Questions about SimpleLogin

Hi everyone. I’m thinking about using SimpleLogin but I have some concerns regarding security and privacy.

When using reverse aliases, emails pass through SimpleLogin’s servers—I read they use Proton and UpCloud servers.

If you’re sending an email with sensitive information, wouldn’t this pose an additional risk?

According to what I’ve read in SimpleLogin’s security policy, they claim they don’t store any emails once delivery to the recipient has been completed.

I hope someone who uses this service can shed some more light on this and other related questions.

Thanks so much to all of you.

Yes, but no more than any email provider can read your (non-E2EE) emails.

You shouldn’t be using email at all for important sensitive data if possible.

Hi Pale, how are you? Yes, it’s similar to any other provider that isn’t E2EE—actually, I don’t think any provider maintains end-to-end encryption with external services, for example when sending from Proton to Gmail.

When it comes to sending sensitive information (nothing extreme), it would only be as a last resort and always when there are no other options available. In those cases, would the option be to use Proton’s password-protected messages feature?

On another note, I read that using SimpleLogin for bank account access is not recommended—I’m not sure why they say that.

Best regards and thank you very much.

They can if PGP is set up properly, though metadata is not encrypted.

That doesn’t currently work with aliases; your real email will get exposed. And you’d still need to communicate the password in some secure way.

The reasoning is probably that aliases are “easier” to lose than your main email. You can use a custom domain to make this practically a nonissue.

It is another party to trust, if you don’t already use Protonmail. I use Fastmail and their own aliasing features, such that it’s still just a single party handling my emails.