mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-07-01 17:22:39 +00:00
Redesign larger pages (#2078)
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Daniel Gray
182
docs/email.md
182
docs/email.md
@ -8,9 +8,21 @@ Email is practically a necessity for using any online service, however we do not
|
||||
|
||||
For everything else, we recommend a variety of email providers based on sustainable business models and built-in security and privacy features.
|
||||
|
||||
- [OpenPGP-Compatible Email Providers :material-arrow-right-drop-circle:](#openpgp-compatible-services)
|
||||
- [Other Encrypted Providers :material-arrow-right-drop-circle:](#more-providers)
|
||||
- [Email Aliasing Services :material-arrow-right-drop-circle:](#email-aliasing-services)
|
||||
- [Self-Hosted Options :material-arrow-right-drop-circle:](#self-hosting-email)
|
||||
|
||||
## OpenPGP Compatible Services
|
||||
|
||||
These providers natively support OpenPGP encryption/decryption, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
These providers natively support OpenPGP encryption/decryption and the Web Key Directory (WKD) standard, allowing for provider-agnostic E2EE emails. For example, a Proton Mail user could send an E2EE message to a Mailbox.org user, or you could receive OpenPGP-encrypted notifications from internet services which support it.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji } [Proton Mail](email.md#proton-mail)
|
||||
- { .twemoji } [Mailbox.org](email.md#mailboxorg)
|
||||
|
||||
</div>
|
||||
|
||||
!!! warning
|
||||
|
||||
@ -48,41 +60,41 @@ If you have the Proton Unlimited, Business, or Visionary Plan, you also get [Sim
|
||||
|
||||
Proton Mail has internal crash reports that they **do not** share with third parties. This can be disabled in: **Settings** > **Go to Settings** > **Account** > **Security and privacy** > **Send crash reports**.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
Paid Proton Mail subscribers can use their own domain with the service or a [catch-all](https://proton.me/support/catch-all) address. Proton Mail also supports [subaddressing](https://proton.me/support/creating-aliases), which is useful for people who don't want to purchase a domain.
|
||||
|
||||
??? success "Private Payment Methods"
|
||||
#### :material-check:{ .pg-green } Private Payment Methods
|
||||
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) cash by mail in addition to standard credit/debit card, [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc), and PayPal payments.
|
||||
Proton Mail [accepts](https://proton.me/support/payment-options) Bitcoin and cash by mail in addition to standard credit/debit card and PayPal payments.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
Proton Mail supports TOTP [two factor authentication](https://proton.me/support/two-factor-authentication-2fa) only. The use of a U2F security key is not yet supported. Proton Mail is planning to implement U2F upon completion of their [Single Sign On (SSO)](https://reddit.com/comments/cheoy6/comment/feh2lw0/) code.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
Proton Mail has [zero-access encryption](https://proton.me/blog/zero-access-encryption) at rest for your emails and [calendars](https://proton.me/news/protoncalendar-security-model). Data secured with zero-access encryption is only accessible by you.
|
||||
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
Certain information stored in [Proton Contacts](https://proton.me/support/proton-contacts), such as display names and email addresses, are not secured with zero-access encryption. Contact fields that support zero-access encryption, such as phone numbers, are indicated with a padlock icon.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
Proton Mail has [integrated OpenPGP encryption](https://proton.me/support/how-to-use-pgp) in their webmail. Emails to other Proton Mail accounts are encrypted automatically, and encryption to non-Proton Mail addresses with an OpenPGP key can be enabled easily in your account settings. They also allow you to [encrypt messages to non-Proton Mail addresses](https://proton.me/support/password-protected-emails) without the need for them to sign up for a Proton Mail account or use software like OpenPGP.
|
||||
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
Proton Mail also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people who don't use Proton Mail to find the OpenPGP keys of Proton Mail accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
Proton Mail doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
If you have a paid account and your [bill is unpaid](https://proton.me/support/delinquency) after 14 days, you won't be able to access your data. After 30 days, your account will become delinquent and won't receive incoming mail. You will continue to be billed during this period.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
Proton Mail offers an "Unlimited" account for €9.99/Month, which also enables access to Proton VPN in addition to providing multiple accounts, domains, aliases, and 500GB of storage.
|
||||
|
||||
### Mailbox.org
|
||||
|
||||
@ -100,43 +112,54 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://login.mailbox.org)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
Mailbox.org lets you use your own domain, and they support [catch-all](https://kb.mailbox.org/display/MBOKBEN/Using+catch-all+alias+with+own+domain) addresses. Mailbox.org also supports [subaddressing](https://kb.mailbox.org/display/BMBOKBEN/What+is+an+alias+and+how+do+I+use+it), which is useful if you don't want to purchase a domain.
|
||||
|
||||
??? check "Private Payment Methods"
|
||||
#### :material-information-outline:{ .pg-blue } Private Payment Methods
|
||||
|
||||
Mailbox.org doesn't accept any cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
Mailbox.org doesn't accept Bitcoin or any other cryptocurrencies as a result of their payment processor BitPay suspending operations in Germany. However, they do accept Cash by mail, cash payment to bank account, bank transfer, credit card, PayPal and couple of German-specific processors: paydirekt and Sofortüberweisung.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
Mailbox.org supports [two factor authentication](https://kb.mailbox.org/display/MBOKBEN/How+to+use+two-factor+authentication+-+2FA) for their webmail only. You can use either TOTP or a [Yubikey](https://en.wikipedia.org/wiki/YubiKey) via the [Yubicloud](https://www.yubico.com/products/services-software/yubicloud). Web standards such as [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn) are not yet supported.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
Mailbox.org allows for encryption of incoming mail using their [encrypted mailbox](https://kb.mailbox.org/display/MBOKBEN/The+Encrypted+Mailbox). New messages that you receive will then be immediately encrypted with your public key.
|
||||
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
However, [Open-Exchange](https://en.wikipedia.org/wiki/Open-Xchange), the software platform used by Mailbox.org, [does not support](https://kb.mailbox.org/display/BMBOKBEN/Encryption+of+calendar+and+address+book) the encryption of your address book and calendar. A [standalone option](calendar.md) may be more appropriate for that information.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
Mailbox.org has [integrated encryption](https://kb.mailbox.org/display/MBOKBEN/Send+encrypted+e-mails+with+Guard) in their webmail, which simplifies sending messages to people with public OpenPGP keys. They also allow [remote recipients to decrypt an email](https://kb.mailbox.org/display/MBOKBEN/My+recipient+does+not+use+PGP) on Mailbox.org's servers. This feature is useful when the remote recipient does not have OpenPGP and cannot decrypt a copy of the email in their own mailbox.
|
||||
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
Mailbox.org also supports the discovery of public keys via HTTP from their [Web Key Directory (WKD)](https://wiki.gnupg.org/WKD). This allows people outside of Mailbox.org to find the OpenPGP keys of Mailbox.org accounts easily, for cross-provider E2EE.
|
||||
|
||||
??? success "Digital Legacy"
|
||||
#### :material-check:{ .pg-green } Digital Legacy
|
||||
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
Mailbox.org has a digital legacy feature for all plans. You can choose whether you want any of your data to be passed to heirs providing that they apply and provide your testament. Alternatively, you can nominate a person by name and address.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
Your account will be set to a restricted user account when your contract ends, after [30 days it will be irrevocably deleted](https://kb.mailbox.org/en/private/payment-article/what-happens-at-the-end-of-my-contract).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
You can access your Mailbox.org account via IMAP/SMTP using their [.onion service](https://kb.mailbox.org/display/MBOKBEN/The+Tor+exit+node+of+mailbox.org). However, their webmail interface cannot be accessed via their .onion service and you may experience TLS certificate errors.
|
||||
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
All accounts come with limited cloud storage that [can be encrypted](https://kb.mailbox.org/display/MBOKBEN/Encrypt+files+on+your+Drive). Mailbox.org also offers the alias [@secure.mailbox.org](https://kb.mailbox.org/display/MBOKBEN/Ensuring+E-Mails+are+Sent+Securely), which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports [Exchange ActiveSync](https://en.wikipedia.org/wiki/Exchange_ActiveSync) in addition to standard access protocols like IMAP and POP3.
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji }{ .twemoji } [StartMail](email.md#startmail)
|
||||
- { .twemoji } [Tutanota](email.md#tutanota)
|
||||
|
||||
</div>
|
||||
|
||||
### StartMail
|
||||
|
||||
@ -155,43 +178,39 @@ Proton Mail has internal crash reports that they **do not** share with third par
|
||||
|
||||
- [:octicons-browser-16: Web](https://mail.startmail.com/login)
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
Personal accounts can use [Custom or Quick](https://support.startmail.com/hc/en-us/articles/360007297457-Aliases) aliases. [Custom domains](https://support.startmail.com/hc/en-us/articles/4403911432209-Setup-a-custom-domain) are also available.
|
||||
|
||||
??? warning "Private Payment Methods"
|
||||
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
|
||||
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as [Bitcoin](advanced/payments.md#other-coins-bitcoin-ethereum-etc) (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
StartMail accepts Visa, MasterCard, American Express and Paypal. StartMail also has other [payment options](https://support.startmail.com/hc/en-us/articles/360006620637-Payment-methods) such as Bitcoin (currently only for Personal accounts) and SEPA Direct Debit for accounts older than a year.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
StartMail supports TOTP two factor authentication [for webmail only](https://support.startmail.com/hc/en-us/articles/360006682158-Two-factor-authentication-2FA). They do not allow U2F security key authentication.
|
||||
|
||||
??? info "Data Security"
|
||||
#### :material-information-outline:{ .pg-blue } Data Security
|
||||
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
StartMail has [zero access encryption at rest](https://www.startmail.com/en/whitepaper/#_Toc458527835), using their "user vault" system. When you log in, the vault is opened, and the email is then moved to the vault out of the queue where it is decrypted by the corresponding private key.
|
||||
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
StartMail supports importing [contacts](https://support.startmail.com/hc/en-us/articles/360006495557-Import-contacts) however, they are only accessible in the webmail and not through protocols such as [CalDAV](https://en.wikipedia.org/wiki/CalDAV). Contacts are also not stored using zero knowledge encryption.
|
||||
|
||||
??? success "Email Encryption"
|
||||
#### :material-check:{ .pg-green } Email Encryption
|
||||
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys.
|
||||
StartMail has [integrated encryption](https://support.startmail.com/hc/en-us/sections/360001889078-Encryption) in their webmail, which simplifies sending encrypted messages with public OpenPGP keys. However, they do not support the Web Key Directory standard, making the discovery of a Startmail mailbox's public key more challenging for other email providers or clients.
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
StartMail does not offer a digital legacy feature.
|
||||
StartMail does not offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
On account expiration, StartMail will permanently delete your account after [6 months in 3 phases](https://support.startmail.com/hc/en-us/articles/360006794398-Account-expiration).
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
|
||||
## More Providers
|
||||
|
||||
These providers store your emails with zero-knowledge encryption, making them great options for keeping your stored emails secure. However, they don't support interoperable encryption standards for E2EE communications between providers.
|
||||
StartMail allows for proxying of images within emails. If you allow the remote image to be loaded, the sender won't know what your IP address is.
|
||||
|
||||
### Tutanota
|
||||
|
||||
@ -219,44 +238,51 @@ These providers store your emails with zero-knowledge encryption, making them gr
|
||||
|
||||
Tutanota doesn't support the [IMAP protocol](https://tutanota.com/faq/#imap) or the use of third-party [email clients](email-clients.md), and you also won't be able to add [external email accounts](https://github.com/tutao/tutanota/issues/544#issuecomment-670473647) to the Tutanota app. Neither [Email import](https://github.com/tutao/tutanota/issues/630) or [subfolders](https://github.com/tutao/tutanota/issues/927) are currently supported, though this is [due to be changed](https://tutanota.com/blog/posts/kickoff-import). Emails can be exported [individually or by bulk selection](https://tutanota.com/howto#generalMail) per folder, which may be inconvenient if you have many folders.
|
||||
|
||||
??? success "Custom Domains and Aliases"
|
||||
#### :material-check:{ .pg-green } Custom Domains and Aliases
|
||||
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
Paid Tutanota accounts can use up to 5 [aliases](https://tutanota.com/faq#alias) and [custom domains](https://tutanota.com/faq#custom-domain). Tutanota doesn't allow for [subaddressing (plus addresses)](https://tutanota.com/faq#plus), but you can use a [catch-all](https://tutanota.com/howto#settings-global) with a custom domain.
|
||||
|
||||
??? info "Private Payment Methods"
|
||||
#### :material-alert-outline:{ .pg-orange } Private Payment Methods
|
||||
|
||||
Tutanota only directly accepts credit cards and PayPal, however [cryptocurrency](cryptocurrency.md) can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
Tutanota only directly accepts credit cards and PayPal, however Bitcoin and Monero can be used to purchase gift cards via their [partnership](https://tutanota.com/faq/#cryptocurrency) with Proxystore.
|
||||
|
||||
??? success "Account Security"
|
||||
#### :material-check:{ .pg-green } Account Security
|
||||
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
Tutanota supports [two factor authentication](https://tutanota.com/faq#2fa) with either TOTP or U2F.
|
||||
|
||||
??? success "Data Security"
|
||||
#### :material-check:{ .pg-green } Data Security
|
||||
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
Tutanota has [zero access encryption at rest](https://tutanota.com/faq#what-encrypted) for your emails, [address book contacts](https://tutanota.com/faq#encrypted-address-book), and [calendars](https://tutanota.com/faq#calendar). This means the messages and other data stored in your account are only readable by you.
|
||||
|
||||
??? warning "Email Encryption"
|
||||
#### :material-alert-outline:{ .pg-orange } Email Encryption
|
||||
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
Tutanota [does not use OpenPGP](https://www.tutanota.com/faq/#pgp). Tutanota accounts can only receive encrypted emails from non-Tutanota email accounts when sent via a [temporary Tutanota mailbox](https://www.tutanota.com/howto/#encrypted-email-external).
|
||||
|
||||
??? warning "Digital Legacy"
|
||||
#### :material-alert-outline:{ .pg-orange } Digital Legacy
|
||||
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
Tutanota doesn't offer a digital legacy feature.
|
||||
|
||||
??? info "Account Termination"
|
||||
#### :material-information-outline:{ .pg-blue } Account Termination
|
||||
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
Tutanota will [delete inactive free accounts](https://tutanota.com/faq#inactive-accounts) after six months. You can reuse a deactivated free account if you pay.
|
||||
|
||||
??? info "Additional Functionality"
|
||||
#### :material-information-outline:{ .pg-blue } Additional Functionality
|
||||
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
Tutanota offers the business version of [Tutanota to non-profit organizations](https://tutanota.com/blog/posts/secure-email-for-non-profit) for free or with a heavy discount.
|
||||
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
Tutanota also has a business feature called [Secure Connect](https://tutanota.com/secure-connect/). This ensures customer contact to the business uses E2EE. The feature costs €240/y.
|
||||
|
||||
## Email Aliasing Services
|
||||
|
||||
An email aliasing service allows you to easily generate a new email address for every website you register for. The email aliases you generate are then forwarded to an email address of your choosing, hiding both your "main" email address and the identity of your email provider. True email aliasing is better than plus addressing commonly used and supported by many providers, which allows you to create aliases like yourname+[anythinghere]@example.com, because websites, advertisers, and tracking networks can trivially remove anything after the + sign to know your true email address.
|
||||
|
||||
<div class="grid cards" markdown>
|
||||
|
||||
- { .twemoji }{ .twemoji } [AnonAddy](email.md#anonaddy)
|
||||
- { .twemoji } [SimpleLogin](email.md#simplelogin)
|
||||
|
||||
</div>
|
||||
|
||||
Email aliasing can act as a safeguard in case your email provider ever ceases operation. In that scenario, you can easily re-route your aliases to a new email address. In turn, however, you are placing trust in the aliasing service to continue functioning.
|
||||
|
||||
Using a dedicated email aliasing service also has a number of benefits over a catch-all alias on a custom domain:
|
||||
@ -430,7 +456,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Valid [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) records.
|
||||
- Valid [SPF](https://en.wikipedia.org/wiki/Sender_Policy_Framework) and [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) records.
|
||||
- Have a proper [DMARC](https://en.wikipedia.org/wiki/DMARC) record and policy or use [ARC](https://en.wikipedia.org/wiki/Authenticated_Received_Chain) for authentication. If DMARC authentication is being used, the policy must be set to `reject` or `quarantine`.
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [Deprecating TLSv1.0 and TLSv1.1](https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/).
|
||||
- A server suite preference of TLS 1.2 or later and a plan for [RFC8996](https://datatracker.ietf.org/doc/rfc8996/).
|
||||
- [SMTPS](https://en.wikipedia.org/wiki/SMTPS) submission, assuming SMTP is used.
|
||||
- Website security standards such as:
|
||||
- [HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
|
||||
@ -445,7 +471,7 @@ Email servers deal with a lot of very sensitive data. We expect that providers w
|
||||
- Bug-bounty programs and/or a coordinated vulnerability-disclosure process.
|
||||
- Website security standards such as:
|
||||
- [Content Security Policy (CSP)](https://en.wikipedia.org/wiki/Content_Security_Policy)
|
||||
- [Expect-CT](https://datatracker.ietf.org/doc/draft-ietf-httpbis-expect-ct)
|
||||
- [RFC9163 Expect-CT](https://datatracker.ietf.org/doc/rfc9163/)
|
||||
|
||||
### Trust
|
||||
|
||||
|
||||
Reference in New Issue
Block a user