Zu deinem konkreten Beispiel: Wenn du deinen Mail-Account unbedingt bei web.de oder GMX anlegen willst und dafür deine Daten hergibst ist das aktuell wirklich deine Entscheidung und kein EU-Versagen. Es gibt ja auch Provider, bei denen du außer Benutzernamen und Passwort gar nix angeben musst. Auch aus Deutschland, wenn dir das wichtig ist (posteo.de oder mailbox.org).
Auch darüber hinaus klingt dein Rant eher, als gefällt dir die Parteipolitik in Europa nicht. Das geht mir ähnlich, ist allerdings ist kein EU-Problem. Auch ohne die EU als Organ würden CDU und SPD die gleiche Scheißpolitik machen.
Well, since I was intending to use a safe alternative and I'm willing to pay a small amount of money for it, I'll probably be going for posteo.de or mailbox.org which rae both based in my own country (so not the US). They costs €1 / month each, so I think it's a pretty reasonable price. Other than that, you might want to take a look at protonmail.com which are based in Switzerland and have a free tier (however, you will need to use their email client and it won't work with any others)
That's a valid concern, but it holds true to all online services and there is only one universal solution for this problem: Get a custom domain and use only your custom domain exclusively.
If you'd use ProtonMail with a custom domain and they would be gone tomorrow, just switch your DNS-Records to another Email provider and you will receive all your Emails there. Also makes it super easy to switch provider because you don't have to edit a thousand accounts and switch the Email address if you'd dislike ProtonMail in the future.
> what do you think about GMail and why would you NOT reccoment Gmail ?
Gmail is a great service but I personally don't consider the cost in privacy even close to worth it. Maybe ProtonMail is overkill for some people, both in price and in sacrifices, but I would rather recommend to go with something like https://mailbox.org if that's the case.
I use: https://mailbox.org/en/ You can get an e-mail ending with @mailbox.org but I have bought a domain some where else which I am pointing at Mailbox. I really like the way the calendar, mail, text editor and tasks work. I use this mail for personal communications. I also have a free Outlook mail which I use for subscriptions and stuff like that.
In /r/privacytoolIO, before the move, I saw Posteo & mailbox.org recommended all of the time actually. I don't know about "no love".
That being said, Tutunota and ProtonMail gets recommended more often because they have free accounts, making it easier for people to transition from another free account.
ich bin mit mailbox.org sehr zufrieden. Deutscher anbieter und Datenschutzfreundlich. Den Chef da kann man immer mal auf verschiedenen Tech- und Linuxkonferenzen treffen (Also, vor Corona) und wirkt auch vergleichsweise kompetent.
Here is their privacy policy. Mailbox.org certainly stores a lot more personal data and is a lot more law enforcement friendly than posteo, if that's a concern of yours. Mailbox.org and Protonmail are very clear on that they have your data and will fully cooperate with law enforcement, and that that's a good thing. Posteo is much or about individual rights to privacy and anonymity. It's ultimately a value judgement and different companies come to different conclusions.
Wenn man das Thema einmal ernsthaft angehen möchte, besorgt man sich eine eigene Domain und [Edit: und einen Emailanbieter der auch fremde Domains verwaltet, z.B. mailbox.org] und richtet eine Catch-All Emailadresse ein. Das bedeutet, dass alle Emailadressen, die mit der eigenen Domain enden, in einem Postfach zusammenlaufen. Dann meldet man sich bei jedem Dienst mit einer individuellen Emailadresse an ([email protected], [email protected], ...) an. Das hat die Vorteile, dass man a) Fishingmails sehr einfach erkennen kann, b) direkt weiß, welcher Dienst die Adresse für Werbung weitergegeben hat und c) bei solchen Leaks die Adresse schnell wechseln kann. Kostet ein paar Euro im Monat, man macht sich dafür aber auch nicht abhängig von Unternehmen wie Google, die prinzipiell kommentarlos und ohne Vorwarnung ein Konto sperren können.
I've just switched to Mailbox.org and am very pleased so far.
Amazing pricing, supports IMAP/POP3 (unlike Tutanota), supports multiple domains, has shared calendars, and a bunch of other extras. I'm new to it but not a single complaint so far.
Slightly related, if anyone is looking for a desktop email client, I've also started using Mailspring-Libre which is equally as awesome so far.
If you don't want to delve too deeply into this then you may find Protonmail or Tutanota handles this for you without you needing to learn too much. Otherwise, what you're looking for is documented here -
https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox
You basically generate a private key in something like Thunderbird and then paste the public key into the "inbox encryption" box. Then you have to make sure the private key is set up in Thunderbird so that when you pull down the emails you can read them. Or I believe you can set some of this up in their "Mailbox.org Guard" settings if you don't mind giving them your private key.
It's a reasonably good way of protecting yourself against some avenues of data theft but doesn't really offer much protection if Mailbox.org intercept the emails prior to encryption. The downside is that you then can't read the emails in just a basic email client such as the iOS Mail app.
None of this would be visible to any of the people you're exchanging emails with.
I am using mailbox.org, germany based provider with support for custom domains, inbox encryption and more. I am happy with them, but the web interface is really cluttered and slow.
Others I have heard of (and some of them tried): ProtonMail, Tutanota, Posteo, FastMail, Lavabit, ...
And it's an Australian based company, so their privacy laws are weak as fuck. For privacy conscious folks looking for email, then Protonmail, mailbox.org, Tutanota, and Posteo are tops, although Posteo doesn't allow custom domains.
posteo.de hat einen guten Ruf, ~~ist aber nicht wirklich Privacy~~, riseup.net hat einen guten Ruf, da kommt man aber wohl eher nicht direkt dran (hab es nicht fürchterlich oft probiert), dann noch https://mailbox.org/ die z.b. auch eingehende Mails mit deinem GPG-Key verschlüsseln.
