E-mail - General

Of course, when we think about e-mail communication, it also starts with choosing the right e-mail provider.

Do you need one or more e-mail addresses?

It is recommended to use different e-mail addresses for different usages. This can also be done via email aliases. This complicates a "profiling" based on an identical e-mail address on different portals or applications and on top of that reduces the spam load. Some forums also pass on the e-mail addresses, and by using different e-mail addresses per website, you can quickly find out who has simply shared their data. In addition to his e-mail address for communication with friends, you can also create your own z.Bsp. only for online purchases, for forum posts or for political activities. As a rule, you can also have these e-mail addresses forwarded to your main e-mail and therefore you are always up to date. All mail providers offer this option.

Use temporary e-mail addresses

If an e-mail address is only needed to log in to a forum or post a comment on blogs, you can use temporary mail addresses. These temporary addresses are often simply deleted after a few hours or are no longer available.

A small list of e-mail providers in addition to the previously known:

  • Mailbox.org (German mail provider, servers are available in Germany, accounts from 1, - € per month, PGP encrypted inbox and mail can only be activated via SSL / TLS, DANE, users' IP addresses are removed from the e-mail header, anonymous accounts possible, anonymous payment by letter or Bitcoin, OTP login with Yubikey for web interface)
  • Ownbay (Provider is registered in Malta, servers are in Germany, accounts are starting from 1, - € per month, PGP encrypted inbox can be activated, DANE, user IP addresses are removed from the e-mail header, anonymous accounts are possible, anonymous payment per letter or Bitcoin, OTP Login for Web Interface)
  • Posteo.de (German mail provider, servers are available in Germany, accounts from 1, - € per month, S / MIME or PGP encrypted inbox can be activated, DANE, IP addresses of users are removed from the email header, anonymous accounts possible, anonymous payment per Letter or bitcoin, OTP login with FreeOTP for web interface)
  • aikQ.de and (German mail provider, server in Germany, accounts from 1, - € per month, anonymous accounts possible, anonymous payment possible)
  • Kolab Now (Groupware hosting in Switzerland with address book, calendar and e-mail, mail accounts for 4.41 CHF per month, groupware for 10 CHF per month, DANE, IP addresses of users and user-agent info are removed from the e-mail header)
  • neomailbox.com (anonymous e-mail hosting in Switzerland, accounts from $ 3,33 per month, anonymous payment with Pecunix, IP addresses of users are removed from the e-mail header)
  • ETHICmail (registered on the Seycellen, operators from Gibraltar, servers distributed in Japan, Switzerland and Cyprus, two accounts from $ 11,90 per month, anonymous payment with Bitcoin possible, emergency wipe of the account via SMS possible, backups off, encrypted mailbox, focus: best possible protection against state access)
  • CryptoHeaven (Offshore registered company, server in Canada, accounts from $ 60 per year, simple encryption of communication with accounts with the same provider)
  • runbox.com (privacy-dedicated Norwegian e-mail provider, servers are also in Norway, accounts from 1,66 dollars per month)
  • RuggedInbox (free of charge, anonymous accounts, webinterface Javascript-free, accessible as Tor hidden service, server in Bulgaria, private leisure project)

For political activists, there are providers who particularly emphasize protection against state access. These providers are funded with donations. For an account you have to prove your political activities, but not necessarily disclose your identity. In addition to e-mail accounts, blogs and mailing lists are also offered.

  • Associazione-Investici (Italian provider, servers are available at XS4ALL in the Netherlands, uses own Certification Authority for SSL certificates)
  • Nadir.org (German provider, servers are also available at XS4ALL)
  • AktiviX.org (German provider, servers are in Brazil)

Notice:Running a qualitative mail service also costs money, so it may be worth spending a few dollars on it yourself.

Security of SSL / TLS encryption

You can use the webinterfaces with the Server test of Qualys SSL Labs check. The mail servers (SMTP, POP, IMAP) can be used with the Mailserver test by ssl-tools.net be checked or with CheckTLS.com.

  • Mailbox.org: secure encryption, DANE
  • Ownbay.net: secure encryption, DANE
  • Posteo.de: secure encryption, DANE
  • aikQ: secure encryption
  • Kolab Now secure encryption, DANE
  • neomailbox.com: SSLv3 not disabled
  • ETHICmail: Certificates only with SHA1 signatures
  • CryptoHeaven: SSLv2 and SSLv3 are still supported, certificates only with SHA1 signatures
  • Runbox.com: SSLv3 not disabled, certificates only with SHA1 signatures

Some reasons why different email providers with good reputation have NOT been added to the list of recommendations:

  • Hushmail.com stores too much data. In addition to the usual data when visiting the website, the e-mails are scanned and the following data is stored for 18 months:
    1. all sender and recipient e-mail addresses (VDS logging)
    2. all filenames of the received and sent attachments
    3. Subject lines of all emails (not encryptable)
    4. URLs from the text of unencrypted e-mails
    5. "... and any other information that we need"

    This data will NOT be deleted when canceling an account.

    When paying for a premium account, the IP address of the customer as well as country, city and postcode will be passed on to third parties. In addition, Hushmail.com integrates third-party services. The ID of the Hushmail account will be sent to these third parties when visiting the website after login. Hushmail.com assumes no responsibility for the privacy policy of these third-party sites.

  • In the EU study Fighting cybercrime and protecting privacy in the cloud The authors warn in Chapter 5.4 (p. 48) about risks in the storage of data in the US. Due to the US PATRIOT Act (especially S. 215ff) and the 4. Supplement of the FISA Amendments Act It is possible for US authorities without legal scrutiny to sniff the communications of non-US citizens. It does not matter whether the cloud or e-mail provider is a US company or not. It is sufficient in the opinion of the Americans, if the servers are in the USA. For this reason a server location "USA" is unsuitable for German users. This concerns, among others, the providers SecureNym, S-Mail, Fastmail.fm, Rise-up ...
  • SecureMail.biz was bought by Perfect Privacy. After one Report at Indymedia will operate perfect privacy of neo-Nazis. For the statement on the website of Perfect Privacy that the service is operated by an international group of recognized privacy activists, I have found no independent confirmation. I do not want to financially support far-right propaganda by advertising an associated service.
  • 4SecureMail transmits an anonymous but unique user ID and sex (male / female) to advertisers. Tracking networks can associate this information with other data collections.
  • AnonymousSpeech does not provide SMTP / POP3 for e-mail clients. It is dependent on the use of the Web interface, the configuration of which has serious security flaws in the HTTPS encryption.
  • Cotse, Yahoo! and AOL does not provide secure encryption for communication between mail server and e-mail client (Secure Renegotiation is not supported for SMTP, what since 2009 as serious error in the SSL protocol is classified).
  • Countermail.com requires Java for registration and login in the web interface. The release of Java is a considerable one security risk, In addition, Java Applets can bypass anonymization services such as Tor and JonDonym and expose the IP of the surfer against the web service.
  • Luxsci.com uses Flash LSO's on the website for tracking users. Flash applets can bypass anonymization services like Tor and JonDonym and expose the surfer's IP against the web service. Despite the masking of the sender IP for sent mails, I can not recommend this provider as privacy-friendly.
  • XMAIL.net (The operator Aaex Corp. is registered in the British Virgin Islands, the servers are in Canada, free accounts with POP3, but without SMTP) - actually privacy-friendly. Unfortunately, the mail server does not use TLS for server 2 server connections with other mail servers.
  • Mail.de is recommended for many comparisons as a good e-mail provider. The service uses Google Analytics on the website (also on the page for the registration), displays ads from Doubleclick (also belongs to Google) and sends data to the website GoogleTagManager (includes "Google Universal Analytics tracking code"). Customers using the web interface will be provided with tracking by Google. In addition, a mobile phone number is required as a mandatory entry for the registration.

Leave a Comment