Mailbox.org

Last updated
Mailbox.org
Mailbox.org logo.svg
Available in English, German
Headquarters
Germany
OwnerHeinlein Support GmbH, Berlin, Germany
URL mailbox.org
CommercialYes
RegistrationRequired
Launched2014;10 years ago (2014)
Current statusOnline

mailbox.org is an encrypted email service provider based in Germany. [1] The encryption system uses PGP like most other encrypted email providers. It also features address books, calendars, video conferencing, online office and tasks management. It competes against Office365 and GSuite as a German based provider. Its target customers include private, business, school and public authorities. [2]

Contents

History

In the wake of Snowden leaks, mailbox was started as a self-funded email provider in 2014 with aim to increase data protection and privacy. [3] [4] [5] Mailbox had been around in different forms since 1990. Mailbox's root lay in political provider JPBerlin since 1989. [6]

Since 2016, Mailbox.org has offered a Tor exit node for anonymizing connection data. [7] If Mailbox.org's services are accessed via the Tor anonymization network and the Tor exit server, Mailbox.org no longer logs IP addresses that would be suitable for data retention. [8] [9]

In January 2021, Berlin education department announced in press release to provide accounts for data-secure service emails for all of its approximately 33,000 Berlin public school teachers by the end of the year through a collaboration with mailbox.org. [10] But in December 2022, Berlin schools were again planned to convert from mailbox email to Microsoft exchange emails as reported by Der Tagesspiegel. [11]

Features

Pricing

Mailbox.org's basic offers 3 plans: light, standard and premium. Light is $1/month/user for 2 GB of email storage and 3 alias address. Standard is $3/month/user for 10 GB email storage, 2 GB drive storage and 25 mailbox alias and 50 custom domain email alias. The premium option gives 25 GB email storage, 5 GB cloud storage and 250 alias address to a custom domain as well as 25 mailbox alias address as well as priority email and telephone support. [5]

Security

Mailbox uses PGP encryption. Mailbox.org has received IT Security label from German federal office for Information Security. [12] Mailbox has a dedicated Tor Exit Node with an onion service address. [13]

Mailbox.org developed various new approaches to protect user data: for example, the provider was the first to introduce the option of subsequently encrypting all incoming e-mails with the user's public PGP key, thus providing special protection against access by third parties should the mailbox password be lost. [14] Mailbox.org is the first provider to offer the option of subsequently encrypting all incoming e-mails with the user's public PGP key, thus providing special protection against access by third parties should the mailbox password be compromised.

When using the webmail offer, it is possible to encrypt and also decrypt one's e-mails using PGP without special client software (e-mail program with any plug-ins that may be required), without necessarily using a browser extension such as Mailvelope. Keys and the encryption process take place outside the user's sphere of influence on mailbox.org's servers, which, however, contradicts the principle of end-to-end encryption. However, according to Peer Heinlein, CEO of mailbox.org, the private keys are stored on the servers at all times with a password known only to the user, so they cannot be viewed by administrators. [15] In addition, this avoids the need to store private PGP keys on end devices that are perceived as insecure.

Video conferencing

The video conference service offered is based on open source OpenTalk software. [16] [17]

Others

Mailbox also has XMPP server for its users. [18] It also offers address books, calendars and online office. The office suit includes online word processor and spreadsheet. [16]

Transparency

Mailbox publishes annual report of the number of information request it received from various governments. [19]

Related Research Articles

In computing, the Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 9051.

Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Phil Zimmermann developed PGP in 1991.

<span class="mw-page-title-main">Email client</span> Computer program used to access and manage a users email

An email client, email reader or, more formally, message user agent (MUA) or mail user agent is a computer program used to access and manage a user's email.

<span class="mw-page-title-main">Mozilla Thunderbird</span> Free and open-source email client by Mozilla

Mozilla Thunderbird is free and open-source email client software which also functions as a full personal information manager with a calendar and contactbook, as well as an RSS feed reader, chat client (IRC/XMPP/Matrix), and news client. Available cross-platform, it is operated by the Mozilla Foundation's subsidiary MZLA Technologies Corporation. Thunderbird is an independent, community-driven project that is managed and overseen by the Thunderbird Council, which is elected by the Thunderbird Community. The project strategy was originally modeled after that of Mozilla's Firefox web browser and is an interface built on top of that web browser.