Alle werten nix aus, wenn die Kacke dampft dürftest aber davon ausgehen, dass ohne GPG die auch Daten rausrücken für Strafverfolgung - vielleicht riseup.net nicht, aber bin mir nicht sicher. Mit GPG hast noch Metadaten.
Freund von mir nutzt mailbox.org und ist happy, so gut wie alle Alternativen, die ich kenne sind bei posteo. Beides soweit man liest ehrliche Unternehmen, die es auch ernst meinen und ein Geschäftsmodell haben was läuft.
Hallo Kielkrene, Hallo @all,
ich bin Peer Heinlein, der "Chef" und Gründer von mailbox.org und würde gerne direkt antworten.
Wir betreiben seit 1989 (!) E-Maildienste unter dem Namen JPBerlin.de -- damals gab es noch gar kein WWW. Unsere Geschichte kannst Du hier nachlesen:
https://mailbox.org/geschichte/
Wir haben schon sehr viele (=fast alle) andere(n) Provider kommen (und viele davon auch wieder gehen) sehen. Ich glaube nicht, daß man bei uns Angst haben muß, wir würden hier nach ein paar Monaten die Lust verlieren...
Ich bin der Autor verschiedener Fachbücher rund um Mailserver in allen Bereichen
http://www.amazon.de/Peer-Heinlein/e/B0045883D4/ref=sr_tc_2_0?qid=1429168508&sr=8-2-ent
und unser Consulting-Team betreut viele Hundert Provider in Deutschland und Europa beim Aufbau neuer Mail-Infrastruktur, bzw. unterstützt deren Administratoren bei Notfällen -- oder managed deren Mail-Infrastruktur gleich selbst. Ich bin mir sehr sicher, daß viele Deiner Mails seit vielen Jahren über "unsere" Systeme laufen... :-)
Wenn wir Euch hier weitere Fragen beantworten können, dann gerne!
Not just the US. EU has been trying to establish the same thing. And the excuse is, you guessed it, "ThInK oF tHe ChIlDrEn!!".
Hi, I did it more or less the same way as you - moved from GMail to a combination of mailbox.org and Anonaddy.
Answers:
- when you move an account (like reddit, facebook, whatever) to a new mail address, most often only the new address gets a confirmation mail. I guess this makes sense in case you don’t have access to your old mail account anymore. Sometimes your Gmail-Account gets the confirmation mail though. I'm not sure whether Google would "make the connection" and what this even means, but from that point on Google wouldn't know anything more. I recommend just setting up Mail forward to your new account.
- Change the address. This is probably about not using Google anymore, so don't use Google for mail. Change it anytime it is convenient, if you set it up so that your GMail forwards to your mailbox it's fine.
- Reliability of Simplelogin/Anonaddy: Hard to say. Anonaddy is a one-man-show who seems to do it out of passion and who says the server bills are paid by subscriptions. Simplelogin seems to be a Startup with more people and bigger aspiration, but startups have no reputation of lengivity. I'd say both are safe to use, as you most often don't need email access to change your address with a service (it happened to me exactly once out of like 60 services).
- alternative idea: You could buy a domain and set up a catch-all-alias. This would work much like Anonaddy or simplelogin and would be more reliable. Can be used with mailbox.org directly or with Anonaddy/Simplelogin
Mailbox.org offers you SMTP;IMAP;POP3, therefore, have to use your password to decrypt your private key on their server.
On the other end, Tutanota.com is more secured, because decryption is made on your computer, not their servers... therefore, they can't offer SMTP;IMAP;POP3.
​
It is a matter of choosing if you need standard protocols or higher security...
​
Also, Mailbox don't seam to have their own mobile app, they rely on third POP/IMAP apps...
​
For my part, being there on their reddit's page, I feel closer to the team of Tutanota... That's something I like from startuppers of my generation, they are open to dialog, and I can believe it might not be easy every day considering some arrogant messages they can receive...
:p And I really like their logo ! not that such a stupid thing to think... considering i'm receiving more than 10 emails a day.
​
As you see, I succeeded in making my own opinion in less than 20 minutes.
I'm Peer Heinlein, the CEO of https://mailbox.org.
It's very easy to say, that I was lying when I wrote the answer to you. It's very easy to claim that here and to incite people against us, make them sending protest e-mails to us.
In fact: My answer is true.
The lie is YOUR lie that I'm lieing. Your just "decided" that I was lieing. You don't have any real reason for that. So please be careful what you're claiming.
As you can see we have the same minimum deposit also for paypal, for bank transfer or even for paying cash. The minimum deposit has clearly nothing to do with bitcoin.
And for that, I also I never discredit bitcoin, as you stated here.
We have a lot of "real" and "virtual" costs for processing all payings, generating invoices afterwards, managing everything in our finance accounting, prepare and declare all payings to the tax office and much more. I WROTE you that already. This is not your private pocket money. This is business bookkeeping.
As you can also read on our webpages, we offer a full paying out of your deposit if you decide to cancel and close your account on mailbox.org. Nobody is cheated with his 12 EUR. So: Helping us lowering the additional costs should be very easy for everybody.
If everybody would pay his monthly fee on a monthly basis, I would have to raise the fees. Would you like me to do that?
So this is where email aliases come in. I use mailbox.org for a lot of my daily emails. Through this provider, I can set up email aliases that I can give out. These aliases all tie back to my main account and will show all emails in my main inbox (or whatever rules you set up) except I don't have to worry about mail forwarding.
