How to pick a no-KYC email provider

The five things that actually matter

1. Signup KYC. Does the provider require phone, government ID, or a second email at signup? Anything beyond username + password limits the use case.
2. Payment privacy. If you want a paid plan, can you pay in cash / crypto / monero? An XMR-accepting provider is the cleanest, but cash-by-mail is acceptable and BTC + monero are common middle grounds.
3. Encryption. End-to-end encryption between users of the same provider is the easy baseline (Proton ↔ Proton, Tuta ↔ Tuta). What matters more is: are messages encrypted at rest on the server, and is the provider's encryption claim auditable (open source, third-party audited)?
4. Lawful-access posture. Where is the company incorporated? What does the transparency report say? How many subpoenas have they complied with, and how much could they have surrendered if they wanted to?
5. Longevity. Email is a long-term identity anchor. A provider that disappears in 18 months takes your password reset for every service with it. Prefer operators with 5+ years of track record.

What doesn't matter

• "End-to-end encrypted" marketing on the inbox view. Almost meaningless — if I'm reading the email, the provider's web client has the key in memory. The real question is at-rest encryption + zero-access.
• "PGP support." Useful if your counterparties use PGP. Most don't. Don't pick on PGP alone.
• Disposable-email providers (Mailinator-style). Fine for one-time signups. Terrible for any account you'll re-verify.
• Self-hosted email. The technically correct answer; the operationally hard answer. Outbound deliverability + spam-source reputation + IP rotation is a part-time job. Use the picks below until you have a reason to run your own.

Throwaway tier (one-time signups)

For accounts you'll create once and never re-verify (no support tickets, no password reset, no email change), a disposable-friendly provider is fine. Don't use this for anything you'll regret losing.

• Mailinator, 10minutemail — read-only, public. Account confirmation only.
• SimpleLogin / AnonAddy — alias forwarders that pipe into your real inbox. The alias is the throwaway, your real inbox stays clean. Crypto-payment accepted.

Durable tier (the picks)

• Tuta (formerly Tutanota): German, no-KYC signup, zero-access on the server, open-source clients, AGPL. Free tier viable; paid via XMR / BTC / SEPA-cash.
• Proton Mail: Swiss, no-KYC at the free tier, paid via cash + BTC + XMR. End-to-end between Proton users, OpenPGP between Proton and outside. Calendars + Drive in the same account if you want them.
• Posteo: German, no-KYC, cash-by-mail accepted. €1/mo. Two-factor + at-rest encryption. Long-running.
• Disroot: Dutch non-profit, no-KYC, donations accepted in BTC + XMR. Smaller operation; suitable when you trust the people more than the corporation.

Pitfalls when migrating

1. Don't reuse the old address as a recovery email for the new one. Defeats the migration.
2. Update existing accounts in priority order: banking + crypto exchanges + 2FA-anchor services first, then social, then everything else.
3. Set a forwarding rule for 6 months on the old address, then drop it. Long-tail signups will trickle in.
4. Don't sync calendar / contacts from Google into Proton if your privacy concern was Google having that data. Manually re-create.

Where this fits in the stack

Email is one slot in the curator's reference kit; the picks above match the slot. If you're building the whole stack from scratch, do email second (after wallet) — most other services depend on it.

Picks

More guides