ProtonMail Bridge: encrypted email for Outlook, Thunderbird, and other email clients


ProtonMail Bridge is a new desktop program for Windows, Mac and Linux devices that integrates ProtonMail email accounts in desktop email clients such as Thunderbird, Outlook or Apple Mail.

We reviewed ProtonMail twice in past years. First in 2014 when the service was announced, and then just a month ago when we published our getting started guide.

ProtonMail was available as a web-based version and in form of applications only back then. While you could download your keys to integrate them in other applications, it was not such a comfortable option.

ProtonMail Bridge changes that. The free software program bridges the gap and makes ProtonMail available in desktop email programs. The main benefit of the approach is that the program ensures the same level of security — end-to-end encryption and zero-access encryption — that ProtonMail offers.

Note: Bridge is only available for paying customers and not to free users of ProtonMail.

The ProtonMail Bridge application “sits” between the email client and the ProtonMail servers. It acts as a proxy if you will that powers the encrypting and decrypting of content. The email client communicates via IMAP and SMTP with the Bridge which in turn encrypts or decrypts ProtonMail messages.

This means that you interact with ProtonMail emails like you would with any other emails from other providers. Good news is that this means that you can run searches across all emails or part of them, and don’t have to change the configuration of the email client in any way.

One issue from a security and privacy point of view is that emails are not stored in encrypted form in the email client. This means that they may be accessed by anyone with local access to the device, and by programs that may dump data from it as well.

ProtonMail plans to release the source code for the Bridge application after the technical documentation of the code is done.

Setting up ProtonMail Bridge

protonmail bridge

The first thing that you need to do is install the Bridge application on the device. This is a straightforward process; the only options you get are to change the directory the program is installed in, and to select whether you want the installer to create application shortcuts on the system.

Read also:  Thunderbird 52.2.0 update: issues with IMAP folders

The actual setup of accounts happens when you run ProtonMail Bridge on the system. Start with a click on the “add account” link in the program interface.

You are then asked to sign in using your ProtonMail username and password to add the account to the Bridge application. Bridge is set up in combined addresses mode by default; all email addresses are managed in a single mailbox in that mode. You can change it it with a click on mailbox configuration so that all addresses are handled individually (each with its own mailbox).

ProtonMail Bridge displays the IMAP and SMTP settings afterwards. These use 127.0.01 as the hostname, local ports, and the ProtonMail username as identifiers. The password is generated by the Bridge application and not identical to the ProtonMail password.

This is done for added security according to ProtonMail.

Configuration in the client depends on that client. It is necessary usually to pick custom setup as you need to specify the custom hostname and port during setup.

ProtonMail’s support site has guides for Outlook, Thunderbird and Apple Mail which you may use to set things up.

Closing Words

ProtonMail Bridge brings the secure email service to the desktop. While that means having to run the Bridge application in the background and needing a paid subscription to use it at all, it is something that many users have been waiting for.