Latest Questions
postmaster & search
What do you think of invmail.io?
I would need to know a specific question around this to answer.
The public key is uploaded onto our key server and used to encrypt every email you receive and its metadata on receipt of your email. From contacts to emails, all personal data stored on our servers is encrypted client side by default.
Hi, if A) Google sends to B) Invmail but not encrypted then no, they would not be encrypted, however if B returns to A then yes.
Here's how Invmail works (i can not speak for other companies).... I hope this will alleviate your worries about emails being sent as plaintext (for PGP users).
1. abdul@invmail.io sends an email to bengy@gmail.com
Abdul already has a keypair (generated automatically at registration), and Bengy has one too. Abdul adds Bengy as a contact (or does nothing and is matched to Bengy's key from a public key server), and sends him an email. The email contents + metadata is encrypted before they leave the Invmail email client-side, and are encrypted all the way to Bengy. If Bengy uses an email client with PGP support, then he can decrypt the email.
2. abdul@invmail.io sends and email to zack@invmail.io
Same scenario as above, except that key exchange is done automatically for Invmail users (and emails don't leave our servers, making the process even more secure).
3. abdul@invmail.io sends an email to claire@gmail.com
Claire doesn't use PGP, so Abdul's email needs to be sent as plaintext. However, before storing the email to the database, it is encrypted with Abdul's key, and the plaintext version (residing in RAM) is deleted as soon as the mailer reports successful delivery. This way, only Abdul has access to her data, and Invmail is Zero Knowledge in respect to email contents, account owners etc.
Quote
This is what i've been trying to figure out when dealing with sending e mail to e mail providers who are not secure.
So,if i'm reading your comment correctly.If i use an e mail provider which is encrypted & i send an e mail to someone,regardless if i encrypt the inbox or not to one who uses an e mail provider which is not secure my metadata,ip is stripped,attachments & address book /contacts are encrypted/secure.
:- Meta Data = Encrypted where possible as standard or stripped, and where not obfustructed as standard.
:- All encryption is done client-side, all we see are armoured PGP messages.
:- IP = All emails appear to come from our own IP of one of our relay servers - your IP will never show on outgoing mail, and nor is it stored our end.
:- Attachments = External Attachments, we have blocked, we will launch a zero-knowledge storage system (we already have for Invacio - just need to re-work for Invmail) allowing you to just grab a link and share this way, we will look at external attachments but i do not personally believe they can be completely secured, further more cloud storage is the future for the ease of finding files etc. = please see attached screenshot.
:- Address book, contacts are of-course secured against your key, which we never see, please note, if you ever change your password (changes key also) that you should really take a copy of your old key to unlock your contacts as it currently encrypts them against the key etc, this way we allow you to burn your account in seconds, destroying the data against the key that only you have a copy off settings>security>key when logged in.
Hi we are not set up for Mail Clients as they represent a weakness in the chain.Can I use mail user agent (e. g. Thunderbird) with invmail? What about these tests for invmail.io
https://www.checktls.com/perl/TestReceiver.pl
Email Security Grader - Test your mail server
Network Tools: DNS,IP,Email
Their outcomes seem to be not so good.