i18n/i18n/pt/email.md

meta_title, title, icon, description, cover, global

meta_title	title	icon	description	cover	global
Recomendações de Correio Eletrónico Privado Encriptado - Privacy Guides	Serviços de Correio Eletrónico	material/email	Estes fornecedores de correio eletrónico são um excelente local para armazenar as suas mensagens eletrónicas em segurança e muitos oferecem encriptação OpenPGP interoperável com outros fornecedores.	email.webp	randomize-element table tbody

Protects against the following threat(s):

• :material-server-network: Fornecedores de serviços{.pg-teal}

O correio eletrónico é praticamente uma necessidade para subscrever qualquer serviço online, mas não o recomendamos para conversas pessoais. Em vez de utilizar o correio eletrónico para contactar outras pessoas, considere a possibilidade de utilizar uma aplicação de mensagens instantâneas que suporte encaminhamento sigiloso.

Aplicações de Mensagens Instantâneas Recomendadas{.md-button}

Provedores recomendados

Para tudo o resto, recomendamos uma variedade de fornecedores de e-mail baseados em modelos de negócio sustentáveis e que incorporem funcionalidades de segurança e de privacidade. Para mais informações, consulte a lista completa de critérios .

Provider	OpenPGP / WKD	IMAP / SMTP	Encrypted Storage	Anonymous Payment Methods
Proton Mail	:material-check:{ .pg-green }	:material-information-outline:{ .pg-blue } Paid plans only	:material-check:{ .pg-green }	Cash Monero via third party
Mailbox Mail	:material-check:{ .pg-green }	:material-check:{ .pg-green }	:material-information-outline:{ .pg-blue } Mail only	Dinheiro
Tuta	:material-alert-outline:{ .pg-orange }	:material-alert-outline:{ .pg-orange }	:material-check:{ .pg-green }	Monero via third party Cash via third party

In addition to (or instead of) an email provider recommended here, you may wish to consider a dedicated email aliasing service to protect your privacy. Among other things, these services can help protect your real inbox from spam, prevent marketers from correlating your accounts, and encrypt all incoming messages with PGP.

• More Information :material-arrow-right-drop-circle:

Serviços Compatíveis com OpenPGP

These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic end-to-end encrypted emails. For example, a Proton Mail user could send an E2EE message to a Mailbox Mail user, or you could receive OpenPGP-encrypted notifications from internet services which support it.

• { .twemoji } Proton Mail
• { .twemoji } Mailbox Mail

Warning

When using E2EE technology like OpenPGP your email will still have some metadata that is not encrypted in the header of the email, generally including the subject line! Read more about email metadata.

OpenPGP also does not support forward secrecy, which means if the private key of either you or the message recipient is ever stolen, all previous messages encrypted with it will be exposed.

• How do I protect my private keys?

Proton Mail

{ align=right }

O Proton Mail é um serviço de e-mail que privilegia a privacidade, a encriptação, a segurança e a facilidade de utilização. They have been in operation since 2013. Proton AG is based in Geneva, Switzerland.

The Proton Free plan comes with 500 MB of Mail storage, which you can increase up to 1 GB for free.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :simple-torbrowser:{ .card-link title="Onion Service" } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" }

Downloads

• :simple-googleplay: Google Play
• :simple-appstore: App Store
• :simple-github: GitHub
• :fontawesome-brands-windows: Windows
• :simple-apple: macOS
• :simple-linux: Linux
• :octicons-browser-16: Web

Free accounts have some limitations, such as not being able to search body text and not having access to Proton Mail Bridge, which is required to use a recommended desktop email client such as Thunderbird. As contas pagas incluem funcionalidades como o Proton Mail Bridge, armazenamento adicional e suporte para domínios personalizados. The Proton Unlimited plan or any multi-user Proton plan includes access to SimpleLogin Premium.

A letter of attestation was provided for Proton Mail's apps in November 2021 by Securitum.

Proton Mail has internal crash reports that are not shared with third parties and can be disabled.

=== "Web"

From your inbox, select :gear: → **All Settings** → **Account** → **Security and privacy** → **Privacy and data collection**.

- [ ] Disable **Collect usage dignostics**
- [ ] Disable **Send crash reports**

=== "Mobile"

From your inbox, select :material-menu: → :gear: **Settings** → select your username.

- [ ] Disable **Send crash reports**
- [ ] Disable **Collect usage dignostics**

:material-check:{ .pg-green } Domínios e aliases personalizados

Os subscritores do Proton Mail podem utilizar o seu próprio domínio com o serviço ou um endereço catch-all. Proton Mail also supports sub-addressing, which is useful for people who don't want to purchase a domain.