On the other hand, if someone gains access to this account, all of your aliases are compromised as well. This is where services like SimpleLogin and AnonAddy come into play. You create aliases for each specific account(s) and they will forward any mail received to those generated addresses to an email of choice. The primary downsides with this are that it's a separate service, and if you want to send/reply from that generated alias, you have to set up a rule on the service side to send that reply from your main email to the alias service and then they will forward that reply to its destination. It's not as complicated as it sounds, but does make for a few extra steps.
Thanks for your answer! I'm checking mailbox.org now, and it seems a good alternative to what I originally posted. Might be worth considering as an alternative to posteo?
Also, about the money, I'm aware of the limited resources I have, but it won't be my primary concern when I'm sure that this money goes directly to support a cause I personally believe in.
I've been hearing good things about mailbox too. Personally, I'm with posteo, and paying 1 or 2€/m for a platform that completely replaced google for me (mail, calendar, contacts) is a really fair deal considering they don't snoop around in my stuff.
PrivacyGuides has a list of private email providers. Disroot is free while Posteo and Mailbox.org are 12 Euros per year. I haven't tried any of those, but I did glance over their info and websites a while back and recalling that Mailbox.org seemed like it had some good options.
Thank you. I just checked the Mailbox.org FAQ and indeed you'd need to use OpenKeychain on Android to use the encrypted mailbox. Not really a major problem but indeed Protonmail makes it easier.
Funny you ask that because I've used both Mailbox.org and Fastmail.
- First I tried Mailbox.org because of cheaper prices and better privacy. But I was not satisfied with their spam filter. And they don't explain things well, it's hard to find things on their website.
- So I've switched to Fastmail and I'm still a user. At first I had the same issue with spam management but I saw a fastmail article from their website where they explain how to create a "spam learning" folder, and now I don't have issues anymore. https://www.fastmail.help/hc/en-us/articles/1500000278142-Improving-spam-protection
Changed from a protonmail plus account to FM about a year ago: absolutely no regrets.
I went the same route as you, figuring out I don't need something as over the top as protonmail (and as pricey).
​
First went with mailbox.org because of the added aliases (25) but the lack of mobile app, making 2FA useless, made me gave up on it and I ended up with FM: lots of aliases, easy to set up custom domain, very good apps, snooze, import & fetch tools work fairly well, etc.
Fastmail is great and the UI is well-designed. It's also super easy to set up DNS, if you want to use your own domain.
Mailbox is also fine, though using your own domain requires more steps, but is cheaper if price is a consideration.
mailbox.org seems to bounce some emails from our servers, probably due to some changes on their email backend. We are getting in touch with mailbox.org team in order to investigate. Our servers aren't blacklisted and work normally with all other email providers.
We're sorry for this inconvenience!
If it's only about mail, calender and contact check out mailbox.org. It's not free, but I believe 1 euro per month is affordable. Very secure, no ads, anonymous, hosted in Europe (Germany) and powered 100% by renewables if you care.
Look at it this way... Mailbox.org may be trustworthy but say they have a request from a government to get a copy of all the data on the server, or lets say a hacker is able to break into the server. If your emails are stored without encryption, then all data is free to be taken and read. If it is encrypted then all they get is encrypted data.
I don't know why you're being downvoted, but self-hosting is a good option as long as:
If you're able and willing to do all of the above, a self-hosted server can be great. If not, a service like Proton, Tutanota, mailbox.org, or any of the other services listed on privacytools.io will be a better option.
I use mailbox.org too, not sure why it never gets recommended more by people, unless there is something I'm unaware of.
If you're a small business owner it's a god send, so much cheaper than ProtonMail and I run all my emails from multiple domains from the one account and can still access it via SMTP and IMAP.
I get that makes it less secure but I don't need encrypted email all the time every time, so when I do need it I just hop on to the website version and can send an encrypted email from any of my aliases.
Fast, easy and affordable. No complaints here. I don't think there is cheaper available for the same features, especially for business?
>Nobody may be using korganizer among the KDE devs. :P
You may be right. Although in Phabricator you can read that there was already a fix which broke something kolab-related. So maybe KDE devs are only using kolab server exclusively and not, like in my case, mailbox.org. :D
For me, the reason to want to use KDE PIM, is its deep integration within plasma. I really likes the feature of having my events within the clock widget etc. :)
Worth it if not for Kmail, then for privacy and security - change to something from EU that complies with GDPR and doesn't collect data about you (for example https://posteo.de or https://mailbox.org).
> Also, is K-9 still the better choice for email client or is the default email app decent?
K-9 Mail all the way
> I would like to know whether the default apps (call, contact, email, launcher, files) are all open source
Yes
I also use mailbox.org for IMAP/SMTP (e-mail), CardDAV (contacts), CalDAV (calendar) via DAVdroid & K-9 Mail.
If you are interested in FOSS apps, look at my post on /r/Android and /r/fossdroid.
I use mailbox.org. Based in Germany and costs 1€/month but supports encryption (e.g. by providing a service to encrypt all incoming messages with a public key you provide if I remember correctly; or by signing all messages they send to you) and respects you privacy. They have multple payment methods including bitcoin.
Well the easy way to stop people guessing your account email (and to be able to identify which site leaked your email address when you get spam), some email providers allow you to add a random string starting with a +
to the part before the @
. So for example, [email protected]
and [email protected]
both go to the inbox of [email protected]
.
posteo.de and mailbox.org are two really good paid email services I know of that both support this, both cost 1€ / month (both are also from Germany and I can't see dollar prices on the website, but 1€ is $1.12 at the time of writing). I'm not sure if hotmail / yahoo or whatever other free email services people use support it, but you should be able to find the answer fairly quickly on your search engine of choice™.
HEY! i JUST got done doing this exact thing with my domain and namecheap. i've been meaning to build a guide on this for everyone else. i too got stuck on the security key thing, and figured it out. it's really a lack of detailed instructions on their site.
