diff --git a/_includes/legacy/sections/email-providers.html b/_includes/legacy/sections/email-providers.html index d053c10e..1ea63434 100644 --- a/_includes/legacy/sections/email-providers.html +++ b/_includes/legacy/sections/email-providers.html @@ -81,42 +81,6 @@

All accounts come with limited cloud storage that can be encrypted. Mailbox.org also offers the alias @secure.mailbox.org, which enforces the TLS encryption on the connection between mail servers, otherwise the message will not be sent at all. Mailbox.org also supports Exchange ActiveSync in addition to standard access protocols like IMAP and POP3.

-
-
- Posteo -
-
-

Posteo {% include badge.html color="info" text="€12/y" %}

-

Posteo.de is an email provider that focuses on anonymous, secure, and private email. Their servers are powered by 100% sustainable energy. They have been in operation since 2009. Posteo is based in Germany and has a free 14-day trial. Posteo comes with 2 GB for the monthly cost and an extra gigabyte can be purchased for €0.25 per month.

- -
{% include badge.html color="warning" text="Domains and Aliases" %}
-

Posteo does not allow the use of custom domains, however users may still make use of subaddressing.

- -
{% include badge.html color="warning" text="Payment Methods" %}
-

Posteo does not accept Bitcoin or other cryptocurrencies as a form of payment, however they do accept cash-by-mail. They also accept credit/debit cards, bank transfers, and PayPal, and remove PII (personally identifiable information) that they receive in connection with these payment methods.

- -
{% include badge.html color="success" text="Account Security" %}
-

Posteo supports two factor authentication for their webmail only. You can use either TOTP a Yubikey with TOTP. Web standards such as U2F and WebAuthn are not yet supported.

- -
{% include badge.html color="warning" text="Data Security" %}
-

Posteo has zero access encryption for email storage. This means the messages stored in your account are only readable by you.

-

Posteo also supports the encryption of your address book contacts and calendars at rest. However, Posteo still uses standard CalDAV and CardDAV for calendars and contacts. These protocols do not support E2EE (End-To-End Encryption). A standalone option may be more appropiate.

- -
{% include badge.html color="success" text="Email Encryption" %}
-

Posteo has integrated encryption in their webmail, which simplifies sending messages to users with public OpenPGP keys. They also support the discovery of public keys via HTTP from their Web Key Directory (WKD). This allows users outside of Posteo to find the OpenPGP keys of Posteo users easily, for cross-provider E2EE.

- -
{% include badge.html color="danger" text=".onion Service" %}
-

Posteo does not operate a .onion service.

- -
{% include badge.html color="info" text="Extra Functionality" %}
-

Posteo allows users to set up their own mailing lists. Each account can create one list for free.

-
-
- diff --git a/legacy_pages/providers/email.html b/legacy_pages/providers/email.html index 48943a68..8583ef5a 100644 --- a/legacy_pages/providers/email.html +++ b/legacy_pages/providers/email.html @@ -91,7 +91,8 @@ description: "Find a secure email provider that will keep your privacy in mind.
  • No TLS errors/vulnerabilities when being profiled by tools such as Hardenize, testssl.sh or Qualys SSL Labs, this includes certificate related errors, poor or weak ciphers suites, weak DH parameters such as those that led to Logjam.
  • A valid MTA-STS and TLS-RPT policy.
  • Valid DANE records.
    • -
  • Valid SPF, DKIM and DMARC, with the policy p value set to either none, quarantine or reject.
    • +
  • Valid SPF and DKIM records.
    • +
  • Have a proper DMARC record and policy or utilize ARC for authentication. If DMARC authentication is being used, the policy must be set to reject or quarantine.
  • A server suite preference of TLS 1.2 or later and a plan for Deprecating TLSv1.0 and TLSv1.1.
  • SMTPS submission, assuming SMTP is used.
  • Website security standards such as: