Mailfence - A Private and Secure Email Suite based in Belgium

Hi all!

We are Mailfence, a private and secure email suite provider based in Belgium. We provide a comprehensive suite of tools, including email, calendar, online storage, contact management, and more.

We are not a traditional startup with a high cash burn rate, but we are in it for the long run. We are cautious, reliable, stable, and honest. We do serious things but with passion. We launched the company in 1999 and are among the pioneers of cloud software in Europe.

Some of the privacy and security tools we provide include:

  • end-to-end encryption (OpenPGP)
  • digital signatures
  • encryption at rest
  • password-encrypted messages
  • 2FA
  • and more.

More info can be found on our website: https://mailfence.com/

We would love to be considered in your list of private and secure email solutions :folded_hands:

Kind regards,
Patrick - co-founder of Mailfence

7 Likes

Welcome to our forum!

Since your services are browser-based, are there any plans for Mailfence to develop a Windows/MacOS/Linux app? Or are you primarily banking on PWAs and POP/IMAP/SMTP email clients

(I see in OP this is now resolved)

Could be an interesting alternative to mailbox.org if a free plan is absolutely required.

I was unable to sign up, but would be interested to test in the future.

Sorry, the registration failed for at least one of the following reasons:

A potential abuse was detected
Registration is temporarily closed for your country or your IP address
A banned/disposable email domain was used as activation & recovery email address
Your browser is outdated: try with a more recent browser

Please retry in 24 hours. If the registration fails again, contact the support.

Hi there - currently we are focused on developing and improving our mobile app (available on both iOS and Android), as well as supporting most open standards such as POP, IMAP, SMTP and EAS (Mailfence and external clients help - Mailfence Support)

Currently there is no plan in the short term to develop a dedicated desktop app, but it could be something we look into in the future if there is demand for it :slight_smile:

Regards,
Patrick

1 Like

Hi there - yes, unfortunately, we have tightened our sign-up filters due to a recent wave of scammers and spammers. If you send us an email at support@mailfence.com, we’ll be happy to set you up with a trial :slight_smile:

Regards,
Patrick

2 Likes

Does Mailfence support automatic encryption of the inbox/sent folders using one’s public PGP key? (like Mailbox or, I think, ForwardEmail)

Explain like I’m five: how does MailFence have both a fully encrypted inbox and IMAP support? I thought the two were mutually exclusive unless some sort of local bridge is used (a la Proton Mail).

2 Likes

Hello, I have a huge problem with your service before it can be considered secure. I’ve asked your customer service staff about this previously via email.

Currently inactive emails are set to be deleted after 6 months. However, these deleted emails can be reused in the future by another user.

Meaning someone can sign up and claim your email address if it is inactive. They could then use this email address to gain access to various online accounts if a password reset option is tied to it.

Has this been fixed?

As far as I know, basically every email service does not recycle usernames, its just mailfence.

1 Like

As far as I’m aware both Mailbox and Posteo do this too.

Have a look HERE and HERE

I’ve been using Mailfence as my primary email and calendar provider for over 5 years after doing a bunch of research and trying different services. I personally find it to be the most versatile and well rounded amongst the more privacy-centric email providers. The calendar and contact management is much more user friendly than proton or tuta which was one of the main reasons I chose mailfence (i have proton and tuta accounts - also tried fastmail and startmail). The service is relatively stable although outages have occurred at inopportune times. The document and email alias functions are great bonuses. Would personally recommend - I’ve always found it interesting as they hardly every advertise and I found them through my personal research so nice to see them finally show up here!

3 Likes

Mailfence does not currently support mailbox encryption using one’s own OpenPGP public key. However, I’ve forwarded your feedback to our development team.

2 Likes

By default, emails aren’t encrypted end-to-end. But once you import or generate an OpenPGP keypair, you can send and receive encrypted emails.

These encrypted messages are stored as-is on the server and passed along unchanged to any IMAP client you use. So, there’s no special local bridge needed like with Proton Mail. As long as your IMAP client supports OpenPGP, it can decrypt and read the emails directly. We do encrypt data at rest.

2 Likes

So an encrypted inbox is an option a la Mailbox.org rather than the default a la Proton?

Because the website makes it sound as if Mailfence cannot read a customer’s inbox, as if it’s encrypted by default:

No one can read your encrypted emails Since emails are encrypted by your browser and decrypted by the intended recipients, no one else can read them, not even Mailfence. This is called end-to-end encryption (E2EE).
We do store your private key on our servers but we can’t read it, since it is encrypted with your passphrase (via AES-256). There is no root key that would allow us to decrypt messages encrypted with your keys.

Apologies for not being super knowledgeable about encryption technology. I’m just trying to understand: can Mailfence access customers’ inboxes or not?

Thank you for your help!

2 Likes

This shouldn’t be an excuse for poor security practices. Mainstream email providers don’t recycle email addresses, neither does proton.

1 Like

We fully acknowledge, and agree with, the data security and privacy risks associated with recycling email addresses. This issue is on our roadmap and has already been planned for resolution.

Due to current development priorities, our best estimate is that a fix will be implemented either in Q4 of this year or in Q1 of next year.

We understand that this behaviour differs from most other email providers and appreciate your patience as we work toward aligning with best practices in this area.

Do you have any insight into the above question about inbox encryption?

A so called ‘Privacy’ mail provider that prevents you to create an email when your privacy is fully protected by using a VPN is so hilarious.

Blockquote
Sorry, the registration failed for at least one of the following reasons:
A potential abuse was detected
Registration is temporarily closed for your country or your IP address
A banned/disposable email domain was used as activation & recovery email address
Your browser is outdated: try with a more recent browser
Please retry in 24 hours. If the registration fails again, contact the support.

1 Like

Proton is doing the same when creating new accounts, just sayin’

No it’s not so don´t spread false accusations.
I was able to create multiple accounts while using a VPN, it only requires you to provide a recovery email.

I just created a new account with VPN. It seems like they fixed it or my VPN escaped their checks. I wasn’t able to do it 5-6 months ago.