New features: OTP two-factor auth, PGP-key server, Mailvelope support, e-mail backup, and more

“April showers bring May flowers!” In fact, a lot has happened in May as we launched a whole range of new features and ways to use Some of the related developments have been going on for well over a year and we are very happy to now be able to present the fruits of our labour to our users. So, what is new? There’s a whole list of things:

  • POP3 mail collection service with PGP-encrypted inbox
  • User access to e-mail backups
  • Two-factor authentication and One-Time Password methods like Google Authenticator
  • PGP key server (HKP)
  • Auto-configuration wizard
  • Guard now with comprehensive Mailvelope support
  • 30-day disposable e-mail addresses
  • Coming very shortly:
    • Dedicated Android app for calendar and contacts
    • Mailtrace: Log file search for our users
  • and finally…
    • …a new virtualization cluster
    • …BGP routing and BCIX peering
    • …new staff
    • …user support forum launch
    • …better resolution of contact images
    • …names of special “Drafts/Trash/Sent” folders adjusted
    • …Envelope-To addresses available as a filter element


See below for details:

POP3 mail collection service with PGP-encrypted Inbox

Our new POP3 mail collection service (to be found on the settings page) can perform scheduled imports of e-mail inboxes that are hosted with other providers. These e-mails can be run through our mail filter and so distributed to a separate IMAP folder on Best of all: If you are using the fully-encrypted inbox, all e-mails collected in this way will get PGP-encrypted as well! There is another difference to the existing POP3 service that is accessible through the mail menu: The new service can work entirely in the background and will import e-mails automatically every 30 minutes, without prompting the user to log in every time. It may therefore present an interesting option for those customers who use a dedicated mail client to access


User access to e-mail backups

It can happen to everyone and at any time: Just one wrong keypress and an important e-mail message or even an entire folder is gone. E-mail backup is not included in our tariffs, however, we do perform regular backups for technical purposes that cover the e-mail data of the past few days. We have now created a self-service interface (to be found in the settings pages) which gives users access to an e-mail recovery function. It is now possible to re-import the inbox and other IMAP folders from a backup and so, replace any (recently) deleted e-mails without the need to contact our support team. Please note that we needed to make adjustments to §11 (2) of our General Terms and Conditions to accommodate this new service.


Two-factor authentication and One-Time Password methods like Google Authenticator

After more than a year of development effort, now benefits from a completely overhauled authentication module. In addition to the usual password protection, the supported mechanisms include our dedicated YubiKeys and multiple One-time password token generators, such as Google Authenticator or the OATH service that is common on iPhones. In principle, all token generators that work based on HOTP, TOTP, or mOTP can be used. Due to popular demand, we also enabled YubiCloud authentication for those who did not obtain their YubiKeys directly from but from external vendors.

See the FAQ for more details:


PGP key server (HKP)

Our Guard has further evolved into a central tool for PGP management. The public keys of our users are now being distributed publicly through a dedicated PGP key server (hkps:// Special DNS records make sure that PGP-relevant programs of other users will find this key server automatically to retrieve verified keys of our users.

Please consult the FAQ for more details:


Auto-configuration wizard

Users will find a new tile on their office dashboard or, alternatively, a new settings menu entry called „Connect Your Device“ which links to our improved auto-config wizard: Simply select your device or application from a list and the wizard will display the correct configuration for connecting it with If you are an iPhone user, a configuration text message can be sent directly to your phone, and then it is a simple matter of confirming the settings to make the connection. iPad and Mac users can download a configuration file to import to their devices. Users of Microsoft Outlook will also benefit from an improved auto-configuration. For connecting most applications and devices, it will be sufficient from now on to simply state a username and password to retrieve the required settings automatically. Guard now with comprehensive Mailvelope support

Previously, the Guard would manage user keys entirely on the server side in order to allow comprehensive use of PGP, even on the go. As an alternative, we have now added to Guard full support for Mailvelope, a browser plugin that can be installed by the users that will store encryption keys directly on their local machine. We support the plugin as it appears to be popular with many users, and common with other providers, where Mailvelope presents the foundation of their PGP services. From a security perspective, we are still somewhat critical of the approach underlying Mailvelope, yet at the same time, we want to give our users the freedom to choose the mechanism they prefer. As a result, does now offer the same Mailvelope support as other providers do. Any accounts which have the Guard extension enabled for the first time will now be able to select either server-side PGP encryption, as usual, or configure Guard for use with the Mailvelope-Plugin. Note that once Guard is fully configured and operational, this setting cannot be reversed. We urge our users to please read the FAQs on this subject before setting up Guard.

See the FAQ for more details:


30-days disposable e-mail addresses

Many web services and forums require registration with an e-mail address and sometimes, we might prefer not to hand over the address that we use regularly. One alternative is to use e-mail aliases, yet the number of aliases one can create per account is limited, and their use is potentially unsafe, as other people might re-register an alias sometime after it was deleted. For this reason, users may now create disposable e-mail addresses in the settings. These are valid for 30 days, after which they expire and are deleted automatically. Please note: You can only receive but not send any e-mails using disposable addresses!

