track or log the IP address. Therefore, it is essential to analyze your email provider's encryption standards, logging policy, and jurisdiction.
What Type of Encryption Does Hushmail Use?
Encryption is a vital tool for maintaining online security and privacy. Hushmail uses standard encryption algorithms and protocols to protect your email messages. It uses TLS/SSL encryption, perfect forward secrecy, OpenPGP encryption, and HTTP Strict Transport Security (HSTS) for sending and storing emails on its servers.
When you send an email, the actual IP address from the header is replaced with the Hushmail IP address. But the authorities can access your data since the email provider retains your IP address when you log into its services.
It uses TLS/SSL encryption for the data communicated in transit to its servers, while SSL/TLS encryption is used when firms transmit emails between servers. The email body and attachments are also protected with OpenPGP encryption that requires a unique key for each recipient. All the emails and the attachments are also encrypted when stored on the disk of the Hushmail servers.
In addition, Hushmail also encrypts all the emails sent to recipients who do not use Hushmail. Such emails can be encrypted using OpenPGP encryption and a security question-and-answer method.
When the email is sent to non-Hushmail users, so they are stored on the Hushmail servers. The recipient receives an email informing them about receiving a secured email and providing a link to access it. The recipient can create and store their own OpenPGP keys, that increases email security.
However, since the unencrypted emails are stored on Hushmail servers, it means that Hushmail couldn't encrypt all the emails at rest. This creates another chance for the authorities to access users' emails and something concerning that users won't like at all.
Jurisdiction of Hushmail
The company that runs Hushmail is based in Canada and is a subsidiary of a U.S. firm. The US and Canada are the founding members of the five eyes alliance countries, which might concern the users. Any country that falls under the global alliance countries is bound by a formal agreement to record and share intelligence information about each other's citizens without their consent.
Besides this, the country follows data retention laws and other legislations like the CLOUD Act. Under this law, companies like the one that owns Hushmail must provide user data to US law enforcement agencies even if the data is stored on servers located in another country. All of this raises significant privacy concerns for Hushmail users.
Does Hushmail Keep Logs?
Hushmail isn't as private as other email providers, and the issue lies in its privacy policy. The privacy policy reveals about the information Hushmail logs, when it logs the data, and what happens with the recorded data. But, some points in the policy are not good for your digital privacy.
Hushmail, unlike other secure email providers, records the user's information, like the previous email address, IP address, and browser type, to sign up for its services. It also asks for the phone number when subscribing to the service to send an SMS verification code. The amount of data Hushmail records is shocking and sounds intrusive to the users.
There are other data that Hushmail records and are mentioned in its privacy policy:
What's more shocking is that Hushmail records the activity data for 18 months and responds to legal orders under British Colombia and Canadian laws to share the information with the authorities. This proves that the company collects and stores the email metadata to comply with law enforcement warrants.
Besides this, Hushmail can decrypt the encrypted contacts, messages, and other data and hand over this information to the government or other surveillance agencies. Also, the email provider doesn't provide a transparency report or Warrant Canary, which fails to prove its stance to the customers.
Past History of the Email Provider
Hush Communications Canada Inc. founded Hushmail in 1998. The company was established to send and receive private and encrypted emails and web forms from both Hushmail and non-Hushmail users. Its headquarters is in Vancouver, B.C., Canada, but other server centers are also located in Calgary and Alberta.
A company's history needs to be clear so it's easy for new and existing users to trust them. But this is not the case with Hushmail. After digging out the past, some evidence exposed Hushmail for sharing users' information with the Canadian authorities.
Hushmail comply with the law and share all the stored emails or future emails sent or received. The company spy on its users when a court orders. In 2007, Hushmail provided 12 CDS emails to U.S. officials targeting steroid manufacturers.
The CTO of Hushmail, following the case, also accepted that intelligence agencies could break into the encrypted emails of the targeted user accounts through vulnerabilities in the Javascript browser application.
This incident proves that Hushmail records and shares users' data with higher authorities despite claiming to be a secure email provider. After this incident, no other such incidents to date have been reported. But this incident was enough to prove that Hushmail discloses data in unencrypted form to the government.
Privacy and Security Features
Hushmail is not versatile and feature-packed email provider. It lacks several features that other email providers offer, like PhishGuard, enhanced tracking protection, password-protected emails, device-level security, and more. The only advanced features that Hushmail offers are discussed below:
Secure Web Forms
Hushmail secure web forms are the latest and innovative version of the old-fashioned paper forms. You can now create a personalized web form for your business and add e-signatures. The email provider allows you to create a web form by dragging fields to your form. In addition, you can also use ready-made templates for your business forms. All the web forms are end-to-end encrypted and are HIPAA compliant, so do not worry about security being compromised.
Two-Step Verification
Two-step verification is a powerful feature that Hushmail offers to increase the security of your email accounts. The user enters a verification code received via a text message or alternate email address to authenticate their identity after signing into their accounts.
It is a handy feature that prevents unauthorized access to your email accounts. To enable this feature in your Hushmail account, go to the Preferences page by clicking on the upper right side of the menu > selecting the Security tab > tap the pencil-shaped icon to enable two-step verification.
Electronic Signatures
Electronic signatures are an efficient, legal, and easy way to get electronic documents signed quickly. If you are a Hushmail healthcare user, you can also include electronic signatures on your forms. All you need to do is drag and drop the signature field onto the form. But before that, you have to add e-signatures to forms, and here's how you can do it:
Log into your account > go to Form builder > create the form you want to use > drag and drop the signature field onto your form > publish the form.