An email address identifies an email box to which messages are delivered. While early messaging systems used a variety of formats for addressing, today, email addresses follow a set of specific rules originally standardized by the Internet Engineering Task Force (IETF) in the 1980s, and updated by RFC 5322 and 6854. The term email address in this article refers to just the addr-spec in Section 3.4 of RFC 5322. The RFC defines address more broadly as either a mailbox or group. A mailbox value can be either a name-addr, which contains a display-name and addr-spec, or the more common addr-spec alone.

Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender, Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password and stored for pickup by the recipient, or the message can be sent in cleartext. In July 2016, the company launched an iOS app that offers end-to-end encryption and full integration with the webmail settings. The company is located in Vancouver, British Columbia, Canada.

<span class="mw-page-title-main">Onion routing</span> Technique for anonymous communication over a computer network

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.

S/MIME is a standard for public-key encryption and signing of MIME data. S/MIME is on an IETF standards track and defined in a number of documents, most importantly RFC 8551. It was originally developed by RSA Data Security, and the original specification used the IETF MIME specification with the de facto industry standard PKCS #7 secure message format. Change control to S/MIME has since been vested in the IETF, and the specification is now layered on Cryptographic Message Syntax (CMS), an IETF specification that is identical in most respects with PKCS #7. S/MIME functionality is built into the majority of modern email software and interoperates between them. Since it is built on CMS, MIME can also hold an advanced digital signature.

<span class="mw-page-title-main">The Bat!</span> Email client for Windows

The Bat! is an email client for the Microsoft Windows operating system, developed by Moldovan software company Ritlabs. It is sold as shareware and offered in three editions: Home Edition, Professional Edition, and Voyager which is a portable version and is included with Professional Edition.

<span class="mw-page-title-main">Kontact</span> Personal information manager software

Kontact is a personal information manager and groupware software suite developed by KDE. It supports calendars, contacts, notes, to-do lists, news, and email. It offers a number of inter-changeable graphical UIs all built on top of a common core.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

<span class="mw-page-title-main">Proton Mail</span> End-to-end encrypted email service

Proton Mail is a Swiss end-to-end encrypted email service founded in 2013 headquartered in Plan-les-Ouates, Switzerland. It uses client-side encryption to protect email content and user data before they are sent to Proton Mail servers, unlike other common email providers such as Gmail and Outlook.com. The service can be accessed through a webmail client, the Tor network, Windows, macOS and Linux (beta) desktop apps and iOS and Android apps.

<span class="mw-page-title-main">SIGAINT</span>

SIGAINT was a Tor hidden service offering secure email services. According to its FAQ page, its web interface used SquirrelMail which does not rely on JavaScript. Passwords couldn't be recovered. Users received two addresses per inbox: one at sigaint.org for receiving clearnet emails and the other at its .onion address only for receiving emails sent from other Tor-enabled email services. Free accounts had 50 MB of storage space and expired after one year of inactivity. Upgraded accounts had access to POP3, IMAP, SMTP, larger size limits, full disk encryption, and never expired.

<span class="mw-page-title-main">Mailvelope</span> Browser extension for OpenPGP encryption with webmail services

Mailvelope is free software for end-to-end encryption of email traffic inside of a web browser that integrates itself into existing webmail applications. It can be used to encrypt and sign electronic messages, including attached files, without the use of a separate, native email client using the OpenPGP standard.

<span class="mw-page-title-main">Mailfence</span> Encrypted email service

Mailfence is secure encrypted email service that offers OpenPGP based end-to-end encryption and digital signatures. It was launched in November 2013 by Belgium-based company ContactOffice Group that has been operating an online collaboration suite since 1999.

