3.8 KiB
| title | sidebar_label | sidebar_position | description |
|---|---|---|---|
| Proton Mail Channel | Proton Mail Channel | 55 | Using a ProtonMail email account |
Proton Mail is the largest end-to-end encrypted email hosting service. It was launched in 2014 and is headquartered in Geneva, Switzerland. It is owned by the non-profit Proton Foundation through its subsidiary Proton AG. Proton Mail uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers.
The source code for the back end of Proton Mail remains closed-source, but Proton Mail released the source code for the web interface, iOS and Android apps, and the Proton Mail Bridge app under an open-source licence.
Although Proton Mail's encryption uses the open standard OpenPGP, and the Link platform support OpenPGP when used with other email providers, it is not possible to directly interact with the encryption from the Link platform. This is because Proton Mail does not provide the traditional IMAP and SMTP server endpoints to send and receive emails and only allows connection via the Proton Mail bridge app which handles all encryption and decryption of messages.
Requirements
- You must have a paid plan to use the Proton Mail channel as the use of the Proton Mail Bridge app is not possible on a free account.
- Additionally, a user must be dedicated for the use of the helpdesk, it is not sufficient to create an alias on an existing user.
Encryption & Key Management
OpenPGP private keys are created automatically for each Proton Mail account, although these are stored in a way that they are not generally available other than when successfully authenticated to the platform. In the case of Link, this means that the Proton Mail Bridge app is authenticated and then has access to the OpenPGP private key.
It is not currently possible to import public keys of 3rd-party (i.e. non-Proton Mail) email addresses, and so only emails between Proton Mail users will be end-to-end encrypted. The service also does not support the Autocrypt standard, which allows other clients to import discovered public keys automatically on new conversations. The Proton Mail documentation has more on this topic.
We will provide you with your public OpenPGP key when the channel is set up, and you can make this discoverable via your website, but for conversations with 3rd-party accounts we expect the conversations will only be encrypted in one direction and your replies will not be encrypted.
The helpdesk is unaware of the encryption happening in Protonmail, and cannot inform agents when an email that was sent or received by the helpdesk was encrypted or not.
Setting up
If you do not have an organisational account, we can fully manage the Proton Mail account setup including billing. Please contact us to discuss this.
If you have an organisational account, send an invite for the new user (the new helpdesk channel address) to contact@sr2.uk, and email the same address to let us know you are doing this and that you would like the channel added to your helpdesk.
Once the setup is complete we will provide you with OpenPGP public key and will also upload it to keys.openpgp.org to aid in its discovery by users. We can also provide support on setting up Web Key Discovery (WKD) on your custom email domain if desired to further increase the chances that inbound emails will be automatically encrypted, although this still cannot help to encrypt replies to 3rd-party email services.