Here's how you do it, with namecheap:
create a new TXT record there's two parts to the key mailbox.org gives you. it looks something like this:
> 29484q498q9pergh9pwwrofshur.DOMAIN.TLD in TXT 2w8qw8rgohrgh98gr8hpwrgofor
take the first part on the left, that includes your domain, and strip the domain part off. ie: 29484q498q9pergh9pwwrofshur.DOMAIN.TLD ----> 29484q498q9pergh9pwwrofshur paste this into the HOSTS field in your TXT record. the part on the right, after ''in TXT" looks like just a random string of characters. paste this into the VALUE field in your TXT record.
once i figured out to strip off the DOMAIN.TLD part it updated and verified my key in less than 30 seconds.
hope this helps! PM me for assistance if you need it.
There are plenty of email services if you're willing to pay for it. For example, mailbox.org and posteo.de both cost a mere Euro per month and offer a great service.
If you are wondering which services support WKD, I think you can find more info in this link: https://wiki.gnupg.org/WKD
Mail Service Providers offering WKD
Posteo offers web key directory lookup and service for u/posteo.de-addresses (Since 2016-12) E.g. German Thunderbird/WKD Instructions
Protonmail supports web key directory lookup (Since 2018-11) in both ways.
netzguerilla offers web key directory lookup. (Since 2017-10-11)
systemli.org offers web key directory lookup and service for all hosted domains (Since 2020-10-15)
mailbox.org claims to offer web key directory lookup (see https://mailbox.org/en/post/the-keyserver-is-dead-long-live-the-keyserver 2019 and DE Forum question 2021 https://userforum.mailbox.org/topic/wann-wird-ein-web-key-directory-wkd-angeboten )
mail.de maintains a WKD server (Screenshot: attachment:mailde_wkd.png
Mailfence supports web key directory lookup (Since 2021-11-18) in both ways.
Organizations using WKD
Mailbox is what you’re looking for.
Has most of the core features of 365. Email, docs, spreadsheets, cloud storage, video conferencing, custom domains, and more.
Just a heads up though, you probably aren’t getting a terabyte of storage from anyone that offers everything like Microsoft. That’s dedicated storage service level amounts.
Never trust Google in any way.
If YouTube is your life (that Google destroys on its own) make a new email on a trustworthy provider, that maybe charges some money (like mailbox.org where I am for 1€ per month) but doesn't spy on you. Change the email of your YouTube channel if they still allow that and be done with it.
Still doesn't make sense that they demand a second phone number, has anyone more information about that and can enlighten me?
So, with mailbox.org ... you get an unencrypted mailbox by default (you need to setup PGP yourself), and an unencrypted calendar (plain CalDAV support) and contact (plain CardDAV) service to be used for synching. The two last ones are always saved unencrypted on their servers. So that's what you trade in by not using Tutanota (or ProtonMail, for that matter).
Now, some will argue that "but data is encrypted, they use encrypted harddrives" ... while that might be true, it doesn't help if an attacker gets access to the filesystem on their running servers.
If you go the path to setup PGP correctly and enable automatic encryption of incoming mails, that does bring you a bit closer to ProtonMail at least. But sending mails will not necessarily be encrypted automatically and transparently; you need to take the extra steps to ensure mails are truly encrypted when they're supposed to be. And I'm not sure about how unencrypted sent mails are stored on their servers.
So if privacy is of concern, mailbox.org does send you out on a path full of traps.
I'm not sure, but it may not be possible based on this comment in the blacklist settings:
>Unfortunately, the “whitelisting” of (i.e. explicitly permitting
communication from) specific mail addresses is currently not a feasible
option, as many spam protection mechanisms operate by checking server
addresses rather than individual mail senders.
I haven't verified if this fixes the problem, but you can turn off RBL under the spamprotection settings; it's not an ideal solution anyway. I've emailed mailbox.org to see if they can confirm it's on a blacklist they're using. I'll let you know if I hear back from them.
I've been slowly going down this path. I think I'm finally at a point where my gmail will be rarely used and I've turned on mail forwarding.
I'm using a Mailbox.org account for my primary email and where my gmail is forwarded. I have a Proton Mail account that I'll use for recovery/family & friends.
I use mailbox.org.
It has everything that I need:
According to this, disroot doesn't have zero-access, but mailbox.org does, and it looking great. Price is low compared to Protonmail and Tutanota, and while the only down-side I can see, is that contacts and calendar aren't encrypted - which is no problem - as I plan to use NextCloud with Cal/Cardav.
Thank you! I will start the free trial, but if anyone has bad/good things to say about mailbox.org, I'm all ears :)
I tried a paid plan with mailbox.org for a while. It's an ok service, just very unexciting in a weird way. UI is weird. TN? yes, who knows. They may turn out to be the ones standing when the dust settles. I'm not too bothered about the recent screw up. They were too cheap for too long, panicked, fucked up. I could live with that as their prices are still good. I am more worried about the vibes they give out of not being able to run the business, being too techi, trying to reinvent the wheel, jumping from one idea to the next without ever getting anything finished, like getting all excited about one thing and then soon about another and we end up with beta versions for years. And no sense of what matters to users. Design is awful, contacts is shit, calendar is useless but they don't seem to care and keep braging about how cool these features are. Doesn't inspire me with much confidence. But, we'll see.
Heard good things about mailbox.org. I use self-hosted mail, and also have a Protonmail account. I'd say protonmail is suboptimal in that it is complicated to make it work with most mail clients. But if you are just going to use webbmail, it might not matter much.
Hey, thanks for this, really appreciate it. Funny you should send this now, I went for the basic paid plan only yesterday lol.
