Encrypted Email Service Providers

Spyro

New Email
Please provide me with encrypted email accounts (preferably servers in Switzerland) that I can use with e.g. Thunderbird.
 

EQ Admin

EQ Forum Admin
Staff member
If you sort the list on this page you can find a few services located in Switzerland that are listed to support free email clients.

I believe the listing for ProtonMail is wrong though. They don't support IMAP/POP3.

To help other members with similar concerns, please let us know which service you choose and why you preferred it over the others.

Switzerland encrypted email service providers.jpg
 

EQ Admin

EQ Forum Admin
Staff member
I work at Thexyz and wondered if you can add it to list?

That chart is for the encrypted email service providers. From what I'm seeing Thexyz is cloud/business email hosting.

Please feel free to create a review page for Thexyz that includes some specifics about what makes it special or the unique features that make it stand out from Office 365 and I'll use it to start a comparison chart for those types of services.
 

Gregory

New Email
Some updates to the chart:

1. HTTPS Grade (SSL Labs) of:

  • SCRYPTmail now is A
  • Hushmail now is A Plus.
2. Sender Score now is 99.

3. Free Storage Quota now is 200Mb (according to the notice in the inbox's web page).

4. Sending Limits now is 20 emails / hour (according to the notice in the inbox's web page).

5. Account Inactivity Limit now is 3 months (according to SCRYPTmail - Encrypted and private email service).


Please make these easy changes. Thanks.
 

EQ Admin

EQ Forum Admin
Staff member
I made the updates for #1 #2 #3

I think I'm more update to date than the SCRYPTmail web site for #4 #5, I'll verify with Sergei later.

:thanks: for the updates!
 

SCRYPTmail

Email Service Provider
There Should be updates for us:

3rd Party Interoperability - Yes
Two Factor Authentication (MFA)- Yes
Autosave Contacts- Yes
Sending Limits 20/hour +
Account Inactivity Limit 6 month
Minimum Paid Plan Cost 40c

I also want to mention other services, i.e Protonmail/Tutanota:
Mailbox not encrypted, if you login and do search, search request sent to the server in cleartext, and it returning email array with a lot of data not encrypted(metadata), same apply to tutanota metadata stored on server not encrypted.
Regarding this, it can not be called zero-Knowledge system or encrypted mailbox.

Speaking of which, I'm not sure if encrypted mailbox is clear enough, I believe everyone store mailbox encrypted even google, but another question if it is accessible to provider upon request, I assume if some data sent to server in clear text it is.
-----------
Protonmail when you save contact, it sents payload information to server:
{"id":"t8lHLdk3Jl6YRgyrejnix2lqEb_cIg1bKoUMYHxpJQjBiFed6x7ItOFr1sWZykhKxPkLMcdG-Ha6mI27kabK5g==","Name":"testemail@yahoo.comX","Email":"testemail@yahoo.com"}​
I'm not sure if this can be called encrypted contacts

Tatanota sent contact data is encrypted however
---------
For protonmail i can see only aliases options, but not disposable

----
Tutanota has draft options
 

Mailfence.

Valued Member
Hello,
On behalf of 'Mailfence' team, I would like to request you to kindly list us on your 'Encrypted email service providers' comparison table - under following details.

Company HQ: Brussels, Belgium
Data Center Locations: Brussels, Belgium
Legal Jurisdiction: Belgium
Successful Legal Requests: 2 (blog.mailfence.com/2016/04/29/transparency-report-and-warrant-canary/) | Listing request has been sent to 'canarywatch.org' as well, though they haven't responded yet)
Layers of Encryption: 2 layers at most, Email = PGP inside AES-256, Contacts = Unencrypted, Metadata = Unencrypted
HTTPS Grade (SSL Labs): A Plus
AES-256 encrypted storage: No
Zero-Knowledge Systems: Yes
Encrypted Metadata: No (on our roadmap)
Encrypted Attachments: Yes
Encrypted Contacts: No (on our roadmap)
Encrypted Mailbox: Yes
3rd Party Interoperability: Yes
OpenPGP compatibility: Yes
RSA 2048 Keys: 4096 by default
Own RSA Keys: Yes
Regenerate RSA Keys: Yes
Sender Score: 98/99
Two Factor Authentication (MFA): Yes
Front/Backend Audits: Yes (performed internally)
3rd Party Audit: In process
HIPAA Compliant Email: No
Do Not Track: Yes
Secure Reply: Yes
Expiring Emails: No
Disposable Email Addresses: No (on our roadmap)
Email Aliases: Yes (with paid subscriptions)
Free Storage Quota: 250 MB
Session Expiration: Yes
Delete Account: Yes
Multilingual Interface: Yes
Compose HTML Email: Yes
Search Email: Yes
Spam filtering: Yes
Custom Folders / Labels: Yes
Draft Email: Yes
Android App: NO (Pocket version available)
iOS App: NO (Pocket version available)
IMAP Mail Server: Yes (with paid subscription)
Import contact list: Yes
Autosave Contacts: Optional
Sending Limits: 30 recipients per hour
Account Inactivity Limit: Free accounts got suspended after 60 days of inactivity and totally deleted after 90 days.
Minimum Paid Plan Cost: $ 2.77/month

By the same token, I also would like to suggest various features that are significantly important when it comes to 'Secure Emailing Services' and other 'Online Privacy' based solutions.
> Digital Signatures - (Mailfence supports both PGP & S/MIME signatures)
> Key Management - (Mailfence provides advanced integrated Key Management)
> Other casual but notable features (Calendars, Groups, Polls...) - (Mailfence provides all of them).

