We actively detect and take necessary action against accounts found in violation of terms of our service.
If you have spotted a case, please forward it to our support.
We encourage users to use end-to-end encryption to achieve maximum protection.
Though, all plain-text messages remains protected (in crypto-sense) on our server-side (as mentioned above). Also, our SysAdmin team is legally obliged to respect data privacy laws (see our Privacy Policy).
Regards,
Mailfence Team
We support max. email size of 50 MB.
As highlighted already in this thread, for large files, please use Send as Hyperlink option.
Email isn't supposed to be used as file sharing. The limit most email services put on attachments is 5MB, regardless of type of purchased plan.
Instead of sending the file through email, upload it to the documents section of Mailfence and just share the link instead.
Dear,
Our support team is always available as mentioned on our homepage: contacts.
We try to respond to all support queries, in 12 hours at the latest (with some exceptions: holidays, extensive load, etc...).
Kind regards,
Mailfence support
I think the problem is Outlook app on Android, not Mailfence. It works perfectly fine with Gmail app + ActivSync.
Mailbox.org is fine service. Using it today. But it suffers from rather poor Customer Service and their MFA system is weird.
I just signed up for mailfence to give it a try (considering it and another provider) and just received the response from their support that the encryption-at-rest will not be done until sometime next year (2023). but, again, not even an approximate delivery timeframe.
I disturbed by the seemingly perpetual put-off of this feature.. Although I would like to believe mailfence when they stated two months ago that they are presently in the testing phase, dragonslayer42's comment seems more prescient.
Any thoughts on this? At some point it just becomes frustrating, and it seems like mailfence is just putting this off for some unknown reason....
Any experience with mailbox.org or cyberfear.com ? Thanks for any advice. Looks like I am giving up on countermail since you need to pay for an invite code and that just seems wrong to me for a commercial service.
Thanks in advance.
u/mailfence I would like the back-up the earlier comment recommending Cryptpad.fr as the document editor. Frankly, Zoho seems like a bit of a security threat whereas the Cryptpad people have consistently trustworthy. It is a solid editor as well.
> How to send an email later. That is, at a given day / time. > It appears from information in Mailfence that you can, I just can not see how it goes.
We do not support that function. However, I've forwarded your feedback to our development team.
> Can you remove this "- Sent with https://mailfence.com Secure and private email" when you are a paying customer.
This can be done in a paid subscription.
> Does anyone use Mailfence and Simplelogin together? Mailfence has 100 aliases included on my plan, but you only really can access around 30 of them to change the name, etc because there is no way to scroll down and access the others.
Could you please send us an email to our support, with the screenshot of the interface that you cannot scroll down?
If it is about only resolving mail.yourdomain.com to mailfence.com, using DNS CNAME record, then you can do that, but it will not work if your website uses SSL certificate (very likely to be the case under standard security practices). Please contact our support by email to get specific suggestions in this regard.
If you want a customized login page, to your brand/website, then please contact our support by email.
Since the steps have already been shared in this thread, I would rather point out different sources that you can always refer to:
Online help: After signing-in to your Mailfence account -> Click on the top-right corner drop-down -> Online help.
Authentication should work fine, except sometimes it is blocked in certain regions due to spamming issues.
Could you please:
Update your browser?
If the problem still persists, then contact our support team by email? (including your IPv4 address)
Hello,
We are always open to new registrations, though they are temporarily closed in certain regions due to spamming issues. Best would be to contact our support by email, and they will be able to assist you in registering an account.
The policy is not fixed. For now:
If you have another email address (yours of your friend's) but don't want to register it to Mailfence, I may suggest that you create a relay with e.g. relay.firefox.com, which will create an anonymous address relaying mail to your other email. Afterwards, you could delete the relay (but won't be able to recover your account).
Hello,
Did you check this KB article?
Best would be to contact our support, and they will be able to assist you on this.
The threat models , under Data Theft, seemed to imply that the user content is encrypted at rest: https://mailfence.com/en/threat-model.jsp
Isn't this the case? What is encrypted and what not?
Apologies for the belated response. We do have protections against brute-force attacks. However, we continue to make Mailfence more secure, which sometime involves testing different approaches (live) to examine their effectiveness (under limited time & resources that we have). Some approaches are weaker than others (but are more usable), and your test might have fallen into a window when one of those weaker approach was in place. It's been a while now that we have settled with a reasonable approach. Feel free to contact us by email if you have more feedback.
