Overview
- Germany’s BSI tested 12 free, widely used desktop mail apps on macOS, Ubuntu 25.04 and Windows 11 24H2 using out‑of‑the‑box settings.
- All clients provide TLS transport encryption and automatic updates, but only nine support true end‑to‑end encryption; Apple Mail, BlueMail, Mailbird and Spark Mail do not.
- Phishing and spam checks are uneven, with Spark Mail lacking such filters entirely; only Gmail, KMail and Proton Mail scan attachments, and dependable link warnings are found in a subset including Thunderbird, Betterbird, eM Client, KMail, Gmail, Tuta Mail and Outlook.
- Storage practices vary as Gmail and Outlook route data through cloud infrastructure while clients like Thunderbird and KMail store mail locally; Proton Mail and Tuta Mail additionally mask IP addresses via proxies.
- Outlook transfers IMAP credentials to Microsoft for cloud‑side processing that enables AI features, a practice noted in coverage that the BSI report does not critique directly.