POP3 mail collection service with PGP-encrypted Inbox
Our new POP3 mail collection service (to be found on the settings page) can perform scheduled imports of e-mail inboxes that are hosted with other providers. These e-mails can be run through our mail filter and so distributed to a separate IMAP folder on mailbox.org. Best of all: If you are using the fully-encrypted inbox, all e-mails collected in this way will get PGP-encrypted as well! There is another difference to the existing POP3 service that is accessible through the mail menu: The new service can work entirely in the background and will import e-mails automatically every 30 minutes, without prompting the user to log in every time. It may therefore present an interesting option for those customers who use a dedicated mail client to access mailbox.org.
User access to e-mail backups
It can happen to everyone and at any time: Just one wrong keypress and an important e-mail message or even an entire folder is gone. E-mail backup is not included in our tariffs, however we do perform regular backups for technical purposes that cover the e-mail data of the past few days. We have now created a self-service interface (to be found in the settings pages) which gives users access to an e-mail recovery function. It is now possible to re-import the inbox and other IMAP-folders from a backup and so, replace any (recently) deleted e-mails without the need to contact our support team. Please note that we needed to make adjustments to §11 (2) of our General Terms and Conditions to accommodate this new service.
Two-factor authentication and One-Time Password methods like Google Authenticator
After more than a year of development effort, mailbox.org now benefits from a completely overhauled authentication module. In addition to the usual password protection, the supported mechanisms include our dedicated mailbox.org YubiKeys and multiple One-time password token generators, such as Google Authenticator or the OATH service that is common on iPhones. In principle, all token generators that work based on HOTP, TOTP, or mOTP can be used. Due to popular demand, we also enabled YubiCloud authentication for those who did not obtain their YubiKeys directly from mailbox.org but from external vendors.
See the FAQ for more details:
PGP key server (HKP)
Our mailbox.org Guard has further evolved into a central tool for PGP management. The public keys of our users are now being distributed publicly through a dedicated PGP key server (hkps://pgp.mailbox.org. Special DNS records make sure that PGP-relevant programs of other users will find this key server automatically to retrieve verified keys of our users.
Please consult the FAQ for more details:
Users will find a new tile on their office dashboard or, alternatively, a new settings menu entry called „Connect Your Device“ which links to our improved auto-config wizard: Simply select your device or application from a list and the wizard will display the correct configuration for connecting it with mailbox.org. If you are an iPhone user, a configuration text message can be sent directly to your phone, and then it is a simple matter of confirming the settings to make the connection. iPad and Mac users can download a configuration file to import to their device. Users of Microsoft Outlook will also benefit from an improved auto-configuration. For connecting most applications and devices, it will be sufficient from now on to simply state username and password to retrieve the required settings automatically.
mailbox.org Guard now with comprehensive Mailvelope support
Previously, the mailbox.org Guard would manage user keys entirely on the server side in order to allow comprehensive use of PGP, even on the go. As an alternative, we have now added to Guard full support for Mailvelope, a browser plugin that can be installed by the users that will store encryption keys directly on their local machine. We support the plugin as it appears to be popular with many users, and common with other providers, where Mailvelope presents the foundation of their PGP services. From a security perspective, we are still somewhat critical of the approach underlying Mailvelope, yet at the same time, we want to give our users the freedom to choose the mechanism they prefer. As a result, mailbox.org does now offer the same Mailvelope support as other providers do. Any mailbox.org accounts which have the Guard extension enabled for the first time will now be able to select either server-side PGP encryption, as usual, or configure Guard for use with the Mailvelope-Plugin. Note that once Guard is fully configured and operational, this setting cannot be reversed. We urge our users to please read the FAQs on this subject before setting up Guard.
See the FAQ for more details:
30-days disposable e-mail addresses
Many web services and forums require registration with an e-mail address and sometimes, we might prefer not to hand over the address that we use regularly. One alternative is to use e-mail aliases, yet the number of aliases one can create per account is limited, and their use is potentially unsafe, as other people might re-register an alias sometime after it was deleted. For this reason, users may now create disposable e-mail addresses in the mailbox.org settings. These are valid for 30 days, after which they expire and are deleted automatically. Please note: You can only receive but not send any e-mails using disposable addresses!