I am with you on every point you make; I guess we are quite the average user. I have several domains with several different users (individuals) across those domains so I am waiting for the business feature which is supposed to be presented in June. I too have been pleased with their improvements so far so looking forward to June. I have tolerated TN for years, hoping they'd grow up but they haven't. And like you, I find their cult-like fans a real turn-off. Not liking the way they are going at all. But I'll tolerate them a few more months to see how ctemplar is doing. I've abandonned mailbox.org, since.
Again, thanks for the heads up. Very useful.
EDIT: what worries me a bit about ctemplar is their funding model. Have you seen the size of that team?? I posted this and a few questions on this subreddit but never got a reply. Shame.
I guess I was hoping to find a good provider that I can know for sure isn't using me as advertising. The first few sites I looked at either allow themselves to look at my account and sell some of my information or are totally encryption focused and don't work with many native email apps without bridges or on phones at all.
After doing a little more research I have found Mailbox.org which seems to have more of what I am looking for.
You're talking email provider? Because there are "virtual" physical mailboxes, too. Suppose you mean email. There are actually quite a few in the EU and Europe. Protonmail as someon suggested is very popular, best UI, lots of good functionalities. Personally, i don't trust them because USA money and some dodgy people on their board (for mer US agency people). Tutanota, Germany - going through a serious questioning of their ability to run the business they have but technically probably top-notch. Time will tell what they are worth.
Mailbox.org, Posteo, Germany - work well, mature services.
Runbox, Sweden, liked by many, I have no experience of it.
ctemplar, Island - a yound tutanota which I find more promising as they seem smarter in their way to go about it (clear roadmap, will interface with a client).
Startmail, NL - don't know much about it, coming from startpage.
In fact, Europe and EU seem to have the most reliable and trustworthy mail providers at the moment.
you can use an app on your computer to generate keys, there are a few you could choose from.
if you prefer there is also a browser plugin you can use to generate the keys if you want. mailbox.org has Mailvelope integration (browser plugin) this is probably the easiest and best option for you
on mobile you can use k-9 mail. which has a pgp plugin. just import the keys you made on your computer. there may be others but this is what i use
you can also have mailbox.org manage keys for you but you are better off learning the pgp stuff yourself. trusting them to manage and store your keys kind of defeats the purpose.
the setting panels on mailvelope may be a little daunting at first if you are not used to that much control over your service (there are certainly more options than tutanota) but if you take your time you will be ok.
if you get stuck feel free to ask.
If you are not worried about authorities accessing your account with lawful court orders I would stick with business version of outlook or gmail. Both have excellent privacy policies, audit trails and you are the owner of the data on their business platform, not them.
I would also invest in your own domain, so you can easily migrate to a different email platform. You will pay the same amount or slightly more than for protonmail or startmail, but it's worth it, considering you get whole collaboration platform, tools, cloud storage and so on.
I would trust much more Microsoft with my data on business account rather than fastmail, or startmail.
If you want to get away from big guys mailbox.org is really good. I was using them, but had to resign because they charge extra for additional aliases even with your own domain (which is ridiculous).
If you don't want to use your own domain then posteo.de is excellent, cheap mailservice (I had to resign from using them, because after mail address leak from one of the shops I was using, the posteo spam filter couldn't keep up with it. However my friend is using it for many years now and really likes it.)
​
protonmail? -> for me too expensive and if you think about, the end to end encryption they use is just a gimmick, at least when it comes to an actual real world usage. Also you risk that your emails will end up in spam filters.
tutanota -> quite cool I use them as a backup now in case I lose access to my main email with domain. Much cheaper than protonmail and offer more storage for free account. However they have the same problem like protonmail, emails you sent may sometimes end up in spam or be completely blocked by some admins. Also I feel the ios app is really sluggish sometimes.
Keep in mind that your main email account should also be secure, so I would cross out any potential email providers that do not have MFA.
This is why I switched from Gmail. It's been about a month. Very happy so far with Mailbox.org
The thing about Google Drive is the $20/year option, and I do need my 100GB for constantly backing up my cell phone in the cloud, in case it breaks. But other providers (Dropbox and the like) don't have these options. Except for OneDrive, which I wanna stay away from.
I would recommend to you to have a look at pt.io and the subreddit as this question was already answered multiple times. Personally I would recommend mailbox.org. It's a bit more advanced in it's feature list but costs only 1€ a month. ProtonMail is often recommended but it's relatively exprensive if you want to support them and don't want to use their free service.
Sounds like a great set up. You get 25 aliases with the €2,5/month mailbox.org plan, for your own domains or theirs, so you can have e-mail addresses for each web site account, like bobalicous345_. It looks like you get 5 addresses/aliases at Protonmail with their €5/mo plan?
I use mailbox.org and I am very impressed by it. It is paid (€1 a month), but other than that it is just like other email providers. I have also tried protonmail.com in the past, but I prefer the former. It is highly customizable, and integrates easily with third party email clients such as Thunderbird.
>Sowas einzurichten (gerade den Part, wo andere Mailserver deine eMails endlich nicht mehr by default ablehnen) ist erstmal tricky, wenn man aber die Basics verstanden hat, ist es simpel.
Sollte ich von Berufs wegen hinkriegen. :DD
Aber hatte nicht dran gedacht, dass die ganze Wartung natürlich dann alleine an mir hängen bleibt, und dann auch noch in meiner Freizeit. Hab ich dann doch nur bedingt Bock drauf. :D
Werde also vermutlich einfach mailbox.org oder so nehmen. Den Flex mit der eigenen Domain hab ich dann ja trotzdem, und darauf kommts ja am Ende an. :D
I think you are getting downvoted because knowing the server location and privacy policy are critical for knowing if the service is good or not.
Also, there are many alternatives to mailbox.org already listed on the privacytoolsIO website.
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
I found links in your comment that were not hyperlinked:
I did the honors for you.
