SimpleLogin's (SL) privacy policy is here: https://simplelogin.io/privacy/
They don't keep, read, or store emails (unless and email can't be delivered; they keep for 7 days, but they don't read them). They've also never received a legal request for information about one of their users.
I use SL for everything except my banking login and of course, my primary email login at O365. I think you're good. SL is just another email transport service...email is email. As long as SL continues to be reliable (i.e., delivery of your email), you're fine to use it for everything at your own comfort level.
The FAQ on the pricing page says to send them an email:
>We offer important discounts or free premium for:
- students, professors or technical staffs working at an educational institute
- activists, dissidents or journalists
- charity organizations
Please send us an email at for more info.
It's fine.
They are a European company with a very clear privacy policy so as long as you keep your account secure with a strong password and two factor authentication, you should be fine.
If you're worried about the code you can check it for yourself on GitHub.
No, they don’t, which is disappointing for some (I’d go to ProtonMail for this, as they have GREAT native PGP support).
Tutanota takes a different stance altogether on PGP, outlined here: https://tutanota.com/blog/posts/secure-email-security-measures/
Basically, Tutanota believes that PGP is not future-proof enough to provide reliable security. While various PGP protocols are definitely “good enough” for most personal use at this point in time, Tutanota’s team outlined weaknesses which are more a matter of “when” rather than “if” they will become obsolete. Instead, they natively encrypt all Tutanota-to-Tutanota emails and offer password-unlocked encryption for others.
I myself use both Tutanota and Proton for different purposes. And personally I think PGP is totally fine for most things these days, but I’m eager to see what Tutanota’s potentially working on as an alternative!
>Your emails: SimpleLogin does not store your emails. An email is deleted from SimpleLogin server as soon as it reaches its destination, i.e. your mailboxes for an email sent to your alias or your contact mailbox in case an email is sent from your alias. Emails that cannot be delivered are kept for 7 days so you can view and decide what to do with them.
AnonAddy supports easy to create a "send from" address: https://anonaddy.com/help/sending-email-from-an-alias.
With SimpleLogin you have to create a "reverse email address" from the dashboard.
With AA your "send from" goes through your domain (@example.com). With SL, it goes through SL's domain (@simplelogin.co) even if you have a custom domain.
This is a huge thing for me cause I can more easily/quickly send an email address to someone. I can, right from my mail client on my computer or phone, send an email to someone and on the fly create an alias without having to go to some dashboard. For example, right from my Gmail on my phone I can type [email protected] and it will send an email to [email protected] and make it look like it came from my AA alias [email protected].
mailbox.org seems to bounce some emails from our servers, probably due to some changes on their email backend. We are getting in touch with mailbox.org team in order to investigate. Our servers aren't blacklisted and work normally with all other email providers.
We're sorry for this inconvenience!
Hi we have contacted Tutanota via the Contact page on https://tutanota.com/contact but haven't heard back. But we haven't sent a follow up email indeed. Do you know what is the best way to get in touch with Tutanota? We also want to ask info about some bounced emails :).
Hi here's the answer extracted from our FAQ page . We recommend disabling an alias instead of deleting it however as deleting is irreversible.
​
>When an alias is deleted, it's put into a global trash and we make sure that it can't be reused. All historic information on the alias (the account that creates the alias, alias contacts, etc) are deleted to respect your privacy.
This applies to all aliases created with SimpleLogin domains.
You can however restore an alias created with your own domain.
Email is email... it's a communication tool that's standardized across the internet. In my view, I don't think it matters if you use SL or your Tutanota email. Everything gets delivered the same way.
I use SL for 99% of everything; the only caveat that I have is, I use my own domain at SL. That way if something ever happens to SL, I still have control over where my email goes (just route it to another service like AnonAddy, etc.).
I'm not sure, but it may not be possible based on this comment in the blacklist settings:
>Unfortunately, the “whitelisting” of (i.e. explicitly permitting
communication from) specific mail addresses is currently not a feasible
option, as many spam protection mechanisms operate by checking server
addresses rather than individual mail senders.
I haven't verified if this fixes the problem, but you can turn off RBL under the spamprotection settings; it's not an ideal solution anyway. I've emailed mailbox.org to see if they can confirm it's on a blacklist they're using. I'll let you know if I hear back from them.
Italy, I've been using ProtonMail for around a year now and only last week I've started using ProtonVPN from time to time and SimpleLogin service. Which service specifically do you think caused my ISP to block it?
Yes, it is perfect for that! Free trials, etc. In fact, if you limit the card to a single use, it closes immediately after use. I often use it for sites that force you to keep credit card info on file. I just set a bogus single use card for $1 to ensure I'm never charged again. It saves spending 30 minutes on the phone with services trying to cancel.
What's your issue with ProtonVPN? It's the only VPN I use. Mostly, because when I need a super secure connection, I trust Proton over the rest. They are trying to do a bit too much though, IMO. I'm pleased tho. Their services do not have a lot of bells and whistles, but sometimes I just need super secret communications, so it works for that.
Have you tried the Blocked Sender feature?
https://simplelogin.io/docs/getting-started/block-sender/
Minus the "list," it's exactly what you're after...
According to the terms of service it is not allowed. (https://simplelogin.io/terms/)
​
>It is prohibited to use a disposable or forwarding email address as SimpleLogin “mailbox”.
The whole point of simplelogin is to prevent two things: spam and your real email from being compromised. Whenever I sign up for a service, I used for example, [email protected] in that format. If I see that I am being e-mailed too frequently, I simply disable it.
I recommend that you get your domain from namecheap.com. If you care about privacy, set up an email with either ProtonMail or TutaNota. You'll be able to use OpenPGP with Proton; tuta is working on Autocrypt, which is essentially OpenPGP. They still haven't implemented that.
