Mailbox.org is a German email service that puts a strong focus on privacy and security. Among the features are full inbox encryption as well as minimal logging and retention of logs.
The service is not free but starts at €1 per month for 3 email aliases and 2 Gigabyte of online storage. A side-effect of this is that advertisement is not used by the service.
Mailbox.org introduced a set of new features recently. The first adds support for one-time passwords to the service. These passwords work only once before they are no longer valid. While you can always sign in with your main password, using a one-time password may make sense in certain situations, for instance when you are using a public computer or connect to a public network.
One-time passwords work in conjunction with YubiKeys which we have reviewed back in 2010 for the first time. So, whenever you want to sign in to your Mailbox account you connect the USB device to the computer to do so.
This however is only part of it. Mailbox.org has added a four-digit Pin to the process as well which you need to enter to complete the process. The idea here is that protection would be relatively weak if only the username and the one-time password of the Yubikey would be required. The pin adds another layer of protection to the process to improve security.
With the new feature enabled, you have three login options:
- Normal authentication using the account username and password.
- One-time password login or basic authentication.
- One-time password login only.
The system can only be used with Yubikeys ordered from Mailbox.org currently. The company stated in a blog post that it is working on a solution to add support for third-party Yubikeys as well.
The second change adds support for custom domains to the service. What is meant by that is that you can use Mailbox.org to create email addresses using domains that you own.
You do need to redirect the mail Namserver entries to Mailbox.org before you can do so though which means that you need to use the service for all email addresses of that domain.
Another restriction is that all email aliases from that domain will become available under the same Mailbox.org account. If that is not an issue, do the following to set it up:
- Log in to your Mailbox.org account and open the settings.
- There you find an option to add an external address under create aliases.
- Add a new email address using the domain name that you want to use.
- The system will display a security code that you need to add to the DNS record of the domain.
- Once that is out of the way, you need to set the correct MX records as well. The reason why you do not make the change immediately is that email will be rejected until the correct security code is set.
- The three servers that you need to add are: mxext1.mailbox.org, mxext2.mailbox.org, mxext3.mailbox.org with priorities 10, 10 and 20.
Both changes make sense and improve the usability and security of the service, at least for some users. It is worth nothing that both features require improvements in the future to improve their appear. The Yubikey implementation for instance requires support for third-party Yubikeys while the custom domain feature should support multi-user email addresses for custom domains.