:material-check:{ .pg-green } Métodos de pagamento privados

Proton Mail accepts cash by mail in addition to standard credit/debit card, Bitcoin, and PayPal payments. Additionally, you can use Monero to purchase vouchers for Proton Mail Plus or Proton Unlimited via their official reseller ProxyStore.

:material-check:{ .pg-green } Segurança da conta

Proton Mail supports TOTP two-factor authentication and hardware security keys using FIDO2 or U2F standards. The use of a hardware security key requires setting up TOTP two-factor authentication first.

:material-check:{ .pg-green } Segurança dos dados

Proton Mail stores your emails and calendars with PGP-based encryption at rest, where only you have the decryption keys needed to access them later.

Certain information stored in Proton Contacts, such as display names and email addresses, are not secured with your own encryption keys, so Proton is able to read them. Contact fields which are protected with your own encryption keys, such as phone numbers, are indicated with a padlock icon.

:material-check:{ .pg-green } Encriptação de e-mail

O Proton Mail tem encriptação OpenPGP integrada no seu webmail. Os e-mails para outras contas do Proton Mail são encriptados automaticamente e a encriptação para endereços que não sejam do Proton Mail com uma chave OpenPGP pode ser ativada facilmente nas definições da sua conta. Proton also supports automatic external key discovery with WKD. This means that emails sent to other providers which use WKD will be automatically encrypted with OpenPGP as well, without the need to manually exchange public PGP keys with your contacts. They also allow you to encrypt messages to non-Proton Mail addresses without OpenPGP, without the need for them to sign up for a Proton Mail account.

Proton Mail also publishes the public keys of Proton accounts via HTTP from their WKD. This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Proton's own domains, like @proton.me. If you use a custom domain, you must configure WKD separately.

:material-information-outline:{ .pg-blue } Remoção da conta

Se tiver uma conta paga e passarem 14 dias da data de pagamento sem que seja paga, não poderá aceder aos seus dados. Decorridos 30 dias, a sua conta ficará em situação de incumprimento e não receberá e-mails. A faturação continuará a ser processada durante esse período. Proton will delete inactive free accounts after one year. You cannot reuse the email address of a deactivated account.

:material-information-outline:{ .pg-blue } Funcionalidade adicional

Proton Mail's Unlimited plan also enables access to other Proton services in addition to providing multiple custom domains, unlimited hide-my-email aliases, and 500 GB of storage.

Mailbox Mail

{ align=right }

Mailbox Mail (formerly Mailbox.org) is an email service with a focus on being secure, ad-free, and powered by 100% eco-friendly energy. Estão em funcionamento desde 2014. Mailbox Mail is based in Berlin, Germany.

Accounts start with up to 2 GB storage, which can be upgraded as needed.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" }

Downloads

• :octicons-browser-16: Web

:material-check:{ .pg-green } Domínios e aliases personalizados

z Mailbox Mail lets you use your own domain, and they support catch-all addresses. Mailbox Mail also supports sub-addressing, which is useful if you don't want to purchase a domain.

:material-check:{ .pg-green } Métodos de pagamento privados

Mailbox Mail doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept cash by mail, cash payment to bank account, bank transfer, credit card, PayPal, and a couple of German-specific processors: Paydirekt and Sofortüberweisung.

:material-check:{ .pg-green } Segurança da conta

Mailbox Mail supports two-factor authentication for their webmail only. You can use either TOTP or a YubiKey via the YubiCloud. Web standards such as WebAuthn are not yet supported.

:material-information-outline:{ .pg-blue } Segurança dos dados

Mailbox Mail allows for encryption of incoming mail using their encrypted mailbox. As novas mensagens recebidas serão imediatamente encriptadas com a sua chave pública.

However, Open-Xchange, the software platform used by Mailbox Mail, does not support the encryption of your address book and calendar. A standalone option may be more appropriate for that data.

:material-check:{ .pg-green } Encriptação de e-mail

Mailbox Mail has integrated encryption in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow remote recipients to decrypt an email on Mailbox Mail's servers. Esta funcionalidade é útil quando o destinatário remoto não tem o OpenPGP e não consegue desencriptar uma cópia do e-mail na sua própria caixa de correio.

Mailbox Mail also supports the discovery of public keys via HTTP from their WKD. This allows people outside of Mailbox Mail to find the OpenPGP keys of Mailbox Mail accounts easily for cross-provider E2EE. This only applies to email addresses ending in one of Mailbox Mail's own domains, like @mailbox.org. If you use a custom domain, you must configure WKD separately.

:material-information-outline:{ .pg-blue } Remoção da conta

Your account will be set to a restricted user account when your contract ends. It will be irrevocably deleted after 30 days.

:material-information-outline:{ .pg-blue } Funcionalidade adicional

You can access your Mailbox Mail account via IMAP/SMTP using their .onion service. However, their webmail interface cannot be accessed via their .onion service, and you may experience TLS certificate errors.

All accounts come with limited cloud storage that can be encrypted. Mailbox Mail also offers the alias @secure.mailbox.org, which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox Mail also supports Exchange ActiveSync in addition to standard access protocols like IMAP and POP3.

Mailbox Mail has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs, providing that they apply and provide your testament. Em alternativa, pode nomear uma pessoa, fornecendo o seu nome e endereço.

Mais Fornecedores

These providers encrypt your emails in a way that only you can read them later, making them great options for keeping your stored emails secure. No entanto, não suportam normas de encriptação interoperáveis para comunicações E2EE entre fornecedores.

• { .twemoji loading=lazy }{ .twemoji loading=lazy } Tuta

Tuta

{ align=right } { align=right }

Tuta (formerly Tutanota) is an email service with a focus on security and privacy through the use of encryption. Tuta has been in operation since 2011 and is based in Hanover, Germany.

Free accounts start with 1 GB of storage.

:octicons-home-16: Homepage{ .md-button .md-button--primary } :octicons-eye-16:{ .card-link title="Privacy Policy" } :octicons-info-16:{ .card-link title="Documentation" } :octicons-code-16:{ .card-link title="Source Code" } :octicons-heart-16:{ .card-link title="Contribute" }

Downloads

• :simple-googleplay: Google Play
• :simple-appstore: App Store
• :simple-github: GitHub
• :fontawesome-brands-windows: Windows
• :simple-apple: macOS
• :simple-linux: Linux
• :octicons-browser-16: Web

Tuta doesn't support the IMAP protocol or the use of third-party email clients, and you also won't be able to add external email accounts to the Tuta app. Email import is not currently supported either, though this is due to be changed. Emails can be exported individually or by bulk selection per folder, which may be inconvenient if you have many folders.

:material-check:{ .pg-green } Domínios e Aliases Personalizados

Paid Tuta accounts can use either 15 or 30 aliases depending on their plan and unlimited aliases on custom domains. Tuta doesn't allow for sub-addressing (plus addresses), but you can use a catch-all with a custom domain.

:material-information-outline:{ .pg-blue } Métodos de pagamento privados

Tuta only directly accepts credit cards and PayPal, however you can use cryptocurrency to purchase gift cards via their partnership with ProxyStore.

:material-check:{ .pg-green } Segurança da Conta

Tuta supports two-factor authentication with either TOTP or U2F.

:material-check:{ .pg-green } Segurança dos Dados

Tuta stores your emails, address book contacts, and calendars with strong encryption where only you have the decryption keys. This means the messages and other data stored in your account cannot be read by anyone other than you after they are stored.

:material-information-outline:{ .pg-blue } Encriptação de Correio Eletrónico

Tuta does not use OpenPGP. Tuta accounts can only receive encrypted emails from non-Tuta email accounts when sent via a temporary Tuta mailbox.

:material-information-outline:{ .pg-blue } Remoção da Conta

Tuta will delete inactive free accounts after six months. Poderá reutilizar uma conta gratuita desativada, se pagar.

:material-information-outline:{ .pg-blue } Funcionalidade Adicional

Tuta offers the business version of Tuta to non-profit organizations for free or with a heavy discount.

Critérios

Please note we are not affiliated with any of the providers we recommend. In addition to our standard criteria, we have developed a clear set of requirements for any email provider wishing to be recommended, including implementing industry best practices, modern technology and more. We suggest you familiarize yourself with this list before choosing an email provider, and conduct your own research to ensure the email provider you choose is the right choice for you.

Tecnologia

Consideramos que estas características são importantes para podermos prestar um serviço seguro e otimizado. You should consider whether the provider has the features you require.

Mínimos de qualificação:

• Must encrypt email account data at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
• Must be capable of exporting emails as Mbox or individual .EML with RFC5322 standard.
• Allow users to use their own domain name. Os nomes de domínio personalizados são importantes para os utilizadores, porque lhes permitem manter a sua agência do serviço, caso este se torne mau ou seja adquirido por outra empresa que não dê prioridade à privacidade.
• Must operate on owned infrastructure, i.e. not built upon third-party email service providers.

Melhor caso:

• Should encrypt all account data (contacts, calendars, etc.) at rest with asymmetric encryption, where only the user has the private keys needed to decrypt it.
• Should provide integrated webmail E2EE/PGP encryption as a convenience.
• Should support WKD to allow improved discovery of public OpenPGP keys via HTTP. GnuPG users can get a key with this command: gpg --locate-key example_user@example.com.
• Suporte para uma caixa de correio temporária para utilizadores externos. This is useful when you want to send an encrypted email without sending an actual copy to your recipient. Estas mensagens de e-mail têm normalmente um tempo de vida limitado e depois são automaticamente eliminadas. Também não requerem que o destinatário configure qualquer criptografia como o OpenPGP.
• Should support sub-addressing.
• Should allow users to use their own domain name. Os nomes de domínio personalizados são importantes para os utilizadores, porque lhes permitem manter a sua agência do serviço, caso este se torne mau ou seja adquirido por outra empresa que não dê prioridade à privacidade.
• Catch-all or alias functionality for those who use their own domains.
• Should use standard email access protocols such as IMAP, SMTP, or JMAP. Standard access protocols ensure customers can easily download all of their email, should they want to switch to another provider.
• Email provider's services should be available via an onion service.

Privacidade

Preferimos que os nossos fornecedores recomendados recolham o mínimo de dados possível.

Mínimos de qualificação:

• Must protect sender's IP address, which can involve filtering it from showing in the Received header field.
• Must not require personally identifiable information (PII) besides a username and a password.
• Privacy policy must meet the requirements defined by the GDPR.

Melhor caso:

• Should accept anonymous payment options (cryptocurrency, cash, gift cards, etc.)
• Should be hosted in a jurisdiction with strong email privacy protection laws.

Segurança

Email servers deal with a lot of very sensitive data. We expect that providers will adopt industry best practices in order to protect their customers.

Mínimos de qualificação:

• Protection of webmail with 2FA, such as TOTP.
• Encryption at rest, using asymmetric encryption where the service provider does not have the decryption keys to the data they hold. This prevents a rogue employee leaking data they have access to, or a remote adversary from releasing data they have stolen by gaining unauthorized access to the server.
• Suporte DNSSEC.
• No TLS errors or vulnerabilities when being profiled by tools such as Hardenize, testssl.sh, or Qualys SSL Labs; this includes certificate related errors and weak DH parameters, such as those that led to Logjam.
• A server suite preference (optional on TLS 1.3) for strong cipher suites which support forward secrecy and authenticated encryption.
• Uma política válida MTA-STS e TLS-RPT.
• Registos DANE válidos.
• Registos SPF e DKIM válidos.
• Must have a proper DMARC record and policy or use ARC for authentication. Se estiver a ser utilizada a autenticação DMARC, a política deve ser definida como reject ou quarantine.
• A server suite preference of TLS 1.2 or later and a plan for RFC8996.
• Submissão SMTPS, assumindo que é utilizado o SMTP.
• Normas de segurança de sites Web, tais como:
  • Segurança de transporte estrito HTTP
  • Integridade do sub-recurso se estiver a carregar dados de domínios externos.
• Must support viewing of message headers, as it is a crucial forensic feature to determine if an email is a phishing attempt.

Melhor caso:

• Should support hardware authentication, i.e. U2F and WebAuthn.
• Registo de Recursos de Autorização de Autoridade de Certificação (CAA) do DNS, para além do suporte DANE.
• Should implement Authenticated Received Chain (ARC), which is useful for people who post to mailing lists RFC8617.
• Published security audits from a reputable, third-party firm.
• Programas de recompensa de bugs e/ou um processo coordenado de divulgação de vulnerabilidades.
• Normas de segurança de sites Web, tais como:
  • Política de segurança de conteúdo (CSP)
  • RFC9163 Expect-CT

Confiança

You wouldn't trust your finances to someone with a fake identity, so why trust them with your email? Exigimos que os nossos fornecedores recomendados sejam transparentes em relação à sua propriedade ou liderança. Gostaríamos também de ver relatórios de transparência frequentes, especialmente no que diz respeito à forma como os pedidos do governo são tratados.

Mínimos de qualificação:

• Liderança ou propriedade virada para o público.

Melhor caso:

• Relatórios de transparência frequentes.

Marketing

With the email providers we recommend, we like to see responsible marketing.

Mínimos de qualificação:

• Must self-host analytics (no Google Analytics, Adobe Analytics, etc.).
• Must not have any irresponsible marketing, which can include the following:
  • Claims of "unbreakable encryption." Encryption should be used with the intention that it may not be secret in the future when the technology exists to crack it.
  • Guarantees of protecting anonymity 100%. When someone makes a claim that something is 100%, it means there is no certainty for failure. We know people can quite easily de-anonymize themselves in a number of ways, e.g.:
    • Reusing personal information e.g. (email accounts, unique pseudonyms, etc.) that they accessed without anonymity software such as Tor
    • Impressão digital do browser

Melhor caso:

• Clear and easy-to-read documentation for tasks like setting up 2FA, email clients, OpenPGP, etc.

Funcionalidade adicional

While not strictly requirements, there are some other convenience or privacy factors we looked into when determining which providers to recommend.