- Your E-Mail Account
- Your Office
- Security & Privacy
- New Account
- About Us
- Blog & News
mailbox.org protects your privacy whenever technically possible. Using a combination of different encryption mechanisms, we ensure the highest-possible security level for the protection of your data. In addition, we offer a number of choices on how you can encrypt your personal data.
mailbox.org uses an extended (green) validation (EV) security certificate by the Swiss CA SwissSign. This helps ensure that encrypted connections from clients will actually be established with servers at mailbox.org and not any others.
Our services are accessible only via secure protocols that require encryption. Security mechanisms such as HSTS protect effectively against man-in-the-middle attacks by enforcing encrypted HTTP connections to be made by web browsers.
On our web servers (including CalDav, WebDav, and CardDav) we only use those encryption algorithms that are widely considered secure. Servers are configured to always prefer the most up-to-date TLS version 1.2.
Modern & secure algorithms such as (EC)DHE use Perfect Forward Secrecy (PFS) to prevent the decryption of intercepted data transmissions from web- and mail servers.
By the way: Your password will never be stored in plain text on our servers but as a hash with salt. This means even we as provider have no way of knowing your password.
In order to support anonymous use of the Internet and to protect our customers from data retention measures, we operate a dedicated Tor Exit Node in our data centre.
Access to mailbox.org is always encrypted:
To facilitate this, we use recent security technologies:
As long as many servers on the Internet use SSLv3 and unsecure crypto-mechanisms (Ciphers) like RC4, MD5, or 3DES, users should not bet on finding reliable SSL encryption everywhere. mailbox.org has been thoroughly tested by different independent websites and received only the highest praise.
Anyone who needs to log in to a public PC to read their e-mail would want to avoid using their normal password there. With a One-Time-Password (OTP), there is no risk of passing on sensitive password information via third-party machines because each OTP is unique and cannot be reused for future logins. We support many different mechanisms for One-Time-Passwords.
YubiKey: A small portable USB stick. Once plugged in, a simple button-press will generate an OTP and insert it into the password field on the login page. The login is made even securer through the combination of OTP with a PIN that users can choose individually.
OTP Token generators: In addition to normal passwords and Yubikeys, we support other One-Time-Password token generators such as Google-Authenticator or the iPhone’s OATH service, as well as all other token generators that are based on HOTP, TOTP or mOTP.
When an e-mail gets sent through the Internet, transmission should be encrypted, so as to protect the content from unauthorized access on the way. Our servers will always try to establish the most secure connection possible, encrypted with TLS and secured with PFS. We have been one of the first providers to fully support DANE/TLSA and to secure our domain with DNSSEC. Non-secure mechanisms such as SSLv3, or encryption ciphers that have been previously cracked (3DES, RC4, MD5) are not used at mailbox.org.
In 2015, we invented a mechanism to promote the TLS-encrypted sending of e-mail, which has now been adopted by many other providers. It allows any user to find out in an instant if their communication partner uses a provider that supports SSL/TLS encryption and if so, how strong the algorithms employed really are and if DANE is also used. All a mailbox.org user needs to do is enter the e-mail address of a recipient when composing an e-mail and our system does the check in the background. Once our servers know the other mail domain, it is guaranteed that the current security level cannot be undercut by manipulation.
Read more about the mailbox.org SSL/TLS check.
mailbox.org has also come up with a feature that guarantees the securely encrypted sending of e-mails. Anyone who would rather not rely on the technical environment of their recipient server now has a means of enforcing encrypted communication: our additional service secure.mailbox.org makes sure e-mails are only sent and received with SSL/TLS encryption. Guaranteed.
Learn more about secure.mailbox.org.
Secure transmission of data, secure servers, and secure algorithms – all these are important and we are striving to set new standards in these areas. However, comprehensive protection of e-mail communication also requires content encryption. For more than 20 years, PGP has been continuously further developed to be the most reliable mechanism for encrypting e-mails today. To use the words of its originator:
„PGP empowers people to take their privacy into their own hands.“ Philip R. Zimmermann, creator and developer of the encryption software PGP.
We explicitly recommend that all our customers make use of PGP and actively promote and support this use by offering tutorials and manuals on the subject.
Decide for yourself:
mailbox.org offers two basic mechanisms for e-mail encryption
Our mailbox.org Guard facilitates the first PGP implementation that works with a webmail client while combining security and ease of use at the same time. It just works and there is no need to install plugins or store the sensitive private key on different devices (like a mobile phone).
The mailbox.org Guard is 100% compatible with OpenPGP and can also be used by local mail clients in combination with end-to-end encryption.
Did you know? The mailbox.org Guard can also encrypt your files as they are stored in our Drive area.
Learn more about the background and functionality of Guard, advantages and disadvantages, and how to set it up in our manuals about Guard. Additional background information can be found in our hints about Guard.
Advantages of mailbox.org Guard
The Mailvelope plugin presents an alternative to using Guard. Here, users need to install the Mailvelope software in their local web browser and can then send and read encrypted e-mail using the webmail client.
Read our FAQ about Mailvelope and how to use it with mailbox.org.
Advantages of Mailvelope
A true innovation of 2014: mailbox.org was the first e-mail provider to develop a method for encrypting inbox contents using a user’s public PGP key. Given that most of our users keep their e-mails for many years, it gives them peace of mind to know that they are stored on our servers securely encrypted.
More information about the encrypted inbox can be found in our FAQ.
The public PGP keys of mailbox.org Guard users will be retrieved automatically. For external users we offer a HKPS key server that delivers verified OpenPGP keys that belong to mailbox.org users.
Detailed information about the key server can be found in our FAQ „The mailbox.org HKPS key server“
We at mailbox.org take very seriously all matters concerning privacy and data protection. As a provider, we are very transparent about the kind of data we keep about our customers. We will only elicit those data that we absolutely need in order to operate our services for our customers. Whenever there is an opportunity for us to reduce the amount of data we keep or handle, we will act. For instance, at mailbox.org IP address information is removed from all mail headers.
All our servers are physically located in Berlin/Germany and hence, subject to strong German data protection, privacy, and information security laws, and watched over by our certified information security officer. Find more details in our data privacy statement.
We protect your data