[ThePhysicist]

I've tried it, but their solution is (IMHO) a very poor fit for a business e-mail account, as there is (or was when I used the service) no way to manage e-mail accounts for your employees and no way to archive / extract their e-mails in case of need (I understand that it's a privacy-focused e-mail service, but as an employer you have legal requirements to keep business documents for several years, and having to rely on your employees goodwill to get the data out of the system is not an acceptable solution for this). Also, there's no calendar integration (https://protonmail.uservoice.com/forums/284483-feedback/sugg...), which again makes it difficult to use this as a business e-mail account.

I've switched to Mailbox.org in 2016 and I'm very happy with their product and service: Their system is based on an open-source solution (OpenExchange) so they don't need to reinvent the wheel and can focus on prodiving good hosting and service (which they do). They also have support for 2FA (including hardware tokens like Yubikeys) and recently revamped their management portal, which allows you to easily create and manage e-mail accounts for your employees.

[tony101]

It looks like ProtonMail released new account management features just a few weeks ago, including the capability for "organization admins to access the emails of other organization users" while still preserving end-to-end encryption.

Source: https://protonmail.com/blog/encrypted-email-for-organization...

[ComodoHacker]

>while all organization accounts are end-to-end encrypted, it is still possible for organization admins to access the emails of other organization users. Thus, organizational oversight and management is still possible, even with end-to-end encryption. Furthermore, administrative read permissions are also granted or revoked automatically when admin users are created or demoted.

I wonder how can they provide this without either storing encryption keys on their servers or reencrypting (client-side!) all email during such events.

[bartbutler]

It's a key escrow system. The admins hold a copy of the user's key, and promoting a new admin involves giving access to this key.

[ComodoHacker]

So where is this copy stored?

[ThePhysicist]

Interesting! You could probably do it by using the key of an existing admin to decrypt the escrow key and then reencrypt it with the public key of the new admin, all client-side.

[ThePhysicist]

Very intersting, I might give the solution another go in the future. Still, at this pace it will take them a long time until they are on par with a "normal" e-mail solution (it might be worth the trouble though).