After signing the documents, you can also track the progress of pending signing requests and view the timestamped activity record of the completed and signed forms.
Besides this, Hushmail also uses antivirus and spam filters that rely on machine learning and pattern-matching technology to detect viruses and spam emails.
User-Friendliness
The best email provider is the one that is easy to install and set up. It must offer a user-friendly interface and dedicated apps for desktop and mobile devices to enhance the user experience.
Is Hushmail Easy to Use?
Getting a Hushmail account is easy, and you can set it up without issues. To get a Hushmail account, you need to provide your current email address and phone number, which annoys the users. It uses a blue and white color theme, giving the UI a decent look. The user interface is similar to other email providers and ensures a convenient and personalized user experience.
Composing an email message is not all problematic in Hushmail. It is almost the same as drafting a message in Gmail; you can find all the options in the composition window. Additional options include the Form Builder button and Attach secure web form link. These features allow you to create secure forms and attach the custom forms or other prebuilt forms that Hushmail has.
Moreover, Hushmail also has a Search feature. It is simple to use and helps in finding all the messages when you type in the word or phrase. The email provider also offers the basic Contacts system; the contact page shows all the information about each contact rather than names and email addresses.
You can create automatic responses, folders, email aliases, and even block senders. Also, Hushmail supports SMTP and IMAP, meaning you can work with the Hushmail email using any non-Hushmail account with a real client app instead of a web page.
However, Hushmail lacks calendar and file storage features, which most users don't like.
How Good Is Hushmail Customer Support?
Hushmail allows users to get in touch and take assistance with customer support via live chat, message, or telephone. The phone and live chat support are available for a limited time from Monday to Friday between 8 AM to 4 PM Pacific time, so you can expect a bit of delay in getting responses from the support team. A message was sent inquiring about the refund policy, but the team responded after 48 hours, which was disappointing.
You can also connect with the customer support team on Twitter, LinkedIn, and Facebook. There is a contact us page; you can scroll down your issue and send your message, but again there is no guarantee that the reply will be quick.
On top of that, the Hushmail website is full of knowledgeable resources. It includes FAQs, blogs, in-depth guides, and articles that addresses common issues that users encounter.
Hushmail customer support service is pretty average. Neither the live chat nor the telephone support feature is available 24/7, which delays in addressing users' problems and causes great annoyance.
Which Devices Is Hushmail Compatible With?
A significant drawback of Hushmail is that it isn't compatible with a wide range of devices and operating systems. The email provider is available for the desktop users and offers a mobile app for the iOS users. But it allows users to set up Hushmail on Android device by using a POP and IMAP account.
The iOS app is the best among others because intuitive design and navigation. You can send encrypted emails and attachments even to people who don't use Hushmail. It provides real-time notifications and allows you to send and receive encrypted emails for any of your aliases. Also, the app has built-in file protection, supports face ID and touch ID protection, and is fully synced with the webmail account to ensure a seamless experience.
FAQs
Does Hushmail offer a free trial?
Hushmail doesn't offer a free version but comes with a free trial period. In March 2017, Hushmail decided to offer a two-week free trial period on all Hushmail premium accounts. During this time, the users can test out all the features provided by Hushmail and decide if they want to continue using it or look for some other options.
How much does Hushmail cost?
Hushmail offers yearly and monthly pricing plans for small businesses, healthcare professionals, law personnel, and individuals. The Hushmail account for healthcare experts starts at $9.99 per month for one user. While the pricing plan for small businesses starts at $5.99 per month per user. It includes features like a private message center, email archiving option, secure web forms, electronic signatures (optional), and a signed business associate agreement (BAA).
If you're a lawyer, you can get a Hushmail account for $9.99 per user and month. It offers several features, including an agreement between Hushmail and the customers in Canada, the US, and the UK to seek judicial protection for the account. The individuals can buy a Hushmail account for $49.98 annually. Also, if a large organization is willing to use Hushmail email accounts, they can directly contact the company to design a customizable plan.
Does Hushmail offer a money-back guarantee offer?
The Hushmail refund offer applies to all premium accounts. If you have subscribed to any premium plans, you can enjoy a risk-free 60-day money-back guarantee.
Does Hushmail have a mobile app?
Hushmail offers intuitive, well-designed, and easy-to-use apps for iOS. You can use all the features that Hushmail offers on the iOS app. Besides this, the Android user can also set up a Hushmail account with the support of POP and IMAP accounts.
Is Hushmail HIPAA compliant?
Hushmail is a secure email provider that ensures safe communications between healthcare professionals and patients. It is HIPAA compliant and meets the standards for compliance to protect healthcare data.
Final Thoughts
Hushmail is included in the list of secure email providers but is not as private as other email providers. The email provider allows sending encrypted emails to everyone, including non-Hushmail users. It utilizes strong encryption algorithms to maintain the security of your email messages. Besides this, it has a user-friendly interface and gives a similar experience to that of using Gmail and Yahoo. There is a native app for iOS devices; you can also use it on your Android device.
But, there are certain loopholes with Hushmail, like it needs to improve customer support service. Its past track record doesn't make it the most preferred choice of users. Also, it logs IP addresses and other data, which is unacceptable. However, by undergoing a log and security audit, the company can prove that they value users' privacy, which will also attract more users.
