Hushmail
Hushmail is a proprietary web-based encrypted email service launched in May 1999 by Hush Communications Inc., a Vancouver-based company founded in 1998 by Cliff Baltzley.[1][2] The service employs OpenPGP standards to enable encrypted messaging, secure web forms, and electronic signatures, with a primary focus on healthcare providers seeking HIPAA-compliant tools for handling sensitive patient data.[3][4] Key features include one-click encryption for emails sent to non-Hushmail users via secure viewer links, custom domain support, and mobile notifications, positioning it as a user-friendly option for small practices over fully client-side alternatives like PGP key management.[5][6] While marketed for privacy against eavesdropping and unauthorized access, Hushmail's architecture involves server-managed keys, enabling the company to decrypt content under legal compulsion, as demonstrated in 2007 when it complied with a British Columbia court order to supply U.S. authorities with private keys from accounts linked to animal rights activists, prompting user exodus and terms updates acknowledging such risks.[7][8] This incident highlighted limitations in its security model compared to zero-knowledge services, where providers cannot access plaintext, and underscored Hushmail's adherence to Canadian jurisdiction over absolute user anonymity.[9] Despite these concerns, the service remains operational and profitable, evolving to include e-signable forms and scheduled messaging while maintaining its niche in professional secure communications.[10]History
Founding and Launch (1998–2000)
Hush Communications, the parent company of Hushmail, was established in 1998 with a focus on developing secure email solutions.[2][11] The company was headquartered initially in Anguilla, a British protectorate in the Caribbean, to avoid U.S. encryption export restrictions by employing non-U.S. citizens for code development.[12] Cliff Baltzley, then 28 years old, served as president of Hush Communications during this period.[12] Hushmail, the flagship encrypted web-based email service, entered public beta in late April 1999 and officially launched in May 1999.[12][2] The service provided free accounts modeled after Hotmail, accessible via any web browser, and featured client-side encryption through a Java applet supporting 1024-bit keys based on PGP standards.[12] This timing coincided with a U.S. Ninth Circuit Court ruling on May 6, 1999, deeming federal encryption export controls unconstitutional, which facilitated broader adoption of strong cryptography in commercial products.[12] From inception through 2000, Hushmail emphasized user privacy by performing encryption and decryption exclusively in the browser, ensuring the service provider did not access plaintext content.[12] Early marketing highlighted its "bulletproof" privacy for everyday users, with the company's patent-pending process made available for public scrutiny on its website.[12] Jon Gilliam, a co-founder and marketing vice president, promoted the service's use of 128-bit encryption as a standard for secure communications.[13] By 2000, Hushmail had established itself as a pioneer in accessible encrypted email, attracting users seeking protection against surveillance amid growing internet adoption.[2]Expansion and Feature Evolution (2001–Present)
Following its launch in 1999, Hushmail experienced leadership transitions that supported operational expansion, with Ben Cutler assuming the role of CEO in 2001 and Brian Smith becoming CTO in 2002.[2] These changes coincided with steady growth in user base, reaching tens of thousands of customers primarily in regulated sectors such as healthcare, finance, non-profits, and law, where compliance needs like HIPAA drove adoption.[2] The company maintained its Vancouver, Canada headquarters while prioritizing simplicity in encrypted communications to facilitate broader accessibility for small practices and individuals handling sensitive data.[2] Feature development began with core PGP-based encrypted email but expanded incrementally to address user demands for integrated secure workflows. Over the subsequent decades, additions included secure web forms for client intake and electronic signatures for document handling, enhancing utility beyond basic messaging for professional applications.[2] By the mid-2010s, mobile support emerged, including an iOS app enabling end-to-end encryption and webmail synchronization.[14] More recent enhancements reflect a focus on healthcare-specific tools and efficiency, such as reusable email templates with attachment and form support introduced in November 2024, improved client messaging consolidation in March 2025, email scheduling via "Send Later" in April 2025, additional Patient Health Questionnaire templates (PHQ-A, PHQ-15, PHQ-SADS, PHQ-4) with auto-scoring in June 2025, and client-initiated e-signable forms in July 2025—all available on select paid plans.[10] These updates underscore ongoing iteration toward HIPAA-compliant features like automated form scoring and seamless integration, without reported acquisitions or major partnerships altering its independent structure.[10]Technical Features
