Posteo (email provider)

What is your opinion about posteo.de?
Email green, secure, simple and ad-free - posteo.de -
I think it should be added under the email section.

Another thing to add, I’m pretty annoyed that their encryption marketing page cuts off this screenshot of Hardenize right above where they stop passing their tests while claiming they achieve “top marks” in the results.

sSGqpcKQAFPgEQR02000×906 252 KB

bHU1KIYk7Iean14P914×1490 60.9 KB

More related info to Posteo:

I’ve been doing an in-depth exploration of private email providers. My conclusion is that Posteo is the best.

There are 5 reasons in the links above for rejecting Posteo - None of which hold up. I shall respond one by one, and in doing so, demonstrate the advantages of Posteo.

1. ‘Anyone can spoof posteo domain because it lacks DMARC policy’

This is not true. SPF/DKIM signatures prevent spoofing… DMARC seems like an additional, unnecessary, tool. Nevertheless, Posteo does have a DMARC policy of either “none” or in some cases “quarantine”.

(Edit: My mistake. Posteo actually has “none” policy except for its own mailing list domain. This is in contrast to the PrivacyGuides requirement of a “quarantine” or “reject” policy. However, they are following the recommendations published by DMARC which suggests (albeit in an incoherent way) that a DMARC “none” policy is appropriate for mailbox providers who prioritize their ability to identify misbehaving users over protecting outbound mail flow from fake emails. This makes sense because there’s no point in misbehavers sending fake mail when they can easily set up an anonymous account, and because DMARC protected mail doesn’t always survive forwarding, meaning users may not receive mail they should receive.)

I think the DMARC requirement of PrivacyGuides should be altered accordingly.

2. ‘Posteo recycles email address’

It only recycles email addresses which were manually deleted by users, as it never automatically deletes email addresses. (See “What happens if I do not add credit in time” here.) Mailbox on the other hand, recycles all deleted email addresses, including those which it automatically deletes after users don’t pay.

3. ‘They have no anonymous payment option’

Yes they do. Cash. Unlike Tutanota.

4. ‘Posteo does not offer custom domain’

I find their justification absolutely valid. Custom domains cannot be owned (although they can be hired through a proxy, which defeats the purpose of using a custom domain for email) without disclosing personal information. Allowing custom domains would oblige Posteo to collect this information. Although this information can be hidden through MX record, Posteo would still need to store the domain assignment, which conflicts with its commitment to privacy

PrivacyGuides isn’t about recommending the most feature rich services - but to recommend the most private functional services, and equip readers with the information on what compromises are made when less private services are used. Custom domain is such a feature which requires compromising either anonymity or agency. This should be made clear to readers of the Guide, and the custom domain requirement should be dropped.

5. ‘We have 4 excellent providers already. Posteo has no advantage over these other providers.’

I disagree.
Firstly, Skiff was removed and there was a call to prevent PG from recommending providers who lacked a long-term commitment [to privacy]. I think Posteo’s decision to not allow custom domains, and its strong commitment to transparency, demonstrate it to be the opposite of Skiff in this sense. Posteo is not interested in becoming the most feature rich provider and marketing itself as such, as all of the other providers try to do. Their marketing communicates one thing to me: “We promise a functional, secure and private email service. This is our sole focus. We have one job and we want to do it right.”

Secondly, Mailbox. Here, I think Posteo is most certainly the better option. As explained in a previous post, Mailbox not only seems to fall short of PG requirements for DMARC, but its policy and decision making seem obfuscated. Plus, their open PGP seems not to work for custom domains and aliases, and requires users to give them the keys. I say “seem” because their communications are too long-winded and messy to actually understand what they’re doing. In their forums, people complain of this, and have been dismissed by their unprofessional CEO who cares more about adding pointless features like video-calling support instead of fixing its crappy 2FA, web interface, and DMARC. If Posteo isn’t recommended, Mailbox has gotta go. I will die on this hill if I must.

