Plus addressing to track spammers

Plus addressing (or sub-addressing) allow you to use different versions of your email address. A great thing is to use plus addressing to track spammers. Use it whenever you want to track whether your email address has been transmitted to third parties.

What is plus addressing or sub-addressing?

With plus addressing or sub-addressing you have access to an unlimited amount of email addresses. You just need to add a “+” sign in your email name, followed by a new word or tag. The great thing is that you do not need to do anything. They work right away.  Here are some examples:

All emails sent to will go to

  • will go to
  • will go to
  • etc….

Plus addressing to track spammers

If you are afraid that your email has been transmitted to a third party you can use plus addressing to track whenever you are required to enter your email on a site.

When registering to a specific website register with following email:  If ever you get a spam on this address you’ll know that your email was transmitted.

You can combine the plus addressing with Filters in order to automatically transfer the mails your receive on your plus address to a specific folder. Here is how you setup an email filter with plus addressing:

  • First go to the ‘Settings’.
  • There choose ‘Filters’ in the left Column
  • Click on ‘New’.
  • There you can configure that all mails sent to will be moved to folder ‘Admin Support’ as is depicted in the screencapture below.

Plus addressing to track spammers

Potential problems when using Plus Addressing

The form validation of certain web sites sometimes rejects special characters such as “+” in an email address.  This is dangerous since the answer to your mail might be sent to the wrong person.  A mail sent from might result in mails being sent to


Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Top 5 ways to protect your device from ransomware

protect your device from ransomware

In our last blogpost, we talked about botnets and how to prevent your device from becoming a zombie. We now discuss one of the most severe and prevalent forms of attack that cyber criminals perform using their botnets i.e. Ransomware.

What is ransomware

Ransomware is a cyberattack in which hackers encrypt/lock victims’ data until they pay a ransom. There are two types of ransomware that are currently affecting systems around the globe.

Encrypting ransomware:

It incorporates advanced encryption algorithms designed to block system files. The victims are requested to pay in order to obtain the key that can decrypt the blocked content. Examples include CryptoLocker, Locky, CrytpoWall and more.

Ransomware Crypto Cryptolocker
> A snapshot of cryptoLocker prompt

Locker ransomware:

Locker ransomware locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the attackers still ask for a ransom to unlock the infected computer. Examples include the police-themed ransomware or Winlocker.

Ransomware locker
> Police themed ransomware prompt

Rise in reach and impact:

Ransomware discoveries> Source: CERT.RO

In 2013, about 1,200 people said they were victim of ransomware. Between January and March 2016, the IT security institutions already had recorded more than 700 cases, resulting in about $9.39 million in losses.  This estimation not only include the ransom money but also the cost of replacing computers and implementing stronger cybersecurity in the aftermath of an attack.

Ransomware attacks can be particularly harmful, especially because new versions often include stronger encryption.  In addition, the attacker doesn’t settle after a first payment but often asks for more.  In some cases they don’t even give the key to decrypt your data.

How to protect your device from ransomware:

Following 5 points will help you to protect your device from ransomware:

  1. Make regular backups and store them separately on different locations. Ideally one should be kept offline (on a secure external disk) and the other on a secure and private cloud service.
  2. Use up-to-date software and apply security patches on a timely basis. Remove outdated plugins from your browser.  Only use Adobe Flash, Adobe Reader, Java and Silverlight plugins if you absolutely have to.
  3. Use a guest account with limited privileges for daily/common use and an administrator account for dedicated purposes.
  4. Attachments and links should only be opened from truly trusted sources. Any spam links, content – even when it says ‘click here to unsubscribe/unfollow, …’ must not be clicked.
  5. If a you’ve been asked to run macros on a Microsoft Office file then your definite answer should be ‘No’.

Check our tips on online privacy as well.

The harsh reality (like in most malware cases), is that they are difficult to reverse.

Thus – as always, the golden key of prevention remains “being cautious” at all times.


Follow us on twitter/reddit and keep yourself posted at all times.Mailfence Team

Secure email practices: how to prevent your device on becoming a zombie?

zombie & botnet - secure email practices

Has your computer been acting weird lately? Running slower than usual? Any inexplicable error messages popping out randomly? Is your fan going into overdrive even though your PC is supposed to be idle?

We do not want to alarm you, but there’s a slight possibility that your computer was turned into a zombie. That’s why secure email practices can greatly help you staying protected.

“Zombie” is the term used when an attacker takes control of your computer without your knowledge. It either steals your data, or makes your computer do things that it normally shouldn’t. It can send out spam or even worse steal your sensitive information and attack other computers.