​
To put it short, just reply to this comment if you need me to guide you through the process.
If SL goes out of service you can, for example, create an account at Zoho Mail (or any other mail service), point your domain MX to there and create a catchall email account.
Lets say you created a email called [email protected] at Zoho. Then you activate the catchall to that account - and it will mean:
*@mydomain.com goes to [email protected].
Tha's it.
Well, than you run to anonaddy.com or other service like Simplelogin and start over with the alias stuff.
Last Update: The Black Friday promotion should only apply for first year. This doesn't affect you if you have already upgraded.
​
Some DNS registrars require to enter the full address and some don't (e.g. NameCheap). Usually, you only need to click on the yellow highlighted part and it will be automatically copied to the clipboard.
This permission is necessary in order to display the SimpleLogin icon on the email fields (cf below screenshot)
https://monosnap.com/file/izgUQ64oYSvCBe8ZW1ETyxgaVNlPUH
Though seemingly scary, the only thing the SimpleLogin extension does is to detect the email field and display the icon on the right.
It's not available on the free tier, right? We won't get even one directory on free tier, right?
I checked https://simplelogin.io/pricing/, but I am not very sure whether it is exclusive to premium plans.
Privacy policy: https://simplelogin.io/privacy/
“Watch” and “read” - yes. But it seems not in the way that’s particularly nefarious. Watch as in they quarantine emails, record IP, etc. “Read” as in checking for spam.
Someone else might want to chime in but I don’t think SL is in the Gmail-esq business of reading your emails.
Hey this isn't really a feature but rather a bug fix :). We used to treat the auto responder email (i.e. the "I'm on holiday") email as bounce but this is now correctly handled.
New feature is always available on simplelogin.io first before being included in the Docker image for self-hosting.
For the #2 question, you can use "directory" to have a simple email alias. Please note that privacy wise, a custom domain is better than a directory. More info on https://simplelogin.io/blog/email-alias-vs-plus-sign/ but here's an extract from it:
>For email aliases created with a catch-all domain, they can only be linked together if the domain is known to have the catch-all option enabled. There’s no way to detect whether a domain has this option enabled or to know how many people are using a domain, a bad actor usually ignores these email addresses altogether.
Hey this is the answer extracted from our FAQ for a similar question "What happens if SimpleLogin is gone?"
​
>This is probably the hardest question that a company has to answer :).
>
>As we are using SimpleLogin on a daily basis, for both our personal and professinal usage, in the worst case, we will close registrations for new users so SimpleLogin can only be used by existing users.
>
>For information, Spamgourmet, a similar email forwarding service has been running for more than 20 years now. Spamgourmet is actually an inspiration for SimpleLogin.
>
>If all this is still not enough, you can also run a SimpleLogin instance yourself as SimpleLogin code is open-source and we give detailed instructions on how to run it.
Hi this extracted from our article https://simplelogin.io/blog/email-alias-vs-plus-sign/
> For email aliases created with a catch-all domain, they can only be linked together if the domain is known to have the catch-all option enabled. There’s no way to detect whether a domain has this option enabled or to know how many people are using a domain, a bad actor usually ignores these email addresses altogether.
Sometimes a DNS update can take up to 24h to propagate but this is usually much shorter in practice (<5 minutes). Can you send us the domain you want to set up at hi [at] simplelogin.io so we can investigate?
>Database & File Storage
>Currently our database and file storage system are hosted in AWS Paris datacenter. The database is using Postgresql, is encrypted at rest and backed up everyday. Backups older than 7 days are deleted. The database is only accessible from our mail and web servers.
>File storage is based on S3 which is used to store user profile pictures and temporary bounced emails. The bounced emails are deleted after 7 days.
Thanks. We aren't sure what algorithm Gmail uses for categorizing the emails though. To avoid the emails from being put to the "Updates" bucket, maybe you can set a filter for emails sent from SimpleLogin? We have a small guide on how to set up a Gmail filter on https://simplelogin.io/help/#gmail
Hey this feature is available if a website integrates the button "Sign in with SimpleLogin", more info on https://simplelogin.io/developer/
Currently we are in looking for websites to implement this privacy-focus sign-in button instead of the "Sign in with Facebook/Twitter/Google".
At the moment we choose to concentrate on having a single premium plan as it's simpler to manage. We also like the fact that in the premium plan, users never have to worry about running out of quota on anything.
There are important reductions for students, professors, charity organizations, etc (more details on https://simplelogin.io/pricing/) so if you happen to fall into one of these groups, just drop us a message at hi [at] simplelogin.io.
Thanks for your kind words!
You're right that the directory feature is not well explained, we need work on that.
About the logs, you can see the "Information We Collect Automatically" section on our privacy page https://simplelogin.io/privacy/
Having an external audit is a good idea, I just created https://trello.com/c/ZxPvEe47/65-external-audit in our roadmap :).
I'm seeing the same thing. I've never had a problem until the last couple days. Perhaps the recent fixes caused their IPs to change to a blacklisted one? The servers don't seem to be blacklisted using mxtoolbox though. I'm using mailbox.org with RBL enabled.
Proton has the stigma. I honestly don't want to deal with services giving me issues because I have a proton email address. Also, at one point. I thought I was going to go with ProtonVPN. I did not want to have my VPN and my email centralized.
I like Tuta and use them for mostly important emails. Ctemplar is for personal emailing, friends family, and email I can very frequently. I do use SL to send a lot of those email via reverse alias in Ctemplar.
However, Tuta's GUI is terrible. I don't like sending emails out via my Tuta accounts. It's very rare that I do. Ctemplar has that traditional email look that makes it better to send emails but Tuta's E2EE experience is a lot better than how Ctemplar.