Posteo is a privacy and security focused email service from Germany
Unless you are making sure that you are using encryption when using email, chance is that your emails get read by machines and maybe also individuals as they are not protected by any means.
German email service Posteo just announced an addition to the service's privacy-focused email offering that allows all users to encrypt their mail data with the click of a button.
Posteo is not free but affordable at $1 per month or $12 per year. Users get 2 Gigabyte of free storage for that with options to increase storage for $0.25 per Gigabyte per month.
What sets Posteo apart from the majority of other email services out there is its focus on privacy and security.
Privacy begins when you sign up. While you can use your credit card or PayPal to subscribe, Posteo supports cash as well which ensures your anonymity. The sign-up form itself requests no personal information and Posteo promises that they don't save IP addresses and replace user IP addresses when sending emails with that of the Posteo server.
Posteo supports TLS-encrypted access and transmissions, encrypts all data on AES encrypted hard drives, and supports the previously mentioned crypto mail storage.
To use it, select Settings > Encryption from the menu, enter your account password again to verify that you have access to it and then the "activate crypto mail storage now" button.
Once you hit the button, all emails of the account are encrypted using the password. This includes not only the email body but also attachments and metadata. In addition, all future emails that arrive are encrypted as well.
Posteo notes that encryption blocks them from accessing the contents of user emails and that users will lose access to all emails if they forget the account password.
Encryption does not prevent the use of IMAP or POP3 so that you can access your account using local email programs and mobile devices.
Crypto storage is not the only protective feature that Posteo offers. Users may enable inbound encryption and end-to end encryption of individual emails using S/MIME or OpenPGP. In addition, address book and calendar can be encrypted directly on the web interface to protect the data using the account password.
Additional information about security and privacy are available on the site's encryption help page.
Posteo is a subscription-based email provider. One benefit of paying money for email is that you get an ad-free tracker-free environment. The service, including its webmail interface and newsletter, is completely ad-free and uses no tracking tools on the web either. Since it is not financed by advertising, it has no advertising partners or parses emails to deliver targeted advertisement to users of its service.
As far as additional features are concerned, you may configure aliases (two are free, more for $0.10 per alias) which you can use instead of the primary email address. Aliases support a variety of localized Posteo domains but no custom domains at the time of writing.
What else? The service ships with its own spam and virus filter, supports custom filters to sort emails by content or sender automatically, folders, a pop3 migration service to migrate from another service, forwarding and auto-reply, and support for IMAP and POP3 connections.
You may also use signatures and HTML emails, receive attachments of up to 50 Megabyte in size, or switch between different view modes for emails.
Address book and calendar support import and export operations. It is for instance possible to import CardDAV contacts to the address book or export calendar data as ics files. In fact, data exports are one of the key features of Posteo as it gives users full control over their data at any time.
POP3/IMAP information
Server name: posteo.de
Username: [email protected]
Password: Your personal password
Outgoing mail server (SMTP):
- With STARTTLS using port 587, or
- with SSL/TLS encryption using port 465
Incoming mail server (IMAP):
- With STARTTLS using port 143, or
- with SSL/TLS encryption using port 993
Incoming mail server (POP3):
- With STARTTLS using port 110, or
- with SSL/TLS encryption using port 995
Closing Words
Posteo is not free but the base service is reasonably priced at €1 per month especially if you consider that it supports anonymous payments and several options and features that protect user identities, emails and other data. All in all an interesting email service for privacy and security conscious Internet users.
Sounds like quite a comprehensive attempt to address a lot of the problems with email security and privacy. Certainly very inexpensive.
However unless I’m missing something, this fails to solve the one major issue every other email security solution based on the current legacy email system also fail at: ensuring all a user’s correspondents also use encryption with whichever nail service they use.
It’s all very well having a high security mail server but if even one of your correspondents is using a plain text system, your ability to freely communicate in private starts to fall apart.
The article mentions the possibility of S/MIME and OpenPGP support. Is this for corresponding with people who use either or both but not thru the same service as, in this example, a Posteo user? That may well suit some of Posteo user’s non-Posteo contacts but unlikely all of them.
It’s rather sad to seemingly see no complete secure email replacement around 2 years after Snowden’s revelations started.
It’s somewhat ironic that a service trying to provide a secure email solution would be based in the former home of the 3rd Reich and the Stasi. At first that might seem irrelevant but it appears humanity has gone backwards in that a system set up to be (probably too) universal and largely independent of nation states; political regimes and domination from any particular oligopoly scenarios: email … had effectively been coopted by one single regime and we are trying to solve this problem not by reestablishing that original independent universality but through a series of disparate isolated projects.