Thanking You,
- Mailfence Team.
 

EQ Admin

EQ Forum Admin
Staff member
Thank you for making it easy on me to get it updated!

I created a mailfence account and did the activation email link, but it says invalid when I try to login.

I'll ask since others will ask, how can it be zero knowledge if the metadata isn't encrypted?

I'll check some of the other services and see if there is enough known to get the additional features listed.

:thanks:
 

compleo

Valued Member
I noticed that an e mail is required to register & there is a PW reset,are theses security issues?

A typo on the web page..."(with no Armerican bodies included in the certification chain)".
 

SCRYPTmail

Email Service Provider
Encrypted contacts - no, encrypted metadata- no, zero-knowledge-yes. I may be missing something, but I thought zero-knowledge assumes email service has no knowledge about user? Also AES-256-no, but 2 layers of encryption, AES inside PGP - that is incorrect
 

Mailfence.

Valued Member
@popowich
I created a mailfence account and did the activation email link, but it says invalid when I try to login.
> Thank you for creating an account on Mailfence. The typical procedure for activating an account after its creation is simply by clicking on the activation link, and the rest is pretty much smooth (providing login & password, and you get into your account). Let us know if you're still facing any issues by sending your login/email ID at (support@mailfence.com).
I'll ask since others will ask, how can it be zero knowledge if the metadata isn't encrypted?
> No it's not an absolute zero-knowledge system yet - the sole reason for mentioning it as 'Yes' is because we misunderstood the 'definition' of zero-knowledge here (which is a broad term when it comes to Information Security) and took it under the context of message content/body (which is encrypted) and the system has absolutely no knowledge about the plaintext (due to being end-to-end) where every bit of message content/body gets en(de)crypted on the client side.
However, when it comes to secondary parts of the puzzle (metadeta - IP, from/to...) - yes we don't encrypt them, but its on our roadmap.
> I'll check some of the other services and see if there is enough known to get the additional features listed.
I thank you for your concern, though all of those features (Digital Signatures, Key Management...) are the essential aspects of Encrypted email solutions which has been overlooked by almost all of the current services - and that is where Mailfence holds one its edging uniqueness.
- A little typo and an update, 'Layers of Encryption': 2 layers at most Email = PGP inside AES-256 Contacts = Unencrypted Metadata = Unencrypted, 'Account inactivity limit': Suspension of Free Accounts - 7 months, Deletion of Free Accounts: 12 months.
Lastly, I thank you for your efforts on listing Mailfence (built by small and a dedicated team, striving continuously to make it the best Online Privacy solution) and we are looking forward for your feedback (of any sort) - that will ultimately help us to further improve our service and meet the expectations of our users (in the most transparent way possible).

@compleo
> I noticed that an e mail is required to register & there is a PW reset,are theses security issues?
Both of them are two separate operations (both with/without the aspect of security). The external email address, which is being required for activating your account is a general procedure which most of today's emailing services follow for account activation - however, eliminating this condition is on our roadmap.
Resetting password is an operation which is related to your Account and is possible, but if you forgot your passphrase (which is the only layer of protection on your Private Key) then nothing can be done (as our site mentions and I quote "needless to say, you will be in trouble") - kindly have a look at the "How To" of Crypto related procedures at Mailfence (before generating your key-pair) and it will fairly equip you with the do's and don'ts.
> A typo on the web page..."(with no Armerican bodies included in the certification chain)".
I thank you for notifying us, it has been noted and will be corrected soon.
Will keep on looking forward for your feedback.

@SCRYPTmail
>Encrypted contacts - no, encrypted metadata- no, zero-knowledge-yes. I may be missing something, but I thought zero-knowledge assumes email service has no knowledge about user?
Yes, you are absolutely correct - we misunderstood that term (more details can be found in my response to the admin).
>Also AES-256-no, but 2 layers of encryption, AES inside PGP - that is incorrect
We do not provide encrypted (AES) storage as of now, but that again is on our roadmap.
Now by definition- the PGP (being an Hybrid Crypto-system) which uses both symmetric (AES) and asymmetric (RSA) operations to encrypt the data i.e. AES inside RSA for data (via session key) and session key (via public key of the recipient) respectively, does satisfy the statement of AES inside PGP as 2 layers of encryption. Moreover, the 'data at rest' on our servers (db...) uses AES to provide an additional layer of protection to user's data that further contributes to our response against this field in a larger perspective.
 
Last edited by a moderator:
Top