Then there is Tuta and Proton, which are both fantastic. Nevertheless, Posteo has an advantage over Tuta in its IMAP support, though this comes with the usual IMAP (lack of 2FA) security risk. Proton mitigates this with the Proton Bridge. Posteo mitigates this by allowing users to disable IMAP support. Mailbox does nothing.

But what makes Posteo the best, as I said initially? Well, it’s the most economical. It does what it’s supposed to do without any baggage. I know PrivacyGuides values privacy over price, but when you compare their offer to the rest, it is clear to me that Posteo is a serious player with a proper ethical vision, valuing sustainability over growth.

Monthly costs (in euro as they are all Europe based)

Mailbox: €1 for 2GB and 3 alias’s | €3 for 10GB and 25 alias’s | €9 for 50GB and 25 alias’s

Tuta: Free for 1GB and 1 alias | €3 for 20GB and 15 alias’s | €8 for 500GB and 30 alias’s

Proton: Free for 1GB and 1 alias | €4 for 15GB and 10 alias’s | €10 for 500GB and 15 alias’s

Posteo: €1 for 2GB and 3 alias’s ||| €0.10 per extra alias & €0.25 per extra GB

Posteo is like the MullvadVPN of email. They adopt a logical ‘no bullshit’ approach.

This is buffered by the fact (as mentioned in point (2)) they do not automatically delete user accounts/data if subscriptions aren’t paid. They merely block the account from sending mail, meaning your super important incoming mail will still be received while you’re behind bars or lost in the desert, a deal none of the other providers can offer with their relatively profit-driven plans.

Maybe Proton or Tuta is better for businesses or for those who want more features. But I firmly believe Posteo is the service which most strongly aligns with the ethos of PrivacyGuides.

(Edited: typos, reworded minor things and added additional paragraphs for 1. and 4.)

Interesting points, have you also looked into Disroot or other free providers? I’ve been considering switching away from Gmail but find it annoying that Proton/Tuta don’t support email clients.

I have also one other point to add that seemingly no one mentions which should put posteo above Mailbox:

Posteo has something called a spam log. If they reject an email (and i do not mean putting an email into the spam folder, but instead completely rejecting it) they will send the user a notification. Mailbox does not have something like this and I have read a few times now that some users have problems with not receiving emails (for example from grapheneos). And this is something that I find infuriating. If someone sends me an email I want to know in any case. This is especially problematic when you do not expect an email.

And of course mailboxs horrible respone time in their forums. Important topics such an improved MFA (the current one is absoluty flawed) were raised by users years and years ago and only now they are trying to take care of it

I wouldn’t trust free services as no staff are obliged to support you when shit goes wrong. But let’s not divert the conversation which is about Posteo.

As highlighted in 4.5 of their terms, Posteo will terminate your contract after 2 months of not paying. So what they say in their faq about not deleting is untrue.

Posteo’s spam filter has been acknowledged to be broken by numerous users, where it just straight up doesn’t receive the mail Posteo says that it sends a mail back to the sender explaining why. But this just is bad in time sensitive cases and in case with newsletters or no-reply mails.
You have the option to enable a spam folder where they mail is stored(which they added after much complaining from customers), but people still claim to lose important mail for the same reason.
But they claim their spam filter is state of the art and that there is no reason to worry about it filtering ham mails.

Posteo’s support is extremely slow. As of now, their Support queue contains 6950 emails.
They usually cycle through ~1k mail every business day. So you would have to wait a long time if you want to talk to them.
People also claim to get banned for various reason for asking support query.
Mailbox’s forums are dead however.

A good thing about them is that they were founded in 2009, and before the Snowden leaks. And they are still able to provide the service at the same rate despite inflation.

They also don’t store any IP addresses if you use a mail client or their webmail. I don’t believe any other service provides this. Every service logs the IP for at least 1 day. Even tuta and mailbox do despite being German.

The user data is detached from the payment information depending on the payment type. So payment is anonymized. This is apparently highlighted in their audit documents. And you can use cash. They don’t allow crypto.

