Welcome to the mailbox.org user forum!
 

How mailbox compares to other private and secure email provider ?

Morgoth shared this question 4 months ago
Need Answer

Hi,

I'm looking to replace gmail, yahoo and hotmail with a provider who works for my privacy. So far I found the following services:

  1. Protonmail
  2. Mailfence
  3. mailbox.org
  4. Tutanota
  5. Posteo
  6. Runbox

Tutanota is not an option because they don't have IMAP support. For mailfence I got confirmation from support that the messages are stored in plain text. Posteo does not support custom domain. And runbox is ugly af.

This brings down the list to 2 providers: Protonmail and mailbox.

From your experience I'd like to know what you think of mailbox compared to protonmail and mailfence

  • How is the security level ? end to end encryption ? Zero knowledge ?
  • Quality of Support. How fast the support respond ? Do they provide good support ?
  • How complicated to configure custom domain ? It was very easy on protonmail for me.
  • Stability and performance
  • Does it support '+' aliases (myname+somealias@domain.com) ?
  • By default, without configuring anything, is the data stored in encrypted form on the servers ?

Any other information about the service is welcome.


Thanks

Comments (2)

photo
2

I guess a partial answer is better than no answer.

I will choose a configuration which allows for the highest number of use case and still be secure.

Mailbox.org vs Protonmail:

1. Protonmail wins this. It has all your messages encrypted, zero knowledge. Mailbox does support Mailguard/PGP but the way the access is protected there will always be 1 password with a certain entropy and nothing else between anyone and your data, unless you use it via the browser only. With Protonmail it would be a password with a certain entropy AND an OTP number with an entropy of 6 digits. - You can configure mailbox.org to PGP encrypt all your messages so that would then be your next security layer. Protonmail does this better, easier and without much hassle.

2. No data on support.

3. Custom domain: equal. Protonmail's configuration is very smooth, but you can achieve it with both of the providers. SPF,DKIM,DMARC are also possible.

4. Stability & Performance: no incidents to report.

5. Alias: +alias. Both providers support the + alias. Take note that Protonmail cannot set this alias as sender EVER, mailbox via IMAP/SMTP could set this as sender address.

6. Default: Protonmail: encrypted, zero-knowledge. Mailbox.org: no zero-knowledge encryption, works like regular IMAP so no visible default encryption to the message storage. (The drive might be encrypted, but has to be unlocked to operate and they have the keys.)

(7.) Costs: Mailbox.org is cheaper.

(8.) Features: Mailbox.org offers Calender and Contacts. Though Protonmail offers this too, it is in beta and at the moment does not sync with apps or applications like you are used to.


Considering 1-6: Protonmail: 2 points. Mailbox.org: 0 points.

Considering 1-8: Protonmail: 2 points. Mailbox.org: 2 points.


Maybe somebody else can make a comparison with Mailfence or fill in some missing info.

And Office 365 with Office Mail Encryption (OME) might also be an unexpected worthy consideration.

photo
2

The main difference: Protonmail doesn't offer SMTP/POP3/IMAP. You can't use any mailclient you want, you can't use an offline mailclient on your mobile deivce, it's not based on open standards, you're not safe on how to export all your mail data.

And, this is the main problem, why the way of encryption stuff is totally different between Protonmail and mailbox.org. mailbox.org runs a *real* mail service.

photo
2

That is not entirely true; dotting the i's:

- You can use SMTP/IMAP via the Protonmail Bridge so you can hook-up Thunderbird, Outlook and any other mail client.

- You cannot use other mobile mail apps on your phone or tablet besides the Protonmail App, unless you expose a local bridge in your network. (Don't.)

- You can export your e-mail via Thunderbird (for example) if you ever desire to do so.


The definition of what a 'real' mail service entails in unclear to me as Mailbox.org does deviate from the standard on certain area's (MFA). You could as well replace that word with 'traditional' or 'old-school'. The services go about it in a different way.

@TS: Try both and see what works for you.

photo