<span class="mw-page-title-main">OpenKeychain</span>

OpenKeychain is a free and open-source mobile app for the Android operating system that provides strong, user-based encryption which is compatible with the OpenPGP standard. This allows users to encrypt, decrypt, sign, and verify signatures for text, emails, and files. The app allows the user to store the public keys of other users with whom they interact, and to encrypt files such that only a specified user can decrypt them. In the same manner, if a file is received from another user and its public keys are saved, the receiver can verify the authenticity of that file and decrypt it if necessary. As of August 2021, it is no longer actively developed.

Autocrypt is a cryptographic protocol for email clients aiming to simplify key exchange and enabling encryption. Version 1.0 of the Autocrypt specification was released in December 2017 and makes no attempt to protect against MITM attacks. It is implemented on top of OpenPGP replacing its complex key management by fully automated exchange of cryptographic keys between peers.

Proton AG is a Swiss technology company offering privacy-focused online services. It was founded in 2014 by a group of scientists who met at CERN and created Proton Mail. Proton is headquartered in Plan-les-Ouates, Switzerland. It is supported by FONGIT and the European Commission.

A virtual private network (VPN) service provides a proxy server to help users bypass Internet censorship such as geoblocking and users who want to protect their communications against data profiling or MitM attacks on hostile networks.

References

  1. Brinkmann, Martin (Feb 24, 2014). "Mailbox.org: German email provider offering full inbox encryption". Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  2. Huber, Mathias (2014-02-21). "Mailbox.org: Heinlein startet modernisiertes Mail-Angebot". Linux-Magazin (in German). Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  3. Sobiraj, Lars (2021-03-19). "mailbox.org entstand wegen Edward Snowden: Peer Heinlein im Gespräch". Tarnkappe.info (in German). Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  4. "About mailbox.org - Our team, our history, our mission | mailbox.org". mailbox.org. Archived from the original on 2023-06-28. Retrieved 2023-07-27.
  5. 1 2 updated, Desire Athow last (2020-11-11). "Mailbox.org secure email review". TechRadar. Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  6. dmon. "Das sichere E-Mail-Postfach für 1 €/Monat". JPBerlin - Politischer Provider (in German). Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  7. "Tor Good Exit Nodes". www.privacy-handbuch.de. Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  8. professional, com!. "Mailbox.org betreibt eigenen Tor Exit Node". com! - Das Computer-Magazin (in German). Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  9. online, heise (2016-02-04). "Mailbox.org betreibt Tor-Exit-Node". Security (in German). Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  10. "Datensichere Dienstmails für Lehrkräfte kommen: Die Testphase läuft bereits". www.berlin.de (in German). 2021-01-19. Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  11. "Anbieterwechsel empört Abgeordnete: Berlins Lehrkräfte bekommen neue Mail-Adressen". Der Tagesspiegel Online (in German). ISSN   1865-2263. Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  12. "Secure e-mail for private and business customers | mailbox.org". mailbox.org. Archived from the original on 2023-07-25. Retrieved 2023-07-27.
  13. "Security features & encryption | mailbox.org". mailbox.org. Archived from the original on 2023-07-10. Retrieved 2023-07-27.
  14. "Stiftfilm: Das verschlüsselte Postfach | mailbox.org – Ihr sicherer E-Mail-Anbieter". 2015-11-17. Archived from the original on 2015-11-17. Retrieved 2023-07-27.
  15. "Holger Bleich: Webmail mit PGP bei Mailbox.org". Archived from the original on 2022-04-22. Retrieved 2023-07-27.
  16. 1 2 "Our product: Secure e-mail and more | mailbox.org". mailbox.org. Archived from the original on 2023-08-21. Retrieved 2023-07-27.
  17. "OpenTalk · GitLab". GitLab. Archived from the original on 2023-08-19. Retrieved 2023-08-19.
  18. "Golem.de: IT-News für Profis". www.golem.de. Archived from the original on 2023-07-27. Retrieved 2023-07-27.
  19. "About mailbox.org - Our team, our history, our mission | mailbox.org". mailbox.org. Archived from the original on 2023-06-28. Retrieved 2023-07-27.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.