Threat model

    We believe that every user has the right to know exactly what threats Mailfence protects or does not protect you from.
    We therefore composed this generic Mailfence threat model.

  1. Mailfence protects you against :
    • Eavesdropping on your Internet connection
      Communications between your device and Mailfence servers are protected by encryption using a SSL/TLS certificate issued by a European company (with no American certification authorities included in the certification chain). This means that if hackers eavesdrop on your Internet connection, they can not easily decrypt the traffic between your device and the Mailfence website. This is especially important if you use a computer on a public or office network or if your wireless connection is not encrypted.
    • Mass surveillance
      Perfect for an individual (or corporation) that does NOT want the government (or other non-state actors) to have access to all of their emails at any time. Mailfence does not operate like the gigantic American players (Google, Microsoft, Yahoo) which continuously scan and archive all of your conversations. Our end-to-end encryption technology (E2EE) is designed to protect you against anyone who tries to compromise your email privacy by only allowing a designated recipient to read your message by decrypting it with a private key.
    • Message forgery/Tampering attacks
      The Mailfence digital signature provides absolute authenticity and non-repudiation (sender cannot deny having sent the message). Mailfence is unique in offering the complete CIA triad (Confidentiality, Integrity and Availability) to its users. This makes it an ideal platform, not only for privacy enthusiasts but also for professionals (doctors, engineers, lawyers, journalists, teachers, students, etc.) who want to exercise their online freedom.
    • Compromised account
      If your account password gets compromised, your private key passphrase will prevent an attacker to perform any activity related to encryption: read any received encrypted emails, send encrypted and/or digitally signed messages, perform operations on your keystore.
    • Data theft
      In the unlikely event that an adversary (state or even a non-state actor) somehow breaches our servers and gets hold of data stored on our servers, all of your encrypted content will remain encrypted and unreadable since decryption requires the use of your private key which is protected by your passphrase (which only you know). Also, to prevent a strong adversary from cracking-down a private key, the default length of every generated key pair has been set to 4096 bits (generated with strong entropy). Some folks will say that 4096 bits only provides a little bit of extra security compared to 2048 bits – well, we say that it's worth grabbing that extra bit.
  2. Mailfence will not protect you against:
    • Compromised device
      If your device has been compromised by a malware, keylogger etc. (quite possible these days with so many strong state actor adversaries) then end-to-end encryption or other security measures are useless. In fact, your adversary could use your account to further spoof your identity and damage your online presence on a large scale. Regularly check out ‘tips’ in our blog to follow better practices.
    • Compromised or forgotten passphrase
      Unfortunately, this happens. If your passphrase has been compromised (let’s say via a malware, keylogger or through the use of bad practices such as writing it down somewhere or sending it in clear text) or if you have simply forgotten your passphrase, then you are in serious trouble. We will not be able to help you in any way, except to urge you to change your passphrase or simply revoke that key pair and use a new one.
    • High level Man-in-the-Middle (MITM) attacks
      Such attacks are so sophisticated and complex that it is assumed that only high-level adversaries (state actors) are capable of executing them. In a high level Man-in-the-Middle attack against Mailfence, the adversary would turn Mailfence into a clone by, for example, forging our certificate (very hard but not impossible) or by authenticating users on false grounds. In order to compromise your data, the adversary would also have to fake all of the Mailfence services. We have maximised our protection against such attacks by getting a CA certificate which has no American certification authority in the certification chain and by offering you the possibility to verify our SSL/TLS certificate.
    • Powerful state-funded attacks (DDoS, breaking the encryption, planting a backdoor, etc.)
      A DDoS (Distributed Denial of Service) attack is usually aimed at shutting down an entire service (website). Over the more than 18 years that we have operated a cloud messaging service, we have been exposed to such threats and gradually perfectionated our defense against them. Other common state-funded and resourced attacks such as breaking the encryption, planting a backdoor or sending you a bad Javascript code could also happen – as the saying goes "nothing is impossible". However, we have done everything (humanly) possible to mitigate such threats.