^delete ^| ^information ^| ^<3
I think the problem is Outlook app on Android, not Mailfence. It works perfectly fine with Gmail app + ActivSync.
Mailbox.org is fine service. Using it today. But it suffers from rather poor Customer Service and their MFA system is weird.
Tutanota cannot even Import/Export email. So you cannot migrate your emails there. And you are basically vendor locked as there is no way to get your emails out.
ProtonMail has Bridge which gives you access to IMAP, so you can easily migrate your emails in or out. It has also Import/Export tool.
ProtonMail encryption and privacy are handled much better way than mailbox.org. Everything is either end-to-end or zero-knowledge encrypted on ProtonMail.
Not that great since they say "may need to share your data with marketing and ad partners", which should be an automatic pass since you're putting a lot of information and content through their service
> Third-party service providers : We may need to share your personal information and aggregated or de-identified information with third-party service providers that we engage, such as marketing and advertising partners, event organizers, web analytics providers and payment processors. These service providers are authorized to use your personal information only as necessary to provide these services to us.
As for alternatives, you can use OnlyOffice if you need an online/offline office suite. Mailbox is similar to Zoho in terms of email, office, cloud storage all in one service.
I really like mailbox.org. In my opinion it's the most polished, well-rounded interface among all of the privacy-focused email providers. I also like that they have a cloud storage option with a full office suite (looks to be running OnlyOffice). The site has been very responsive and there seems to be a good support community. I only have two beefs:
One, that their MFA implementation is bizarre. When you turn on MFA, your password changes to your 4-character PIN + TOTP. So instead of your random 40-character password, your password is now "1a2b123456". It's not necessarily insecure since it changes every 30 seconds (or at every logon event), but I'd much rather have hardware U2F support or, at the very least, a separate field for OTP.
Two, they use OX if you want mobile access to your drive or calendar. Maybe it's better now but OX has been buggy and awkward for as long as I can remember. I gave up on it years ago.
Tutanota is also awesome. Tutanota seems to get slowly better day by day. I remember when I first signed up they had some awkward user interface issues that have since been resolved. Tutanota's MFA implementation is also not insane, and they have their own mail client.
That's important because most providers' IMAP access is not protected by MFA. While an attacker obviously can't tamper with your settings via IMAP, they can intercept your email if they get your password. Both Tutanota and mailbox (and hopefully most other providers) allow you to entirely disable IMAP / POP if this is a concern for you.
Encrypted mailbox doesn't make any sense to me. As if the feds would only scan/check my mailbox once per month. Its already saved somewhere before it even arrives in my mailbox. You could also download them over POP3 onto your encrypted HDD. Encrypting a mail that was send unencrypted may "feel" secure, but it just isn't.
I would anyway pick mailbox.org over posteo, because they allow to use your own domain. Also Peer Heinlein - CEO of mailbox.org - is THE german specialist, when it comes to mailserver.
I am also in the progress of ditching my Gmail, i have switched to Mailbox.org. But apart from that, i have also bought my own domainname and linked it to mailbox.org (pointing your MX-records at them). I have done this because changing my mail address in a lot of places is already annoying enough. Should i be tired of mailbox.org , i only have to point my MX-records to a different provider to have my mail end up there.
I also use catch-all functionality so that i can use aliases for every webshop. For example '[email protected]' ends up in my mailbox, but '<typewhateveryoulike>@mydomainname.com' also does. Very handy, should i receive a lot of spam suddenly, the offender is easily found that way.
​
For copying the mails i used Mozilla Thunderbird, as both Gmail and Mailbox.org support IMAP. So it was just a case of drag-and-drop to copy the mails. But you still have to edit the mail address at the webshop itself though...
ProtonMail seems to be quite popular, but it lacks a calendar functionality and also CardDAV for contacts. And no easy way for SMTP. I prefer to be able to use the mail app that i like, instead of being forced to a specific app.
The inbox encryption provided by Mailbox.org uses your PGP key to encrypt the inbound emails. If you use IMAP to access these emails you will not be able to read them, unless you have a client that allows you to import your PGP key to decrypt your inbox. This means that Mailbox.org does not work with standard Mail app on iOS if you have the encrypted inbox enabled.
I bought Canary which allows you to import your PGP key to decrypt your inbox which is one of the only iOS clients I've found that lets you read your encrypted inbox on Mailbox.org
IMO the threat model for Mailbox.org is different than for Protonmail. If you are worried about state actors intercepting your inbox then using E2E encryption is probably best but you need to be communicating with people who also use E2E encryption. My threat model involves hackers, phishers, etc..so the encryption of the server itself is more important for me since nobody I know will be bothered to use E2E.
Mailbox.org does something goofy with their YubiOTP implementation. Per their documentation you'll want to enter your PIN, then in the same input box, press the button on the YubiKey.
https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA
​
Here's to hoping they just start supporting FIDO instead.
i really don't understand how an email provider may decide not to cooperate with law enforcement.
Oh, and trust level very low it seems inaccurate because those are the best current email providers.
​
p.s. mailbox.org has a transparency report here ( https://mailbox.org/en/company#transparency-report )
European Countries are well known and having many private friendly services specially Germany.
Take the examples below:
Protonmail (Switzerland)
Posteo (Germany)
Mailbox.org (Germany)
Tutanota (Germany)
Kolab Now (Switzerland)
Countermail (Germany)
Startmail (Netherlands)
​
In addition, this is the first time I get asked to provide ID documents from a Service Provider.
None of the european providers I´ve worked with ever asked for ID. Maybe a few personal details maybe but not at this level.