It provides similar encryption as that of mailbox where you can encrypt your mailbox with either your password or a PGP key. Which is the same thing since if your password is compromised, you lose it all.

It doesn’t have an onion domain. It does have TOTP.

In their transparency report, they rarely hand user data over despite having half a million active users. This is different from proton’s where they have one of the highest counts of handovers among private mail providers. Proton may claim that this is due to their 100 million account count, but those are not active users and also includes drive and vpn accounts. And people create multiple free accounts that are barely in use, while for posteo, you need to pay for the accounts.

They have a security transparency and a bug bounty. But it seems to be rarely used after 2017. Their github is also rarely updated. Their javascript is open source.

Their subreddit is private for some reason.

Another good thing about posteo is the less people use it. You can get short emails or first names.

Overall it’s pretty similar to mailbox. I have no idea why mailbox is shilled here. Mailbox has quite the flaws under the surface similar to posteo.

As highlighted in 4.5 of their terms, Posteo will terminate your contract after 2 months of not paying. So what they say in their faq about not deleting is untrue.

In their terms:

If the customer’s credit remains negative for two months despite warnings and reminder emails, the account’s ability to send emails will be blocked. After that, the contractual relationship will be ended by Posteo.

And in their FAQ’s

You do not need to worry that your account or emails will be deleted if your credit reaches zero. In principle, we do not delete any data, if an account is not formally terminated (by the user or by Posteo).
If your credit goes negative, our system regularly sends you reminder emails. About 10 weeks after an account’s credit runs out, our system will block an account’s ability to send emails. Once credit is added, the restriction on sending is removed.

I don’t think there’s a conflict here. They say in the terms that the contractual relationship will be ended. That’s not the same as account termination/deletion. It would be better if keeping your account and data forever was part of their “terms” rather than “faq” but I doubt any company will ever state in their terms that they will keep your data forever.

Do you have a reference for the following:

You have the option to enable a spam folder where they mail is stored(which they added after much complaining from customers), but people still claim to lose important mail for the same reason.

Contrary to your suggestion, they responded to my non-urgent emails within 3 days, and in a most clear and professional manner.

I agree that its another plus that they began in 2009 - before tuta/proton/mailbox. And their transparency and anonymity is potentially the better than its competitors.

As for them deleting accounts of people complaining in their forums, I suspect you are referring this this. If so, it had me worried too, but I couldn’t find any similar reports. If you have seen more, do link them.

Welcome to the community, but please be careful with your remarks on this forum. To shill something is to promote something while secretly working for or having some other hidden relationship with the thing they’re promoting. To accuse our community of a conflict of interest without evidence or reason is an example of a bad faith argument that is not tolerated here.

I think you are just using the term informally and this wasn’t your intent, but enforcing our code of conduct is something we are generally being stricter about going forward.

Is this true? On their help article there’s an option to upload only the public key (so you need to use Mailvelope to use the webmail) and it doesn’t mention anything about it not working with custom domains.

On another help article it says it only works for main account.

If you have more to say, I suggest doing so here.

I think the zero-knowledge encryption refers to the encrypted mailbox rather than the mailbox guard.

For the Guard it says aliases are not supported but also “Users need to hand over their private PGP keys to be stored on our servers. Encryption and decryption both happen on the server side, hence there is no true end-to-end encryption.”

For the Encrypted Mailbox it says “users have the option to automatically encrypt both outgoing and incoming emails using a PGP key. This ensures that access to messages in one’s inbox is only achievable with the corresponding private PGP key and password.” Nothing is explicitly mentioned about whether aliases are supported or not, but the way it works is that they use a sieve filter to encrypted all mail in the Inbox and Sent folder, which in my understanding should work with aliases. It’s enough to only give them your public PGP key and then you need to use the Mailvelope browser extension to read your mail in the web interface, or restrict yourself to mail clients that support PGP.

This thread on another privacy forum is very relevant.