A zombie computer is similar to a traditional Trojan horse (bad code wrapped inside normal behaving code). Instead of only installing a keylogger and stealing your personal data, zombies will work with other zombies.  They form what is called a botnet or zombie army.

The term botnet comes from combining the words ‘robot’ and ‘network’. Botnets are entire networks of computers controlled and instructed to do a bunch of things, such as:

  • attack other computers (for e.g., DDoS)
  • send spam or phishing emails
  • deliver malware (ransomware, spyware, …)
  • Commit advertising fraud
  • other similar malicious acts…

All this can happen without you having the slightest idea about it. All it takes is a browser plugin update you just keep postponing or clicking on a link you don’t know where it leads you to, ….  In these time of extreme busyness and short attention span, the odds are forever in the cybercriminals’ favor.  Now imagine what an army of millions of computers can do through coordinated attacks.

Secure email practices can help you in avoiding devastating consequences

Zombie, botnet and secure email practices
Source (, via Wikimedia Commons

The foremost vector of malware spreading are emails, for e.g., Locky, a recent ransomware that was distributed via emails to nearly a million victims. Moreover, clever cybercriminals are now using the power of encryption to bypass the conventional virus scanning and spamming checks – making malware (almost) undetectable.

Following secure email practices will decrease the chances that your device becomes a zombie.

  1. Don’t click on any suspicious link you’re not sure of / or don’t know where it leads – not even the ones you received from friends or family or social network buddies. Their accounts might have been compromised.  It’s safer to be patient and ask them what it’s all about, before rushing into clicking on the link. Check this blogpost for more details.
  2. Do not download any attachments that you never requested
  3. Avoid opening spam messages – and especially don’t click on links that say ‘click here to unsubscribe/etc…’ as they will mostly do the opposite (run a malicious program, …)
  4. Beware of browser plugins/add-on’s and non-trusted apps - and avoid giving them unnecessary permissions.
  5. Don’t use pirated, cracked, or otherwise illegal copies of programs – only download them from trusted sources.
  6. Pay much attention when opening content from encrypted emails – as encryption could have been used to hide malicious content.

Remember: there’s no full-proof prevention mechanism here – the key is caution !


Also, follow us on twitter/reddit and keep yourself posted at all times.- Mailfence Team

Send email anonymously using Mailfence and Tor

Send email anonymously

Recently, we’ve been asked by several users about using Mailfence via Tor in order to enhance their online anonymity. The answer is yes, your Mailfence account can easily be accessed via the Tor browser, just like any other clearnet service in order to send email anonymously and securely.

What information will Mailfence have when I use it via Tor ?

Emails sent using Mailfence webmail do not include the source IP address (X-Originating-IP) for privacy reasons. When you sign-in and/or login via Tor, Mailfence (or other intermediaries) will only see your Tor exit node (the last point in the anonymous communication chain). Your real IP address will not be exposed.

Tor has had security flaws before, so it’s worth making sure you always have the latest Tor browser version.

When should I use Mailfence via Tor ?

Whenever you think it is important for you to anonymize your meta-data. Tor will do the trick.

Note: we also plan to release an onion domain for Mailfence in the future.

Should I use a VPN along with Tor to send email anonymously?

Yes, in fact we recommend you to. But do use a VPN dedicated to anonymity that doesn’t keep logs of your traffic. VPN’s provide quite a few advantages over Tor, though you’ll probably have to pay some money.

Finally, nothing is 100% anonymous or secure. Whether you’re using Tor, a VPN, or anything else. It all depends on what you use, how you use it, and what your goals are. Nonetheless, if your objective is to send email anonymously, above mentioned procedures will do the trick.

Got some questions ? Feel free to contact our support (support at mailfence dot com).


Also, follow us on twitter/reddit and keep yourself posted with latest information.- Mailfence Team

Shared mailbox: reasons for using, features and how to activate it.

Shared mailboxes allow users to share their mailbox with other users in order to view and send email from a common mailbox. These accounts work in the same way as a normal email account but can be managed by several people. There is only one owner of the account.

Why using a shared mailbox?

  • A shared mailbox is ideal to organise info@ or support@ generic addresses that are managed by several people in an organisation.
  • A shared mailbox allows you to delegate the management of your email to a personal assistant or colleague you trust.
  • In case of email lists, a shared mailbox could allows you to store only one copy of mails as opposed to multiple copies.