Take OVH.COM for instance. French company offering similar services (VPS as well) and doesn´t ask for this type of info
:)
​
​
I like Protonmail. I think they should continue to fill the niche of high end customer friendly encryped mailbox solutions! Protonmail, Tutanota, mailbox.org and many others offer to handle your PGP keys for you and many people think thats not a good idea generally, although it raises the default privacy by a lot. With Protonmail you are not yet able to handle your own PGP keys. Mailbox.org is cheap, its much more flexible than most other competitors, it won the Stiftung Warentest (test.de) (well respected german product tester since the 60's) together with Posteo and feels very much like they care about open source and customer privacy!
Ist vielleicht nicht deutlich geworden, aber ich betreibe auch keinen eigenen Mailserver. Ich benutze mailbox.org als Emailanbieter und habe dort meine Domain importiert, daher Null Aufwand und alle Vorteile eines professionellen Emailanbieters.
That's partly for legal reasons, since in Germany an e-mail that ended up in your spam filter is considered to have been delivered, which means you can't argue that you didn't receive it.
Mailbox.org (roughly feature-equal to posteo) has an option to instead filter spam e-mails into a folder of your choosing.
Ah, perfect. I see the option to redirect spam emails to a folder. Thank you! This was the primary issue that was stopping me from trying mailbox.org since posteo does not allow you to redirect spam to a folder to my knowledge.
Posteo and mailbox.org, in no specific order. Both are pretty much engaged in open source, privacy and data protection (you can look up their features on the linked sites, mailbox.org even operates a dedicated Tor exit node, which you can use to route your clients traffic through, for instance), have a no logging policy and require no information (like phone number, real name) on sign up.
If you want to use your own domain, this is not possible with posteo, unlike mailbox.org, where this is an option.
I use an email provider called mailbox.org, they protect your privacy AND they really, really have a great anti-spam system. In my time using it, I've never had a false-positive spam detection, nor spam outside of some unwanted newsletters in my inbox.
In comparison, I really do wonder how Google can't offer a system that's as good as this, since they're such a huge company. With Google I've had lots of false-positives in my spam folder AND my data being taken away from me - not a good deal :(
mailbox.org has a .onion address as well, however, their webinterface is not accessible via this address. Information in German
They are running an exit node as well, though, and one can configure TOR to always use this (trusted) exit node when accessing their web interface using the clear net address.
mailbox.org ebenfalls. Die verwenden OpenXChange welches gleich noch ein paar Office-Funktionen (Textverarbeitung, Tabellenkalkulation) und einen Cloudspeicher mitliefert.
Ansonsten habe ich vor kurzem festgestellt dass der All-Inkl Webmail-Kalender (sofern du dort ein Webpacket haben solltest oder an einem interessiert wärst) CalDAV^1 Unterstützung hat.
^(1. CalDAV ist das Protokoll das auch bei Posteo oder Mailbox den Kalender nach "außen" zur Verfügung stellt. iOS unterstützt das von Haus aus, bei Android muss man sich, soweit ich das weiß, eine App nachinstallieren. Anleitungen hierzu gibt es aber auf Posteo und Mailbox.org (kann gerade nur nicht nachsehen da im Firmennetz fast alles was ansatzweise nach Webmail riecht gesperrt ist).)
I'm using Mailbox.org with Thunderbird as e-mail client (in POP3 mode) and Enigmail. You can encrypt any incoming e-mail with your own PGP public key (which doesn't need to be stored in their servers, you can generating in your computer using PGP).
You also have the option of avoiding any e-mail being sent/received to/from providers which don't support encryption in transit, avoiding passive attackers to get your mails when they're sent/received to/from another e-mail provider. They also support DANE, which avoids active attackers from intercepting your e-mails (unfortunately, if the other side doesn't support DANE, nothing can be done)
Ich habe meinem Sohn vor einem Jahr seine erste Mailadresse bei mailbox.org eingerichtet, da ich nicht wollte, dass er in jungen Jahren schon seine kompletten Daten bei Google etc. hinterlegt. Mittlerweile bin ich auch selber auf von gmail auf mailbox.org umgestiegen und habe dabei ein gutes Gefühl. Datenschutz und Transparenz werden hier (wie bei posteo auch) großgeschrieben.
Im Zweifelsfall einfach mal einen Demoaccount anlegen und ausprobieren: https://mailbox.org/demo-account-so-koennen-sie-mailbox-org-testen/
Mailbox.org, was bessere Crypto-Möglichkeiten hat als Posteo hat auch einen veröffentlicht: https://mailbox.org/transparenzbericht-ueber-die-auskunftsersuchen-von-behoerden-bei-jpberlin-de-und-mailbox-org/
I’ve just been through the exact same thing. Look at the documentation for teams. The €3 per user standard account has this feature too.
https://kb.mailbox.org/en/private/account-article/how-to-set-up-team-accounts
And it seems since today you can use light too! https://mailbox.org/en/post/teams-and-families-custom-domains-available-in-the-light-plan
This is also one of the reasons I've moved on from mailbox.org.
Seems like they won't fix this and they also wouldn't bother about complaints, especially in this subreddit. It's unfortunate but well, there're always other choices.
Wenn ein Unternehmen E-Mails versendet, die einen steuerlichen Bezug haben, dann müssen nach der GoBD revisionssicher archiviert werden. Dafür hat mailbox.org aktuell keine Dienstleistung im Angebot. Es gibt aber Dienstleister, die E-Mail Archivierung als Service anbieten. Man kann es auch selbst machen, bspw. mit MailStore oder EcoMailz, aber nüchtern betrachtet ist das mit mehr Risiko und Kosten verbunden.
Da machst du mit mailbox.org nichts falsch. Du setzt für deine Domain die passenden Records im DNS und dann kannst du deine Postfächer bei mailbox.org hosten lassen. Die AVV kannst du direkt herunterladen und nur um die E-Mail Archivierung musst du dich separat kümmern.
Das ist von vorn bis hinten Unsinn.
Mailbox.org ist ein seriöser Hoster und bietet – wie der Name auch suggeriert – vollwertige Postfächer und eine Groupwarelösung an. Ich kenne mailbox.org seit ungefähr fünf Jahren und bin sehr zufrieden. Das Preis-Leistungs-Verhältnis ist einwandfrei und der Support für Fragen und Anregungen aller Art erreichbar und punktet mit sinnvollen Antworten. Die AVV kannst du in deinem Kundencenter abschließen, falls das in deinem Tarif möglich ist.
​
Und noch ein allgemeiner Tipp von mir: Für 80 % aller Unternehmen und für 95 % aller kleinen und mittelständischen Unternehmen ist das selbst Hosten von E-Mails keine gute Idee. E-Mail benötigt Infrastruktur, Know-How und Erfahrung – da steht der Aufwand und die Kosten für »richtiges« Selbermachen in keinem Verhältnis zum Preis für den man die Leistung einkaufen kann.
I think you’re reffering to email aliases with a custom domain so thats what im gonna explain:
Choose a email you wan to use as mailbox for all emails you create with your domain. I personally use protonmail
Get a domain from a private/secure registrar like Njala
Use either a service like cloudflare (which i use), an email provider which supports own domains (like Mailbox.org) or host it yourself to create email aliases pointing to your “receiver” mail. The free tier of cloudflare offers this with unlimited aliases, but remember: if a product is free, you (mostly) just dont pay with money
Don’t host your own smtp mail server, its a pain
I hope I could help and haven’t missed the point entirely
xx Noku
Using an alias for my [email protected] instead of the [email protected] or [anything]@domain.com address.
For burner addresses mailbox.org has disposable addresses: https://mailbox.org/en/post/more-privacy-with-anonymous-disposable-e-mail-addresses
Wenn du deine Domain mit mailbox.org nutzen willst, gibt es eine Umzugsfunktion für bestehende E-Mail-Konten. https://kb.mailbox.org/de/privat/ihr-account-bei-mailbox-org/umzug-zu-mailbox-org
Vielen Dank übrigens für den Tipp mit Mailbox.org und Posteo.de.
Diese beiden kannte ich noch nicht und finde, nachdem ja gmx und web.de verkauft werden sollen, dass ich wohl zu einem dieser beiden wechseln werde.
In both systems you need to deactivate data collection to improve their products, locally.
Regarding ChromeOS, you can:
- deactivate data collection in your Google account (web-, search-, location-, etc activities and history, personalized advertisments, ...) [https://myaccount.google.com/data-and-privacy\]
- deactivate the Play Store (App Store pendant) if you want
- activate Linux containers (std is Debian 11 Buster, but Ubuntu, Arch etc also possible) to use Open Source apps like Firefox, Brave, Thunderbird, ...
- install privacy extensions into the build-in Chrome browser to completely lock out the Google account link of your Chromebook to the browser (e.g. NoScript).
- use different web applications than Googles. Mailbox.org for Mail, Office, StandardNotes, etc. to give you one example.
- you can, but you don't need to use Google Drive. I use it while having 90 % encrypted with Cryptomator (Android-App/AppImage) and 100 % locally synchronized to my external 2 TB SSD. (DriveSync Android or Insync Debian) I could do the same with Dropbox, Seafile (Luckycloud, YourSecureCloud), MegaSync etc.
So, you can do a lot. Just some examples. You must decide, whether this is enough to fulfill your thread model.
I already do that, but using mailbox.org instead of ProtonMail. The issue is if all of the companies sell my various emails asdf@yourdomain and jkl@yourdomain to the same buyer, that buyer can then realize it's a catch-all and associate them together as one user profile. So at that point I might as well have one email.
Here's what's been working for me this year:
Ich benutze auch das hier schon mehrfach empfohlene und in Deutschland gehostete Mailbox.org. Das Webinterface, insbesondere die Einstellungen und die 2FA-Implementierung finde ich da allerdings nicht so toll. Ist aber wenn man meistens sowieso nur per IMAP drauf zugreift auch nicht so wichtig.
Ein Nachteil für den Anwendungsfall mit eigener Domain und mehreren Accounts ist dort aber, dass du (wie bei Protonmail) pro Benutzeraccount bezahlst. Minimum glaube ich 3€/Monat für den Account, der die Domain verwaltet und 1€/Monat für weitere Accounts mit 2GB Postfach, welche die Domains mitbenutzen können.
Eine flexiblere Alternative mit Festpreis wäre zum Beispiel das schweizerische Migadu. Was Features und modernes Interface angeht ist ansonsten noch Fastmail sehr empfehlenswert. Ist dafür allerdings auch ein australischer Anbieter.
Du solltest dir mailbox.org anschauen. Das ist hervorragend und günstig. Wenn du viel Wert auf eine freie Konfiguration legst, dann rate ich dir zu Managed Mailcow. Die Leute dort sind auch sehr hilfsbereit und unkompliziert. Solange du aber nur ein paar Postfächer benötigst, dann würde ich dir zu mailbox.org raten.
Thanks for your input. I've come to the same conclusion. I've seen a bunch of people transferred to mailbox.org, but that's not an improvement. And I trust Proton less than Tutanota.
I know you're trying to help, and I appreciate that. I was referring to MY post being down voted.
Yes, I know about Gmail. I opened Gmail accounts in 2004 and G-toxed about 3years ago. The fantasy you describe (completely protected, invisible) is black and white thinking. I'm trying to improve privacy as much as possible, which is a gradient.
Thanks for your input on mail providers, noted.
For anyone else, are there any recommended other mail providers beside Tuta.io? Does anyone have experience with Mailbox.org? It was suggested in another thread.