This is how we deliver a highly secure email service.
- OpenPGP end-to-end encryption (E2EE)
End-to-end encryption is a method to secure data when it is sent from a source to a destination. With end-to-end encryption, data is encrypted on the sender’s system and only the intended recipient can decrypt it. Nobody in between can read or tamper with it. This provides a high level of protection to all of your communications.
- Password encrypted messages
With password encrypted messages (PEM), a password agreed between the sender and the recipient encrypts the message. This is called symmetric password encryption. It allows you to send encrypted emails to people that do not know how to use PGP encryption keys. The recipient will receive a link to decrypt the message on Mailfence’s servers. The shared password has to reach the recipient through another communication means. Read more.
- Digital signatures
A digital signature is equivalent to a handwritten signature or a stamped seal, but offers far more inherent security. A digital signature makes forgery and impersonation impossible and it provides absolute authenticity and integrity to all of your messages. For more details, check Mailfence end-to-end encryption and digital signatures. Are you an advanced user? Check our OpenPGP encryption best practices and digital signature best practices to further help you in securing and leveraging your crypto use on the whole.
- Integrated keystore
Our keystore is a place in your account, dedicated to OpenPGP key generation and management. It is completely independent from any third-party add-on or plug-in. Our keystore allows you to generate a key pair but also to import your already existing OpenPGP key pair. Our keystore provides a secure and easy-to-use environment where you can perform both basic and advanced key management operations. You can also generate or import multiple key pairs, a feature that no other webmail solution provides.
- Two-factor authentication
Two-factor authentication (2FA) is a type of multi-factor authentication where a user provides something he/she knows with something he/she possesses. This safeguards an account when the password has been compromised by adding another layer of authentication.
- Secure access
We mandate all connections to our servers via Transport Layer Security (SSL/TLS) encryption, both for web services and IMAP / POP / SMTP email client access. This prevents eavesdropping, tampering and message forgery of any communication between your device and our servers. We also provide Perfect Forward Secrecy (PFS) for our encrypted connections (HTTPS) to ensure that even in the unlikely event of a security breach, no previous communications could be decrypted. All connections from browsers supporting PFS have been protected since the launch of our Service. A HTTP Strict Transport Security (HSTS) is also activated on all our web pages. HSTS tells all modern browsers to connect to our servers over a secure connection only, even if you try to access an insecure page via bookmark, link or URL.
- Forcing SMTP outgoing mail encryption
When you send emails in clear text, they can be intercepted and read on the way to the recipient. That is why we use TLS encryption. This decreases the risk for passive eavesdropping, tampering or forgery. Unfortunately this only works when the receiving server supports TLS. Similarly, we accept encrypted connections for mail delivery to our servers.
- Service-level strong message validation (SPF, DKIM, ...)
We validate inbound messages using following two standards:Sender Policy Framework (SPF) protects against sender address forgery, also called spoofing, by allowing a domain owner to publish the IP addresses of the mail servers it uses.Unfortunately not all domain owners are willing or able to publish definitive SPF records. This is the case when they regularly allow third-party email marketing companies to send email for them.The second verification system, Domain Keys Identified Mail (DKIM), allows a sender server to include a digital signature in the message, which a recipient server can validate.A message that can’t be validated does not necessarily mean trouble. But it certainly ought to raise an alarm.
- We use software that take security seriously
We use operating systems and open source software that take security seriously. However, software have bugs. In most cases, an update for a security problem will be available within minutes/hours of the original report. We perform the update as soon as it is available and validated.
- Locally hosted and total control over our servers
Our servers are located in Belgium (Europe) and we have full control over them. We do not use an intermediary or subcontractor to manage them and we do not allow any third-party access. The data center uses biometric security as well as additional advanced security measures such as camera surveillance, big fences, security guards. If one of our system engineers needs physical access to a server, he has to sign in and pass the biometric security. Only a few members of our technical staff are allowed to access the data center.
- That's not it
We use many other conventional and non-conventional security measures, all of which cannot be explained here. Our goal is to provide maximum protection to our users against all possible threats and the Mailfence security team works hard to do just that. On our blog we also publish security tips, best practices and precautionary measures that all users should use to protect the privacy of their online data.
Finally, like any other service, we are not perfect and have limitations. Our threat model provides a detailed account of the threats that Mailfence does and does not protect you from. We cannot claim that our system is 100% secure - no one can offer that level of security - but we work hard to offer you the highest level of protection possible.