What are the features of a shared mailbox

  • A shared mailbox in a normal email account belonging to a user (account).  This user allows another user (or users) to manage their email just as if it were their own email account.
  • The users that gets access to an account have total access to this account. All folders are accessible: Inbox, Sent, Trash, Templates,…  Users that get access can even search in the other email account.
  • Concepts such as Send on Behalf of or Send AS do not exist.
  • We plan to release shortly a feature that will allow users to make a specific signature for the mailbox they get access to.  This will allow them to inform the recipients of the emails that they send that the email was sent ‘on behalf of’, ….  In order to do so, the shared mailbox will have to be added to the Personal Data of the account.

How to configure a shared mailbox

To configure a shared mailbox one needs to follow following steps

  • Go to Settings
  • Choose Messages / Access Rights in the left column

Mailfence shared mailbox

  • Select the user you want to give access to your mailbox


  • Both users need to be member of the same Group.
  • The user that wants to give access to his/her mailbox, needs to have a Pro subscription plan that allows this function.

Access to a shared mailbox

Once you obtain access to a shared mailbox, access to this account is very easy:

  • Go to your own email account
  • Choose the pull-down menu under the logo at the top left of the screen. It is the same pull-down menu you use to access the group environments
  • Choose the mailbox you want to access

Also, follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Security advisory regarding Yahoo hack

Security advisory regarding Yahoo hack
Security advisory regarding Yahoo hack

Yahoo recently confirmed a massive breach of over 500 million email accounts, including both credentials and security questions.

At mailfence, our security team was closely monitoring developments since the initial suspicions – and was analyzing the impact it might have on our users. As a result, we have decided to issue this generic security advisory regarding Yahoo hack.

  1. If your account recovery address is a Yahoo emailaddress, this means that the compromise of your Yahoo address could lead to a compromise of your Mailfence account.  We therefore recommend you to change your yahoo mail account password and disable security questions.
  2. If your Yahoo address that has been compromised, has a recovery account of Mailfence – then it can be changed (without you even noticing it) and you’ll no longer be able to use your mailfence account to recover your yahoo account. Therefore, go through your recovery mail account list on your yahoo account and make sure they haven’t been changed.
  3. If you are using the same password as your Yahoo account with Mailfence OR any other service, we recommend you to change all those passwords and use different and strong passwords for each of the services you use.
  4. Apply Two-factor authentication on your Mailfence and other accounts for optimal security and do keep a check of your account from haveibeenpawned/breachalarm.

Our security team will continue to monitor developments and update all users as necessary.

Got some questions ? feel free to contact our support (support at mailfence dot com).


Also, follow us on twitter/reddit and keep yourself posted at all times.- Mailfence Team

Mailfence design philosophy

Mailfence design philosophy

Few people realize how much information they give up by using the internet. Therefore many might think that they don’t care about privacy. But they don’t realize just how much personal data is stored for commercial purposes and they don’t know and cannot control how governments, corporations or other entities use the information which is willingly put online…

If they did realize, they would probably be much more careful.

We think that what you don’t know CAN hurt you. That’s why internet users’ absolute and irrevocable right to privacy is at the heart of the Mailfence design philosophy.

Email is a great communication technology, but it also makes you and your computers susceptible to viruses, spam, phishing, scams and other online threats. What makes Mailfence stand out from all other email services is that it has been conceived to protect you and your privacy.

The Mailfence offering :

Mailfence is a service without advertising or backdoors. It is safely hosted in Belgium and uses a non-US SSL/TLS certificate.  We provide end-to-end encryption which makes eavesdropping impossible and renders intercepted data utterly useless. We also offer digital signing capability for authenticating digital messages and documents. A digital signature tells the recipient that the message was created by a known sender, prevents the sender from denying having sent the message, and validates the integrity of the message. All of which is useful for private individuals or professionals who want to protect themselves from identity forgery or tampering.

What is Mailfence design philosophy ?
In short Mailfence has three fundamental privacy characteristics:

1 – Pure end-to-end encryption

End-to-end encryption varies greatly in terms of implementation.  At Mailfence we offer the full stack. Mailfence uses OpenPGP.  All the encryption/decryption & digital signing occur in the user’s browser.  Our servers (along with all the intermediaries) have absolutely zero knowledge of the message content and attachments – making it a pure end-to-end encryption (E2EE) solution.  We offer encryption in its true essence because our users are able to exchange encrypted emails with any other solution that supports OpenPGP.  Users are not limited to use encryption only with other mailfence user (as opposed to several other secure email solutions that limit secure communication only to within their platform).  As a matter of fact, users can even send unencrypted emails or can only sign their emails and not encrypt them. Therefore, the ball is in the user’s court !