Posteo’s mailbox encryption means they cannot see the emails and metadata, however because of how it is implemented (being able to use a custom E-Mail client) the mailbox has the possibility to be decrypted during an authentication
Posteo also claim this themselves:
With crypto mail storage enabled, your emails will only be decrypted for you the moment they are accessed.
Because the emails are first encrypted when they reach our servers, Posteo crypto mail storage is no substitute for regular end-to-end encryption set up by the sender of an email. This does not, therefore, protect you from a lawful interception (TKÜ).

Posteo isn’t inherently a bad service, the privacy policy is solid, the price is good, but with the lack of DMARC and ARC policy and their refusal to add one means that their service has open flaws.

Email as a whole isn’t a secure protocol, the only real solutions are to bake other software or features into it, like what Proton and Posteo do, it isn’t fully possible to have a perfect email service.

their service is good, it’s just that Proton do some parts better. If Proton had a service that logged less of the other information like Posteo not logging IP address at all, then it would be perfect. And also if they handled payment information like Posteo

> Posteo decrypts the mailbox on their servers when they are used and accessed by an authenticated user. When you use ProtonMail the mailbox is sent to you as encrypted and then decrypted on your machine, this means that Proton cannot see the contents of your mailbox at all even when you are authenticated

It’s important to note that Proton is only “zero-access” or “zero-knowledge” so long as they want to be. It’s technically possible for them to change their client code (the code loaded into your browser or app and used to decrypt your private key using your password) at any time to make it exfiltrate your key, and then use your stolen key to decrypt any messages in your mailbox which have been encrypted with the corresponding public key. In a typical setup where the user has only generated and used one key pair, this probably means all of them.

An attack like this was recently used on a Tutanota user, where law enforcement compelled Tutanota to modify the client code served to a particular user suspected of being involved in criminal activity, and they were able to retrieve the key and subsequently access the user’s messages. Proton claims this type of attack is not permitted under Swiss law, but if you’re an at-risk person trying to use strong encryption, you probably shouldn’t rely on one company’s interpretation of the law to keep you safe.

From Posteo’s website :

Si vous avez activé le stockage mail crypté et que vous cliquez sur un e-mail, il sera déchiffré pour vous seulement, pour la durée de l’accès. → deepl : If you have activated encrypted mail storage and click on an e-mail, it will be decrypted for you only, for the duration of the access.

they also offer an option called “inbound encryption” which “encrypts all newly-arriving emails with S/MIME or PGP, regardless of whether the sender of an email originally encrypted it or not“ (with PGP).

Inbound encryption constitutes additional protection for your saved emails. As the emails are first encrypted when they reach our servers, however, inbound encryption is no substitute for complete end-to-end encryption implemented by the sender of an email, which protects the email on its way over the internet. It therefore also does not protect you against lawful interception (TKÜ). Source

This means that they can do TKÜ and access your plain text emails even if you activate all the levels of their nice schema, except e2ee encryption with PGP of individual emails:

Capture d’écran 2024-10-02 à 16.47.081860×1312 379 KB

If I understand correctly :
Posteo can 1) intercept in real time your decrypted emails when you are logged in and 2) when you receive an email (no matter if logged in or out).

In the contrary, Proton and @Tuta_Official can NOT intercept in real time your decrypted emails because you logged in (because the decryption happens not on the server but on the user’s device) BUT they can intercept in real time your decrypted email when you receive it (if not using PGP).

Am I right ?

I think so

Posteo, another poor victim of Proton users eager to feel good after purchasing one of their expensive subscriptions.

from my understanding:

Posteo can 1) intercept in real time your decrypted emails when you are logged in

only if you don’t use their inbound encryption. if the mails stored on their servers are encrypted, then only the key holder (you) can read them. this is the same as mailbox which is currently recommended (though mailbox only supports PGP for its inbox encryption feature and posteo also supports S/MIME which is nice for Apple Mail.app users)

2. when you receive an email (no matter if logged in or out).

that’s just how email works. the only way to mitigate this is to force everyone who mails you to encrypt their messages