Encryption Standards and Mechanisms
Hushmail utilizes the OpenPGP standard (RFC 4880) to encrypt email bodies and attachments exchanged between Hushmail accounts, employing RSA 2048-bit asymmetric keys for key exchange and AES-256 for symmetric encryption of content.[15] Each recipient receives encryption protected by a unique key derived from their public key, ensuring that messages remain encrypted at rest on Hushmail servers.[16] The user's private key is generated server-side during account creation, symmetrically encrypted with AES-256 using a key derived from the passphrase via OpenPGP String-to-Key (S2K) derivation with SHA-256 hashing, a random salt incorporating the email address, and an iteration count of 2^20 for added resistance to brute-force attacks.[15] For webmail access, encryption and decryption operations are performed server-side by a dedicated Encryption Engine component, which processes plaintext only in memory after passphrase authentication over an SSL/TLS-secured connection; the server never stores unencrypted email content or the raw passphrase, retaining only a hashed version of the passphrase for verification.[15][17] In contrast, the Hushmail iPhone application handles OpenPGP encryption client-side, retrieving and locally decrypting the private key with a master password before encrypting outgoing messages, with local data further protected by device-level NSFileProtectionComplete and additional AES-256 encryption.[15] Emails to non-Hushmail recipients are secured via symmetric OpenPGP encryption or recipient public keys when available, with delivery occurring through a password-protected secure link to a temporary server-stored message.[15] All client-server communications, including web access, IMAP, POP3, and SMTP, mandate SSL/TLS encryption with perfect forward secrecy, utilizing ports such as 993/995 for direct SSL/TLS and 143/110 or 587/25 for STARTTLS upgrades; the iPhone app additionally implements TLS certificate pinning to mitigate man-in-the-middle risks.[15][16] Outbound emails to external servers employ TLS opportunistically when supported by the recipient's mail server, falling back to unencrypted SMTP otherwise, though content remains OpenPGP-protected where applicable.[18] Stored emails for webmail users persist in OpenPGP-encrypted form on hardened servers compliant with CIS benchmarks, segmented by data sensitivity to limit breach impact.[15][16]Account Types and Additional Services
Hushmail offers tiered account plans categorized primarily for personal use, healthcare professionals, and small businesses, each emphasizing secure email capabilities with varying levels of storage, user accounts, and compliance features. Personal accounts provide basic encrypted email without HIPAA requirements, starting at $59.99 annually for 15 GB of storage, unlimited email aliases, ad-free access, one-click encryption, and compatibility with mobile apps and email clients like Apple Mail.[19] Healthcare plans, designed for compliance with HIPAA regulations including a signed Business Associate Agreement, begin at $11 monthly for a single-user basic option with 10 GB storage and core encryption, escalating to $16.50 monthly for growth plans that include 15 GB storage, 25 secure forms, and e-signatures.[20] Small business accounts, scalable from single-user setups at $10.79 monthly, support custom domains, multi-user options up to five accounts, and integrated web forms for client interactions.[21] Additional services extend beyond core email functionality, particularly in healthcare and business contexts. Secure web forms, HIPAA-compliant where applicable, allow for intake, questionnaires (including self-scoring tools like PHQ-9), and body charts, with responses routed to encrypted inboxes and optional integration with electronic health records via PDF exports; these start at $14.99 monthly or are bundled in higher-tier plans with up to 25 forms included.[22] E-signatures on forms adhere to ESIGN and UETA standards, featuring timestamped tracking for submissions.[22] For personal users, an optional NordVPN add-on at $95 annually provides VPN access across 10 devices, threat protection, and server coverage in over 111 countries.[19] All plans include a 14-day trial or 60-day money-back guarantee, with support for custom branding and domain setup in business and healthcare variants.[21][20]| Plan Category | Starting Price | Key Features | Storage/Users |
|---|---|---|---|
| Personal | $59.99/year | Unlimited aliases, ad-free, mobile app, POP/IMAP | 15 GB / 1 user |
| Healthcare Basic | $11/month | HIPAA-compliant email, BAA, archive | 10 GB / 1 user |
| Healthcare Growth | $16.50/month | Forms (25), e-signatures, templates | 15 GB / 1+ users |
| Small Business | $10.79/month | Custom domains, web forms, multi-user | Varies / 1-5 users |