Remove Mailbox.org

tibetfuchs · April 9, 2025, 10:08pm

Are there any updates?

Last state is that you can‘t send an email as another mailbox.org user, correct?

paulrudy · April 9, 2025, 11:28pm

I don’t know the answer to this, but separately it’s worth noting that they’ve begun to roll out a more normal two-factor authentication (2FA), which I’m looking forward to.

fenasiabi · April 15, 2025, 1:22pm

Idk how relevant this is to this thread, but mailbox.org is also used by the German Federal Criminal Police Office or “Bundeskriminalamt” using their mail-Services.

This may indicate positive or negative thoughts - depends on how you see it.

tibetfuchs · April 15, 2025, 8:37pm

Do you have any sources? I did not find any

fenasiabi · April 16, 2025, 4:05am

Yes. Make an MX lookup for cyber.bka[.]de .
They may not only use mailbox.org as a provider tho. They also gave other urls as mail addresses such as bka.bund[.]de .

BreachedPotato · August 19, 2025, 9:11pm

So this basically means that if I use mailbox.org I can have an email arriving in my inbox where the sender is listed as apple.com but in reality it’s not with no warning whatsoever?

And if you were tempted to tinker with the spam protection level, they say:

Whenever an e-mail has been flagged as spam by our systems, it will be rejected. That means our server will deny accepting the e-mail message and the system at the other end (the client) will issue a delivery failure notice to the sender (the message „bounces“).

Source

I understand their point about false positives but that’s why the spam folder exists…

Or at least display a warning in the interface.

Privium · August 19, 2025, 9:20pm

Do these issues still apply? Without proper anti-spoofing, nothing else matters.

carbonated · August 19, 2025, 10:38pm

No, this is not possible (anymore), see here:

The only issue is them not respecting DMARC and SPF fully, but as I was never hit with spam mails in all these years it seems to me neglectable.

dngray · August 20, 2025, 4:29am

also the stuff about their 2FA implementation is no longer relevant.

SwampTrainer · August 20, 2025, 5:15am

I was looking at them to De-Google a year ago and their lack of real 2FA and questionable custom domain issues were a dealbreaker. I just can’t believe it took them SO long to implement normal 2FA. April of 2025? It was “in testing and almost roll out” last summer IIRC.

dngray · August 20, 2025, 5:31am

It was a whole SSO solution, and tbh it’s not unsurprising that they wanted to test that thoroughly before making it generally available.

I didn’t have any issues during beta, so yeah.

I’m hoping the next bunch of tests will be something like google’s XOAuth, allowing for FIDO2/TOTP auth on IMAP. A proper SSO solution was needed first though no doubt.

Topic		Replies	Views
Email providers anti-spoofing comparison (Proton vs Tuta vs Mailbox.org) General	3	1640	September 11, 2024
Mailbox.org has released Login 2.0 General article	16	2073	July 11, 2025
Posteo (email provider) Tool Suggestions rejected	19	5334	June 24, 2025
Using Posteo w/a Custom Domain? Questions	6	817	May 10, 2025
Risks of using Posteo (email provider without DMARC policy) Questions software	11	3335	December 4, 2023

Remove Mailbox.org

Related topics