 2 – Allow absolute control and freedom

In order to set-up encryption, users have been provided an integrated key-store (a space within the account that can store user key-pairs, other public keys etc).  This key-store allows users to perform efficient key-management (generate, import, export, modify, revoke, delete or publish/fetch PGP public keys…) all from within the application environment. There is absolutely no dependency on any third-party client and users are able to manage their keys – whenever they want, wherever they want and whichever way they want – thereby giving them the ultimate freedom over their E2EE functionality in a single independent platform.

3 – Provide a complete package that is easy to use

This is indeed one of the biggest challenge. Without compromising the true essence of end-to-end encryption we want to offer a complete package to our users without any dependency on third party services, plugins,….   We believe we provide something which is not only easy to use but also incorporates all the typical features of a topnotch messaging platform (contacts, documents, calendar etc).

If you are asking: ‘Is this the best online privacy solution that actually does what it says ?’. Our answer is: ‘It’s up to you to be the judge of that’.  We went in public Beta in March 2016. We know that there are still imperfections and several things we want to do to reach our vision.  However, we do think we are well on the way of creating the very best secure and private email.

Do judge us on the facts rather than words. Sign up for a free account and regain your email privacy. We continuously improve this service, so do not hesitate to send us your feedback, queries, suggestions, requests…

Got some questions about Mailfence design philosophy ? Feel free to contact our support (support at mailfence dot com).


Also, follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Why mailfence is a unique secure and private email service

Mailfence is not just a secure and private email service that values email privacy. It is also an extremely rich platform in terms of features. In this post, we’ll compare Mailfence with some other mainstream privacy-conscious email service providers.  We will also highlight some of the features that make Mailfence unique.

Contrary to any other webbased secure and private email service, Mailfence does not confine users in an own ‘digital island’. We provide users absolute freedom to communicate securely with anyone. Both with other Mailfence users or with any other (OpenPGP complaint) email service. But there are many other advantages in using Mailfence as you can see in the table below.

We believe that an email platform should be much more than just email. Users are expecting a complete email-suite comprising calendar, contact and secure document management.

secure and private email features

secure and private email features

secure and private collaboration features4

Got some questions ? feel free to contact our support (support at mailfence dot com).


Also, follow us on twitter/reddit and keep yourself posted at all times.

- Mailfence Team

How to create an email address with your own domain

How to create an email address with your own domainDid you know that you can create an email address with your own domain directly on our servers?  Instead of having an e-mail address with an extension, you can have your own domain name managed on our servers.  These servers becoming the official e-mail servers for your domain name.

How to create an email address with your own domain?

1. Own a domain name. We do not commercialize domain names : if you don’t have one, you can acquire one with following European companies:, or

2. Own a paying subscription with Mailfence.


– The existing email address with domain name can be configured as an alias if you request so. Otherwise it will be deleted and might be attributed to an other user one day. Be sure to inform your contacts of the change of address.

– All e-mails sent to any address of your domain name arrive on our servers: it’s not possible to transfer only certain selected addresses.

– If you already have an e-mail server for your domain name, be sure to follow the procedure correctly to avoid the loss of messages.

Procedure if no server is currently defined for you domain name 

1. Modify (or ask the company you registered your domain name with, to modify the “MX records” (MX = Mail Exchangers) of your domain name as follows: MX preference = 10, mail exchanger = MX preference = 10, mail exchanger =

NB1: The two entries are important to guarantee a good load balance and fail over.

NB2: The “.” at the end of the line is crucial. Without them the MX records are faulty (

2. The propagation of the DNS needs some time (from a few hours to a few days). Consequently, you might have to wait for at least 24h before the propagation is effective.

3. If the propagation is effective, please contact us through e-mail and give us your domain name, as well as your login and chosen e-mail address. If several addresses have to be created, send us the list of addresses with their corresponding logins. Since a Mailfence account can only be linked to one e-mail address, create several accounts if necessary (There is a possibility for creation of a limited amount of aliases per account though).

Procedure if a server is currently active for your domain 

1. Send us by e-mail your domain name, your login and chose e-mail address. If several addresses have to be created, send us the list of addresses with their corresponding logins. Since a Mailfence account can only be linked to one e-mail address, create several accounts if necessary.

2. Modify (or ask the company you registered your domain name with, to modify the “MX records” (MX = Mail Exchanger) of your domain name as follows: MX preference = 10, mail exchanger = MX preference = 10, mail exchanger =

Take note of the old value of the MX record and find its IP address so that your access to the old server stays active for a few more days.

