How good is Skiff mail in terms of privacy and security?
It is not a service that we can currently recommend.
See this discussion for more details:
Of course, things can improve/change in the future, and we can re-evaluate at that point.
Doesn’t currently offer MTA-STS, DANE or CAA so I wouldn’t personally use it.
Also looks like they have weak ciphers enabled. Regardless of claims about E2EE, all header metadata such as To:
, From:
Date:
, Message-ID:
is not encrypted and has to be protected by the TLS connection between providers.
Skiff Privacy suite is nice, It is not decentralized unless you choose the “IPFS” option or use Skiff servers. But everything is end-to-end encrypted, the only thing it is wrong with it is it’s based in the united states of america. And it hasn’t been up for a long time, It been up since 2020-2022. So we don’t know if we should implement all our files, emails, and or google docs to it yet. They don’t even have custom domains for email incase if they go down like ctemplar. I stick to my proton mail and besides everything is open-source. on tor, full disk encrypted, zero knowledge/end-to-end encrypted. I like PGP too, so proton is my favorite. I feel like web 3.0 will only be a option and not a forced on people.
These things are now supported.
Just an update on this we’ve done a more in depth review