ProtonMail Bridge is a local IMAP/SMTP proxy that lets Thunderbird, Apple Mail, and Outlook access your encrypted ProtonMail account while keeping your private keys on your device only. Install Bridge from protonmail.com, configure it with your ProtonMail credentials, then add your IMAP account in Thunderbird or your preferred client using localhost:1143 as the IMAP server. This guide covers installation, configuration with common clients, security considerations, and automation for power users who need desktop email integration without sacrificing end-to-end encryption.

Why Use ProtonMail Bridge

The ProtonMail web interface works well for basic usage, but power users often require desktop client integration for several reasons:

• Offline access to cached emails without browser dependency
• Advanced filtering and sorting capabilities native to desktop clients
• Keyboard-driven workflows with custom shortcuts and macros
• External tool integration through scripts and automation
• Multiple account management in an unified interface

ProtonMail Bridge acts as a local IMAP/SMTP proxy that handles encryption transparently. Your desktop client connects to Bridge locally, and Bridge communicates with ProtonMail servers. This architecture ensures your private keys never leave your device.

Prerequisites and Installation

Before starting, ensure you have:

• A ProtonMail Plus, Professional, or Visionary subscription (Bridge requires a paid plan)
• Your ProtonMail credentials and two-factor authentication ready
• A supported desktop client installed

Download Bridge from your ProtonMail account dashboard or directly from the official repository. The application is available for Windows, macOS, and Linux.

# For Linux users, you can verify the package signature
wget https://protonmail.com/download/bridge/protonmail-bridge_1.8.5_amd64.deb
dpkg -i protonmail-bridge_1.8.5_amd64.deb

Initial Configuration

Launch ProtonMail Bridge and complete the initial setup:

1. Enter your ProtonMail email address and password
2. Complete two-factor authentication when prompted
3. Set a local API password (distinct from your ProtonMail password)
4. Configure auto-start preferences

The Bridge application runs in your system tray, managing IMAP and SMTP connections on ports 1143 (IMAP) and 1025 (SMTP) by default. You can modify these ports in the Bridge settings if they conflict with existing services.

Desktop Client Configuration

Thunderbird Configuration

Thunderbird offers the most complete integration with ProtonMail Bridge. Here’s the step-by-step configuration:

1. Open Thunderbird and navigate to Account Settings
2. Select “Add Mail Account”
3. Enter your ProtonMail address and click “Continue”
4. Thunderbird should auto-detect settings—verify the configuration:

Incoming Server: localhost
Port: 1143
SSL: SSL/TLS
Authentication: Normal password
Username: your@protonmail.com

Outgoing Server: localhost
Port: 1025
SSL: STARTTLS
Authentication: Normal password
Username: your@protonmail.com

Click “Re-test” to verify connectivity before proceeding.

Apple Mail Configuration

For macOS users with Apple Mail:

1. Open Mail → Settings → Accounts
2. Click the “+” to add a new account
3. Select “Add Other Mail Account”
4. Enter your name, ProtonMail email, and the local API password you created
5. Configure manually:

Incoming Mail Server: localhost
Port: 1143 (with SSL) or 1143 (without SSL)
Authentication: Password

Outgoing Mail Server: localhost
Port: 1025 (with SSL) or 1025 (without SSL)
Authentication: Password

Outlook Configuration

Microsoft Outlook requires additional steps due to its tighter security model:

1. File → Add Account
2. Enter your ProtonMail email and click “Connect”
3. When prompted for server settings, select “Advanced options”
4. Manually configure server settings:

Incoming (IMAP):
Server: localhost
Port: 1143
Encryption: SSL

Outgoing (SMTP):
Server: localhost
Port: 1025
Encryption: STARTTLS

Security Considerations

Network Isolation

For maximum security, run Bridge on a local machine rather than a remote server. The IMAP/SMTP connection between your desktop client and Bridge is unencrypted by default since it traverses localhost only. If you must access Bridge remotely, implement SSH tunneling:

# Create an SSH tunnel for remote Bridge access
ssh -L 1143:localhost:1143 -L 1025:localhost:1025 user@localhost

App Password Management

Generate dedicated app passwords for each desktop client rather than using your primary ProtonMail password. This limits exposure if a client is compromised and allows granular revocation:

1. Log into your ProtonMail account
2. Navigate to Settings → Security → App Passwords
3. Create a new password labeled “Thunderbird Work” or similar
4. Use this password in your desktop client configuration

Certificate Verification

ProtonMail Bridge uses self-signed certificates for local connections. Your desktop client may display security warnings. Verify the certificate fingerprint manually:

# Check the Bridge certificate thumbprint
openssl x509 -fingerprint -sha256 -in ~/.local/share/protonmail/bridge/certs/bridge.crt

Compare this fingerprint against the one displayed in Bridge’s settings panel.

Advanced Configuration

Custom Port Assignment

If ports 1143 and 1025 conflict with other services, modify Bridge configuration:

// Bridge configuration file location: ~/.protonmail/bridge/config.json
{
  "IMAP": {
    "Listen": "127.0.0.1",
    "Port": 3143
  },
  "SMTP": {
    "Listen": "127.0.0.1",
    "Port": 3025
  }
}

Restart Bridge after making changes.

Logging and Debugging

Enable detailed logging for troubleshooting:

# Set debug logging level
export PROTON_BRIDGE_LOG=debug

# View logs in real-time
tail -f ~/.local/share/protonmail/bridge/logs/bridge.log

Common issues include incorrect authentication credentials, port conflicts, and expired session tokens. Check the logs first—they typically reveal the exact failure point.

Automation Integration

Developers can interface with ProtonMail Bridge programmatically:

# Example: Check Bridge status via API
import requests

# Bridge exposes a local REST API
response = requests.get('http://localhost:8080/api/v1/status')
status = response.json()
print(f"Status: {status['connected']}, Account: {status['email']}")

This enables automated workflows like scripted backups or email processing pipelines.

Performance Optimization

Bridge caches emails locally to reduce server round-trips. Adjust cache settings based on your storage capacity and performance requirements:

// Cache configuration
{
  "Cache": {
    "MaxSize": "5GB",
    "RetentionDays": 30
  }
}

Larger caches improve performance but consume disk space. Balance according to your workflow.

Related Articles

• How to Block Tracking Pixels in Email Clients: Setup Guide
• Proton Drive Bridge Desktop Integration Guide
• How To Set Up Proton Mail Bridge With Local Email Client For
• How To Use Pgp Encrypted Email With Protonmail To Non Proton
• Protonmail Vpn Integration How Combining Email And Vpn Impro

Built by theluckystrike — More at zovo.one