Privacy Tools Guide

Install Proton Mail Bridge, log in with your Proton Mail credentials, then add the Bridge’s local IMAP/SMTP server to your email client (Thunderbird, Apple Mail, Neomutt): Bridge runs locally on your machine and automatically encrypts/decrypts messages while your email client communicates with it using standard protocols. This gives you full end-to-end encryption with the power of desktop email clients without sacrificing Proton Mail’s zero-access encryption model.

What is Proton Mail Bridge?

Proton Mail Bridge runs locally on your machine and acts as an intermediary between your email client and Proton’s servers. It handles the encryption and decryption automatically, meaning your email client communicates with Bridge using standard IMAP and SMTP protocols while Bridge manages the complex encryption layer.

The Bridge application stores your Proton Mail credentials locally and creates virtual IMAP and SMTP server configurations. Your email client never directly connects to Proton’s cloud—instead, it talks to Bridge, which then communicates with Proton Mail using encrypted channels.

This architecture lets you use powerful email clients like Neomutt, Apple Mail, or Thunderbird while retaining Proton Mail’s zero-access encryption model.

Prerequisites

Before starting, ensure you have:

Download Bridge from the Proton website or install via your system’s package manager. The application is available for macOS, Windows, and Linux.

Installing Proton Mail Bridge

On macOS with Homebrew:

brew install --cask proton-mail-bridge

On Linux, you can download the AppImage or use the Debian package:

wget https://protonmail.com/download/Bridge/ProtonMailBridge-3.0.0.deb
sudo dpkg -i ProtonMailBridge-3.0.0.deb

After installation, launch the Bridge application. You’ll be prompted to log in with your Proton Mail credentials.

Configuring Bridge for First Use

Open Proton Mail Bridge and sign in with your Proton Mail email and password. The application will generate IMAP and SMTP credentials specifically for your email client.

The Bridge interface displays connection details in this format:

IMAP Host: 127.0.0.1
IMAP Port: 1143
SMTP Host: 127.0.0.1
SMTP Port: 1025
Username: your-email@protonmail.com
Password: [Bridge-generated password]

These credentials are separate from your Proton Mail password. The Bridge application manages them, and you can regenerate them at any time through the Bridge interface if needed.

Setting Up Apple Mail

For macOS users preferring Apple Mail over the Proton Mail web interface:

  1. Open Apple Mail and go to Mail > Add Account
  2. Select Other Mail Account
  3. Enter your name, email address, and the Bridge password
  4. Configure the incoming mail server:
    • Host Name: 127.0.0.1
    • Port: 1143
    • Use SSL: No (Bridge handles encryption internally)
  5. Configure the outgoing mail server:
    • Host Name: 127.0.0.1
    • Port: 1025
    • Use SSL: No

Click Sign In and Apple Mail will connect through Bridge to Proton Mail.

Setting Up Mozilla Thunderbird

Thunderbird provides excellent customization options for power users:

  1. Go to Edit > Account Settings > Account Actions > Add Mail Account
  2. Enter your name, email, and Bridge password
  3. For incoming server configuration:
    • Incoming Server: 127.0.0.1
    • Port: 1143
    • SSL: None
    • Authentication: Normal password
  4. For outgoing server:
    • Outgoing Server: 127.0.0.1
    • Port: 1025
    • SSL: None

Thunderbird will attempt automatic configuration, but manually entering these values ensures proper connection through Bridge.

Setting Up Neomutt for Terminal Users

For developers who prefer terminal-based workflows, Neomutt works smoothly with Proton Mail Bridge:

Create or edit your Neomutt configuration file (~/.muttrc):

set imap_user = "your-email@protonmail.com"
set imap_pass = "[bridge-generated-password]"
set smtp_user = "your-email@protonmail.com"
set smtp_pass = "[bridge-generated-password]"
set smtp_url = "smtp://127.0.0.1:1025"
set imap_url = "imap://127.0.0.1:1143"
set folder = "imap://127.0.0.1:1143"
set spoolfile = "=INBOX"
set record = "=Sent"
set postponed = "=Drafts"
set trash = "=Trash"

Start Neomutt and it will connect through Bridge. You can also use offlineimap or isync to synchronize mail locally:

# Install isync
brew install isync

# Configure ~/.mbsyncrc
IMAPAccount proton
Host 127.0.0.1
Port 1143
User your-email@protonmail.com
Pass [bridge-password]

IMAPStore proton-remote
Account proton

LocalStore proton-local
Path ~/Mail/Proton/

MaildirStore proton-mail
Path ~/Mail/Proton/
Inbox ~/Mail/Proton/INBOX

Channel proton
Master :proton-remote:
Slave :proton-mail:

Run mbsync proton to synchronize your mail locally, then configure Neomutt to read from the local Maildir.

Enabling Two-Factor Authentication for Bridge

For additional security, Bridge supports two-factor authentication through TOTP:

  1. In the Bridge application, go to Settings > Security
  2. Enable Two-Factor Authentication
  3. Scan the QR code with your authenticator app
  4. Enter the verification code

Your email client will now require both the Bridge password and a current TOTP code to connect.

Managing Multiple Accounts

Bridge supports multiple Proton Mail accounts simultaneously. Click the + button in the Bridge interface to add additional accounts. Each account receives its own IMAP/SMTP credentials.

To use multiple accounts in your email client, create separate configurations for each identity:

# Primary account
set imap_user = "primary@protonmail.com"
set smtp_user = "primary@protonmail.com"

# Define alternate accounts with macros
macro index,pager \cb "<change-folder>proton-secondary/INBOX<enter>" "Switch to secondary account"

Troubleshooting Connection Issues

If your email client fails to connect through Bridge, verify these common issues:

Port conflicts: Ensure no other service is using ports 1143 (IMAP) or 1025 (SMTP). Check with:

lsof -i :1143
lsof -i :1025

Bridge not running: Bridge must remain open for your email client to connect. Consider launching Bridge at system startup.

Credential expiration: Bridge credentials can expire or become invalid. Open Bridge and check the account status—regenerate credentials if needed.

Firewall settings: Some system firewalls may block local connections to Bridge. Verify that your firewall permits connections to 127.0.0.1 on the specified ports.

Security Considerations

Using Proton Mail Bridge maintains Proton’s end-to-end encryption guarantees because:

However, ensure your local machine is secure since decrypted emails exist in your email client’s cache. Use full-disk encryption and keep your operating system updated.

Performance Tips

For users with large mailboxes, consider these optimizations:

Enable caching in your email client: Thunderbird and Apple Mail can store local copies of messages, reducing Bridge overhead.

Use offlineimap or isync: Synchronize mail periodically rather than maintaining a live connection:

# Add to crontab for periodic sync
*/15 * * * * /usr/local/bin/mbsync proton

Limit synchronized folders: Configure your client to sync only essential folders, excluding large folders like Sent or Archive if unnecessary.

Getting Started

Begin by downloading Proton Mail Bridge and logging in with your account. Generate your IMAP/SMTP credentials, then configure your preferred email client using the settings provided. Test sending and receiving messages to verify the connection works correctly.

Once configured, you gain the flexibility of using any email client while maintaining Proton Mail’s encryption standards. The Bridge application runs quietly in the background, handling all encryption transparently.

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides