More Secure Email

It is a truism that nothing is actually free from the vast majority of email providers who offer free email forwarding and a webmail client: Most ad-supported services collect users' data to evaluate and resell it. Each document published from Edward Snowden's treasure trove just makes the situation more threatening – the amount of metadata and email that intelligence services store for evaluation is difficult to comprehend.

When the US mail service Lavabit [1] – where Snowden was a customer – was brought to its knees by the FBI because the owner refused to disclose the SSH key to his server and thus his customer's metadata, it became clear to many European users that a local provider offering the most secure email possible was the better choice – even if it cost a little more each month.

Trust Is Important

Trust involves not only the services provided, but where the data is actually stored. Since the NSA affair, many people no longer trust service providers from the United States. Having a service provider located in Germany (or other German-speaking country) might not guarantee greater data security or privacy, but the data protection regulations there do give rise to a level of trust more than in many other countries. This prompted a closer look at four email service providers from German-speaking countries (Table 1).

In our lab comparison, I placed special emphasis on particular criteria: security, data protection, data minimization, spam protection, transparency, sustainability, and freedom from advertising. Additionally, I looked at the functionality offered as a basic service by all the providers. In doing so, I attached great importance to whether the email provider met the five standards for secure email, as established by the US civil rights organization Electronic Frontier Foundation (EFF). This involves encrypting communications in the data center and between email servers using HTTPS and HSTS [3] and Perfect Forward Secrecy (PFS) [4].

Posteo

Posteo [5], out of Kreuzberg, Berlin, has been in existence for six years and is thus the oldest of the email providers tested. The service provider, located not far from the place where Konrad Zuse first put his Z3 computer [6] into operation, has existed since 2009 and is advertised as being "green, secure, ad-free."

From Posteo, you can get email and synchronizable calendars, as well as address books that can also be encrypted for EUR1 per month. The mailbox has 2GB of storage space, and email is retrieved via POP3 or IMAP. You can reserve additional storage space or more than the two alias addresses included for a tiny amount per month. Memory can be expanded by up to 20GB; each additional gigabyte above the basic offer costs EUR0.25 per month. So, for 20GB, you end up paying EUR5.50 per month.

Posteo does not provide its own apps for mobile devices, but integration into the mobile K-9 client [7] works without problem. Using the CardDAV and CalDAV protocols, you can synchronize your addresses and appointments (Figure 1) between several computers or mobile devices in the web front end (Figure 2).

Figure 1: You can synchronize dates and addresses between your computers and mobile devices with Posteo using CardDAV and CalDAV.

Figure 2: Posteo provides only a single vertical split, meaning the webmail provider wastes a huge amount of space on a widescreen display.

Posteo provides an intuitive web client (Figure 3), but it can also be integrated easily into Kmail, Thunderbird, and other popular email clients. Registration is simple: You just need to enter the desired email address and password. The customer remains completely anonymous both here and during the checkout process – if desired. Payment can be made by direct debit or PayPal, by post, or directly into the company's mailbox. Customers determine the desired anonymity themselves.

Figure 3: The Posteo webmail client provides the most important functions, and you can optionally create your email in HTML format.

In any case, Posteo promises not to attempt to link email addresses and real names. This step ensures that the provider cannot assign mail to a billing account even if asked to do so by the authorities. Posteo proved that it is serious about protecting privacy after a visit from officials with a disciplinary complaint and a criminal complaint against the officers [8]. The proceedings are still pending.

Sustainability is an important aspect in the Posteo concept [9]. The Posteo server not only consumes green power, but the provider also took ecological aspects into consideration when selecting the furniture for its offices. On the technical side, open source software is used across the board, and Posteo naturally gives back its in-house developments as free software on GitHub [10].

The hard disk drives in the company's Linux servers, which are located in a data center in Frankfurt, are encrypted with dm-crypt/LUKS. Communication between the servers is also encrypted. In the browser, Mailvelope [11] takes care of OpenPGP encryption (Figure 4), and TLS provides security in transit.

Figure 4: To read or write encrypted email in the Posteo webmail front end, you need to install the Mailvelope browser extension.

DNS-based Authentication of Named Entities (DANE/TLSA) has also been used since May 2014 to avert weak points in the TLS protocol. PFS also makes sure that any intercepted email is not decrypted, even if – as happened at Lavabit – the operator's private SSH key has been compromised.

Since November 2014, Posteo has also provided secure two-factor authentication [12] in the web client. Additionally, the provider is currently working on end-to-end encryption [13], which it intends to roll out at no extra charge for all users of currently some 100,000 mailboxes. Optional input encryption has been available since January 2015.

You can get help using Posteo's many functions in the webmail provider's quite detailed documentation. Problems brought to their attention by email were dealt with quickly; in one case, however, this took three working days. Posteo is looking to expand its service in the future. Interested parties can test the Posteo email service free of charge for 14 days; afterward, the minimum charge is EUR12.

Mailbox.org

The provider Mailbox.org [14] belongs to Peer Heinlein Support GmbH, which provides Linux training in addition to web hosting and email services. Mailbox.org (Figure 5) started in February 2014, and its servers are in Berlin, where the company also is located. Although Mailbox.org has only recently offered its services in their current form, Heinlein and his colleagues already have around 20 years of experience as service providers to email providers.

Figure 5: The Mailbox.org central portal informs you about upcoming events, recently edited documents, and the latest email in the Inbox.

As with Posteo, the basic Mailbox.org service costs EUR1 per month, which includes 2GB of storage, three aliases, and 100MB of storage for the office solution that was added at the end of last year and is based on the Open-Xchange [15] groupware product. This also provides task scheduling, word processing, and data exchange in the style of Google Docs or Dropbox (Figure 6).

Figure 6: Along with its email function, Mailbox.org comes with a complete office suite with word processing, spreadsheet, and online storage.

You can draw on the WebDAV protocol supported natively by many file managers for data synchronization with Linux. For mobile devices, apps like OX Drive for Android [16] let you use the online store conveniently on the road (Figure 7). Mailbox.org positions its office solution as an alternative to Google Apps or Office 365.

Figure 7: With Drive, Mailbox.org assumes the role of Google Drive or Dropbox. Open-Xchange apps, such as OX Drive here, are also available for mobile operating systems.

The service also collaborates with the Open-Xchange developers on OX Guard mail and file encryption, which is currently in testing. Two other plans let you increase your mail storage to 5 or 25GB, whereas the 100MB of storage space remains the same for Office. With its offer of an account with 20GB of storage space for EUR1 per month, Heinlein is cheaper than Posteo and also provides basic office functionality. The most expensive plan, OfficeXXL offers 50GB of storage space for email and 500GB for Office documents, which is reflected in the cost of EUR25 per month. However, in terms of formats, it is already well prepared for corporate use [17].

When you sign up with Mailbox.org, unlike with Posteo, you need to supply your first and last names; these do not, however, have to be your real names. Heinlein is very particular with the password: The service will reject the password unless it meets strict specifications. Mailbox.org has offered two-factor authentication via YubiKeys with secure one-time passwords since June 2014.

The Mailbox.org webmail client looks very tidy (Figure 8), provides a good range of settings, and allows additional email addresses from other providers to be integrated quickly. Heinlein has outsourced the relocation of email from these other email providers to an external provider who charges EUR3 per relocation.

Figure 8: With its view split in three vertically, Mailbox.org also works well on computers in widescreen format.

Posteo offers a collection service from any number of suppliers free of charge. Posteo also switches off forwarding after six months to remind the customers to abandon unsafe providers – extensions are possible, however. The relocation service worked quickly in both Mailbox.org and Posteo, handling around 10,000 email messages without any problems. Mailbox.org does not have its own apps, but it is working with the K-9 developers, among others, on developing a PGP keyring for Android devices and more extensive PGP support in K-9. Mailbox.org cooperates with the CalDavSync and CardDavSync developers to synchronize calendars and contacts.

Encryption in Mailbox.org relies on SSL/TLS and PGP (Figure 9). Input encryption that works with apps K-9 Mail, and Android Privacy Guide (APG) also works for Mailbox.org. SSL/TLS is always used if the other side also supports it. Encrypted dispatch can be firmly stipulated via the email address ich@secure.mailbox.org . If the other side does not use SSL/TLS, the email is not sent. You can give this address to third parties to receive email on the matching account.

Figure 9: You can upload the PGP key that you previously created on your computer and which is required for encrypted email traffic in the Mailbox.org settings.

Mailbox.org, like Posteo, also supports DANE as an additional security feature. In contrast to Posteo, the Heinlein service does not yet encrypt address books and calendars. It has, however, announced this feature, although no date has been set. Mailbox.org is also committed to ecology and sustainability, although not quite as consistently as Posteo. However, green electricity from LichtBlick and other providers, a fair bank, and fair working conditions without temporary workers and trainees help calm customers' environmental and social consciences.