>But what I can grasp from this is that only e-mail is barely zero-knowledge capable.
It currently isn't, but is working towards becoming one. The implementation of encryption-at-rest is a significant step in this matter.
>The HSTS, DNSSEC, DKIM, DMARC and SPF as well as the A+/A scores are just nonsense in this context.
Agreed, they are not exactly relevant in this context. But since you mentioned that you were comparing email providers, so I thought shedding some light on those additional little controls might reassure you and whoever is reading this post.
>I have also read that article you point at about ProtonMail, and a few variations of it. It's more a bad attempt of misguided conspiracy theories than anything else. I would say this video summarizes these claims pretty nicely: https://www.youtube.com/watch?v=AhdJzjC7Leo.
This is entirely subjective. You might choose to ignore them completely, some might want to believe them. Me personally I'd want to stay away from any company that is so much under constant scrutiny. I've come across tons of articles/posts/user reviews that made me look away.
>And even Mailfence, if doing crypto operations in a web-browser, carries the same challenges as and weaknesses as ProtonMail.
Agreed. Whether to trust Mailfence (or any provider) with their implementation of Javascripts is a call users must have to take on their own. Maybe once the front-end becomes open-source (which is currently underway), it'll clear things out a bit. Personally I use Mailfence with a third-party Android email client called FairEmail, serves my purpose.
Lastly, it's best if you reach out to the Support Team directly to get better clarity. I tried to answer your query to the best of my knowledge, but I'm just another user who's still exploring the service, so my knowledge is a bit limited.
>But what I can grasp from this is that only e-mail is barely zero-knowledge capable.
It isn't, but shall become one, once the encryption-at-rest gets implemented.
>The HSTS, DNSSEC, DKIM, DMARC and SPF as well as the A+/A scores are just nonsense in this context.
Agreed, they are not exactly relevant in this context. But since you mentioned that you were comparing email providers, so I thought shedding some light on those additional little controls might reassure you and whoever is reading this post.
>I have also read that article you point at about ProtonMail, and a few variations of it. It's more a bad attempt of misguided conspiracy theories than anything else. I would say this video summarizes these claims pretty nicely: https://www.youtube.com/watch?v=AhdJzjC7Leo.
This is entirely subjective. You might choose to ignore them completely, some might want to believe them. Me personally I'd want to stay away from any company that is so much under constant scrutiny. I've come across tons of articles/posts/user reviews that made me look away.
>And even Mailfence, if doing crypto operations in a web-browser, carries the same challenges as and weaknesses as ProtonMail.
Agreed. Whether to trust Mailfence (or any provider) with their implementation of Javascripts is a call users must have to take on their own. Maybe once the front-end becomes open-source (which is currently underway), it'll clear things out a bit. Personally I use Mailfence with a third-party Android email client called FairEmail, serves my purpose.
Lastly, it's best if you reach out to the Support Team directly to get better clarity. I tried to answer your query to the best of my knowledge, but I'm just another user who's still exploring the service, so my knowledge is a bit limited.
Hello,
There are multiple reasons as to why you have not received an activation email yet. To fix this please email our support and we will take care of it.
All the best,
Mailfence team
We thank you for your support. We try to respond to all user queries.
TFA works with PWA. For local email clients, you can generate service specific password. Feel free to contact our support in case if your are facing issues.
Feel free to reach our support by email, we would be happy to offer you a trial plan.
For import of large number of emails, we would suggest using an IMAP client.
See also: Import data to Mailfence account.
Hello,
Best would be to send an email to our support, and request a trial plan to check by yourself.
In case of blockage, depending on the concerned service provider, we do try to address it (either by contacting the blocking service directly or by asking the affected user to raise it with concerned support team and involve us in the process if needed).
Hello,
We thank you for your feedback and support :)
Best would be to send us an email to our support, mentioning your Mailfence account username, and the domain name that you are referring to.
Please report this to our support, and make sure to include full message headers + body of the offending/spam message.
Could you please check if any of your browser plugin is interfering with the connection?
Did you try using a different browser?
In case if the issue persists, then send us an email to our support.
As mentioned in our FAQ: https://mailfence.com/en/faq.jsp
"We do not keep accounts indefinitely: your data will disappear if you stop using your account. Free accounts are suspended after 12 months of inactivity and totally deleted 4 months later. Paid accounts are not deleted as long as payments are received".