Coming very shortly

A dedicated Android app for calendar and contacts

Our new app is currently going through the Google Playstore publishing process and activation is imminent. Having our own calendar and contacts app will allow seamless integration with the and makes mobile configuration much easier. The basis for our app are the calendar and contacts apps by Marten Gajda, which we whole-heartedly recommend, and which have been adapted to create a dedicated app for Our auto-configuration wizard will also link to any new apps as soon as they become available.


Mailtrace: Log file search for our users

In cases where there is uncertainty about the status of an e-mail, the only way to find out is usually to look through the server logs. However, these are not normally accessible to ordinary users. Our new „Mailtrace“-service offers a search facility to all users where they can inspect their individual e-mail activity: The results indicate the transmission status of any outgoing and incoming mail in real time, using an easy-to-recognize traffic-light metaphor. Those users who are interested in technical details can get such more in-depth information as well. Presently, we cannot announce a release date yet, but any users interested in becoming beta testers for this feature should get in touch with Peer Heinlein (

and finally…

A quick peek behind the scenes – for anyone who is interested in what’s going on at – the business:


…a new virtualization cluster

It took 18 months of preparation but at the beginning of May, we could finally take into operation an entirely new server cluster at our data center. For this cluster, we have chosen to adopt another virtualization technology that will help implement our long-term strategy of establishing hardware- as well as software-redundant solutions that are more robust and reliable when it comes to technical faults and security challenges. So, for instance, the server clusters that comprise several physical machines will be set up in parallel alternative configurations, using two different virtualization technologies at the same time.


…BGP-Routing und BCIX-Peering

Another project that was finished in the first quarter of 2016 (after two years of work) concerned the Border Gateway Protocol (BGP) and the Berlin Commercial Internet Exchange (BCIX): Traffic between and other German and international providers is now routed directly through the Berlin exchange BCIX, which means increased speed and shorter pathways for the routing of data packets. To achieve this, all data centers have been connected to the BCIX node and BGP peering was subsequently arranged with all major internet providers. The improved infrastructure makes a lot more independent when it comes to general internet service disruptions or cases of traffic congestion at other routing-relevant locations, as they may occur due to hardware failure or DDoS attacks. is now connected to the Internet using four parallel and completely redundant firewall- and router systems, which are situated at different geographic locations.


…new staff

We have hired additional developers, support workers, and system administrators in the past six months who joined teams at and Heinlein Support. Our entire team is currently 29 heads strong and even more people will start in their new roles from 1st June. Sebastian „Ben“ Knopp and the helpdesk team are working incredibly hard to keep our SLA below 24 hours and the numerous features described above demonstrate the magnificent feats our developers and administrators were able to pull off in the previous months. This growth also meant that physical space is getting scarce at our premises and so, Heinlein Support will be taking over another 200 sqm of office space in our building from 1st June, taking the total space allocated to company offices to 700 sqm.


…User support forum

We launched the new support forum early this year which has shown some amazing growth. Users actively engage to help other users, answer their questions, exchange experiences, or give advice on configuration settings for special software. Our helpdesk team uses the forum to interact with our user base and provide voluntary support (Please keep in mind that we keep providing individual support for our services via e-mail: Nevertheless, the team is actively following the issues discussed in the forum and take away ideas that come directly from our loyal customers about possible improvements to – some of which have already been implemented (see below)! We really appreciate the interaction with our users and would like to thank everyone who participates in user support forum activities.


…better resolution of contact images

Triggered by a discussion between users in the forum, we increased the resolution of contact images from 250×250 to 720×720 pixels. In light of the ever-growing screen size and resolution of modern mobile devices, the previous image resolution was not timely anymore. Although newly uploaded images will be saved automatically in the new resolution of 720×720 pixels, we obviously cannot increase the quality of existing contact images. Please update these existing images with higher quality versions, if desired, by simply uploading new images.


…names of special “Drafts/Trash/Sent” folders adjusted

Changes in recent versions of Microsoft Outlook have caused confusion with some of the standard e-mail folders used by Outlook and, in particular when non-English names were used for folders like „Drafts“, or „Sent“, etc. In order for e-mail clients to recognize these special folders correctly, new accounts will from now on adopt the English default names „Drafts“, „Trash“, „Sent“, and „Archive“, even though these might still be displayed properly in the web interface in the language selected by the user. Any current accounts will not be changed automatically in order to preserve their existing configuration. However, we are happy to apply the above changes to the name schema on request – if you would like us to do this, please send an e-mail to quoting “folder change“ in the subject line.


… „Envelope-To“ addresses available as a filter element

A feature long-desired by our users has finally arrived with the May update: From now on, e-mail addresses that use external domain names will be considered by the Sieve mail filter and there will be a filter element called „Envelope-To“. Especially those customers who use their own domain name and corresponding alias-addresses will be delighted, because the new feature allows the automatic filtering and sorting of e-mails sent to particular addresses into separate subfolders.
Please note: The filter element „Any recipient“ will make the search engine look at the header entries „To:“ and „CC:“ – if the e-mail was forwarded or sent via BCC, then there won’t be any information about the real recipient and the entry will point to the previous recipient address (before the message was forwarded). The filter element „Envelope-To“, however, will check the real recipient to which the e-mail is currently addressed.