NB1: The two entries are important to guarantee a good load balance and fail over.

NB2: The “.” at the end of the line is crucial. Without them the MX records are faulty (

3. The propagation of the DNS needs some time (from a few hours to a few days). In the meantime, continue to get your mail from the old server and configurate your message software so that you have access to the old server through its IP address.

Got some questions ? feel free to contact our support (


Also, follow us on twitter/reddit and keep yourself posted at all times.

- Mailfence Team

Email privacy expectations

Email privacy expectations

Email privacy and security concerns have seen a massive rise after the PRISM/Global surveillance revelations and have given birth to various dedicated email privacy solutions that try to ensure users’ email confidentiality, integrity and authenticity. End-users expectations are now much higher regarding email privacy – (a poetic illustration can be found here).  The question remaining:  How can we satisfy legitimate user expectations of Email privacy ?

Before going any further, let us first go through some basic questions in order to set-up the context.

Why is email not secure?

Email is not fundamentally secure because it was never meant to be the center of our digital lives.  It was developed when the Internet was a much smaller place.  It standardized simple store-and-forward messaging (SMTP) between people using different kinds of computers. The messages were transferred completely in the open and everything was readable by anyone who could watch network traffic. Amazingly and unfortunately email mostly works in the same way and is therefore not secure.

What steps have been taken in securing email so far ?

Not much, aside from partially encrypting (STARTTLSSMTP STS) their journey from sender to recipient. This only works on certain conditions, which are most often not met.

Some increased security was also applied to email accounts (SPF/DKIM/DMARC, …) in order to step-up the email security on the whole.

What if I do not use email at all anymore for my daily communications?

It might seem a good suggestion, and some have even endorsed this idea – but is it the solution to the problem ? In our opinion, the answer is No. Email is not going away anytime soon as it’s far too integrated in our digital world and holds a near-universal status on almost every device.

There are some projects however which are working along these lines (i.e. LEAP, …) but it is at this point in time “work-in-progress”, which even after completion will face the critical issue of mass adoption.

What should I do ?

Well, Snowden said “Encryption works” – and we believe it should be end-to-end encryption (not partial encryption – which we’ve seen in the case of STARTTLS – SMTP STS).

Other crucial aspect of this end-to-end encryption methodology is what encryption protocols, ciphers and key lengths are being used and how such end-to-end encryption mechanism has been implemented. This is where Mailfence comes into play and provides a securely implemented end-to-end encryption facility using strong open-source and publicly accepted protocols (OpenPGP), ciphers (RSA/AES, …) with strong key lengths (4096 bits/256 bits, …).

Now, coming back to the end-user expectations – the first thing to highlight is that email encryption is not synonymous with email privacy. While email body and attachments encryption plays a key role, other factors also strongly affect your email privacy.

Metadata & Anonymity – to, from, date, time, IP etc… of email messages allow surveillance. They paint a reasonably informative picture of the target even if the content & attachments are encrypted. Mailfence by default strips your IP address from email message headers, and encourages you to use it over hidden services (for e.g, tor…) with or without anonymous re-mailers (schleuder, …). A dedicated onion domain has also been planned for this purpose.

Public availability – the ability of people willing to use compatible tools and adaptable ways to communicate with you securely and privately. Mailfence uses OpenPGP, a time-honored open source protocol with a decentralized trust mechanism, that is available to masses and is compatible with tons of other tools out there.

Control and Freedom – the ability to make secure and private use of common email as well as encrypted email. Mailfence provides you the ability of communicating with both external (other service) users and internal (mailfence) users without any restriction, along with full freedom and control over your privacy. Moreover, you don’t need any third-party add-on/plugin and can use Mailfence on all devices running a modern browser.

Better usability – which arguably is the biggest obstacle to any email privacy-conscious solution when it comes to mass adoption. Most people tend to give up on their security and privacy whenever it becomes a bit difficult to understand and use a particular system. Mailfence provides easy-to-understand and user-friendly solution – which have successfully achieved the right balance between security and usability.

The bottom line is that email as we know it today has never been secure, and the myriad ways we send, receive, store, and use email messages make securing and enhancing email privacy a very difficult problem. Also, the lean towards ‘excessive’ convenience over security by various service providers has neglected the requisite approach of having the right balance between security and convenience. At best, based on the answers of questions that we addressed above and in the light of raised expectations with email security and privacy – we believe Mailfence has set a new benchmark and will continue its strive under the motto of Privacy is a right not a feature.


Also, follow us on twitter/reddit and keep yourself posted at all times.

- Mailfence Team