Hello,
It seems like you have set-up a filter rule (for incoming emails) with an action of 'move' to trash folder.
Could you please try disabling that, and check again?
Your support query has been answered already.
Hello,
As mentioned in our FAQ:
> Free accounts are suspended after 12 months of inactivity and totally deleted 4 months later. Paid accounts are not deleted as long as payments are received.
Hope that explains.
Dear,
Our servers are locally hosted in Belgium, and no user data is stored elsewhere.
For more details, please check this page.
Kind regards,
Mailfence support
Would you please update your statement at https://mailfence.com/en/private-email.jsp ? Because it's not accurate. It doesn't say "no third-party access except as stated on the blog." I had not found that item buried in the blog post.
Dear,
It is not clear on what do you exactly mean by 'timeline'?
However, concerning OpenPGP encryption - please refer yourself to this guide.
We also plan to support attachments in password encryption feature, in the months to come.
In case if anything is unclear, please feel free to drop us an email at support[at]mailfence[dot]com
Kind regards,
Mailfence support
Thank you, dear team for commenting here. With the quoted phrase, I have said my personal opinion.
Let me clarify.. Anyone log in this https://mailfence.com/?reset Password url is asked for resetting password and anyone who knows my email also knows my username; so, they can request for a password reset which shows my parent email address where password reset link has been sent. So, if anyone somehow gets access to my alternative email also gets access to my Mailfence account; which seems absolutely easy.
So, if my alternative email is less secure which is not uncommon, my private email could also be vulnerable. Hope this makes sense. Any solution will definitely be appreciated.
Thanks again.
Dear,
Kind regards,
Mailfence support
Hi, I've read those two articles you point towards and your clarification here, but it is still not very clear to me. I believe what you're implying is that whenever emails are sent in plain text in mailfence, they can potentially be accessible by you without having a password - therefore, the inbox itself is not encrypted. Is this the case? I'm not an expert by any means on this, so I'm just trying to figure things out. I don't plan on sending a lot of encrypted emails, but I'm definitely in for trying to have a higher lever of privacy for myself and others. Also, do you have any other domain to choose but @mailfence.com?
Is there any "zero-knowledge" solution that actually works with imap? I just saw this at posteo: https://posteo.de/en/help/how-do-i-activate-posteo-crypto-mail-storage , is there any equivalent for mailfence?
Thanks!
Hey,
I finally received an answer to my initial question by Mailfence support.
Strange coincidence but i had to post the same question here to receive a personal answer.
Their answer is: "we do like to clarify that presently 'encryption at rest' is not employed. We do work on it and plan to implement it soon.".
I benchmarked mailfence, tutanota, mailbox.org and protonmail and i think i will go with mailbox.org.
You should have a look to the classical points:
- canary warrants and transparency on court order on their blog
- encryption while sending + server side encryption
- location: 9 eyes (germany) vs 14 eyes (belgium)
- data retention law (belgium > germany)
- where are the key stored: are all pub&privkey stored on the mailserver or on your laptop
- which data do they store
- attention whore brand: the most you know the brand the most it is a target
...
Good luck !
Mailbox.org isn't bad, you should check it out if you are interested and see if it's a good fit for you. It's a good, reliable service and I used it for a year. My issues were all minor, they just started annoying me over time.
Things I didn't like were 1) The office tools. They are not ready for prime time, so why clutter up the interface with them and sell them as features? Nothing could be accurately printed or saved as a PDF, formatting was just a nightmare. 2) Ongoing issues with some calendar invitations being added to the wrong day, 3) Their odd 2fa set-up with the PIN + token, 4) The support documentation is voluminous, but it's a mess. Same with the preferences area. Compare Mailbox's docs for setting up a custom domain (once you find the right one, if you can) with Mailfence's super easy five minute walk-through. 6) The Mailbox web interface was slow no matter what computer or connection I used it on. Random lock-ups that would require a refresh.
What don't you like about Mailfence? I already have some small complaints (it wont seem to recognize webcal:// formats, can't add multiple local calendars, mail filters appear to require a trip to the settings, and there's hardly any support docs at all, but I've had a helpful and friendly experience with support staff for the only time I needed help).
I've tried so many services since I left Google, and nothing checks ALL the boxes!