Email needs a rough equivalent to the W3C. Email “1.0” needs to be deprecared globally and replaced with a global upgrade following a standard administered by an independent central body.
Individual companies setting up secure niche sections of the net for their security-focused email services are ignoring the elephant in the room: the inability of their service to talk securely across the rest of the net to other services.
You are right that security applies mostly to emails once they have arrived on the Posteo server and not before. You still need to setup up a system like OpenPGP and need to make sure that others use it as well for full security. Since this is still complicated to setup, I cannot see it gain much traction in the future unless someone comes up with an automated solution. Even then, it would need 100% adoption to be effective and I find it hard to believe that this is going to happen anytime soon.
I don’t think it is ironic that services like Posteo come from Germany. Germans are highly privacy-sensitive because of what happened in the past, all the snooping and privacy invasions first by Gestapo and other third reich organizations and then more recently the STASI in the East.
Posteo reminds me of another excellent German email service, Mailbox dot org, Similar fees, Mailbox has a free plan and also offers 3 aliases for the basic 12$/year subscription. Whatever, these very few low-cost and hq secure email services are really worth a move from the “institutional” webmail providers. No peeking, no ads, tranquility. One buck a month is really not expensive.
Mailbox dot org is a horrendous example of privacy. Reading thru their website made my nauseous with all the data they collect from visitors as well as members. As far as security, I believe they are at least as good as their closest competitors except – I don’t believe they offer server level zero-knowledge encryption of incoming un-encrypted mail (as posteo does) OR contacts/calendars – with which they made a statement something like “we don’t believe this is necessary” or something similair. Every time I see someone post that they are paying for and using that service just because “they offer personal domain support” I want to shake them and ask – did you really read the fine print? I think many people proceed without doing so. Just the mention of Mailbox org gets me triggered out of sympathy for theme since I believe most are just uninformed. If I am completely wrong and am overlooking the sliver lining with that outfit please someone enlightenment me.
Probably by CIA for CIA.
Using it for 2 years now, can recommend.
Sounds interesting and seems a very reasonable fees.
Only last week my email application was accepted by ProtonMail so I will first see how that goes.
What would you recommend between posteo and protnmail?
Thanks for this article. I always keep one or two online email accounts that are NOT Gmail and NOT Yahoo. This sounds very nice. I seldom have occasion to encrypt email, and my life is not so exciting that I have to worry about my online communications being monitored. However, I do like my privacy, and I do, on a rare day, send account information. I also store emails containing #s that should be accessed by no one else. I don’t expect an email service to solve all the security problems inherent in the system we’ve all been using for so many years. At $1/month, certainly affordable, and as safe as you can get.
There is now a new encrypted e-mail solution out there called Ghostmail.com. It is build on a Zero-Knowledge architecture which means only your password can decrypt the communication, meaning whatever is stored on the servers is useless to anybody who might gain access to your data. Chat is also supported and storage coming soon. Best part is that there is a free version for the average user.
Posteo does indeed seem a nice option ( can also have country base aliases e.g. .co.uk or .ie) . For me though its Roundcube mail interface is clunky and not attractive.
There is also startmail who have a somewhat simplified encryption method available. ( https://support.startmail.com/index.php?/Knowledgebase/Article/View/534/0/question–answer-encryption-method ). Their service is a little bit expensive however.
After searching through various alternatives to gmail over the last 6 months or so I find myself back with Gmail ( for ordinary usage)
yes, gmail is intrusive for sure but to me its still very very good. what i do is open opera in its vpn and open gmail there. then i just use a different browser for everything else. so minimal tracking by gmail.
Just signed up for mailbox dot org yesterday and I must admit in trying it out this morning that it is quick in sending and receiving.
Despite the fact that I can’t read German, after contacting tech support and getting a quick answer, getting instructions to changing the interface to English was quite clear.
I’m impressed with the service, the length of time it’s been in business and the price.
I despise Gmail and abhor all things Google. After having had it for years and not knowing what they were up to as far as permeating the world with their trash, also giving in to the government like a love-sick puppy, I would never have signed up for Gmail in the first place. I would delete my account in a New York Minute, except for the fact that I must use the Google Talk video portion. For now….
Just for information there is a link to the English version of mailbox dot org
I will post the link.
https://mailbox.org/en/
Or just mailvelope addon, it works on Chrome and Firefox quite well since a long time now.
https://github.com/mailvelope/mailvelope/