Why mailfence is a unique, secure and private email solution

Mailfence is not just a secure and private email solution that values email privacy. It is also an extremely rich platform in terms of features. In this post, we’ll compare Mailfence with some other mainstream privacy-conscious email service providers.  We will also highlight some of the features that make Mailfence unique.

Contrary to other webbased secure and private email solutions, Mailfence does not confine users in an own ‘digital island’. We provide users absolute freedom to communicate securely with anyone. Both with other Mailfence users or with any other (OpenPGP complaint) email service. But there are many other advantages in using Mailfence as you can see in the table below.

We believe that an email platform should be much more than just email. Users are expecting a complete email-suite comprising calendar, contact and secure document management.

secure and private email features

secure and private email features

secure and private collaboration features4

Got some questions ? feel free to contact our support (support at mailfence dot com).

Also, follow us on twitter/reddit and keep yourself posted at all times.

- Mailfence Team

How to create an email address with your own domain

premium-domain-names1Did you know that you can create an email address with your own domain directly on our servers?  Instead of having an e-mail address with an @mailfence.com extension, you can have your own domain name managed on our servers.  These servers becoming the official e-mail servers for your domain name.

How to create an email address with your own domain?

1. Own a domain name. We do not commercialize domain names : if you don’t have one, you can acquire one with following European companies: http://www.ovh.com, http://www.1and1.com or http://www.gandi.net.

2. Own a paying subscription with Mailfence.

Implications

– The existing email address with @mailfence.com domain name can be configured as an alias if you request so. Otherwise it will be deleted and might be attributed to an other user one day. Be sure to inform your contacts of the change of address.

– All e-mails sent to any address of your domain name arrive on our servers: it’s not possible to transfer only certain selected addresses.

– If you already have an e-mail server for your domain name, be sure to follow the procedure correctly to avoid the loss of messages.

Procedure if no server is currently defined for you domain name 

1. Modify (or ask the company you registered your domain name with, to modify the “MX records” (MX = Mail Exchangers) of your domain name as follows:

yourname.com MX preference = 10, mail exchanger = smtp1.mailfence.com.
yourname.com MX preference = 10, mail exchanger = smtp2.mailfence.com.

NB1: The two entries are important to guarantee a good load balance and fail over.

NB2: The “.” at the end of the line is crucial. Without them the MX records are faulty (smtp1.mailfence.com.yourname.com).

2. The propagation of the DNS needs some time (from a few hours to a few days). Consequently, you might have to wait for at least 24h before the propagation is effective.

3. If the propagation is effective, please contact us through e-mail and give us your domain name, as well as your login and chosen e-mail address. If several addresses have to be created, send us the list of addresses with their corresponding logins. Since a Mailfence account can only be linked to one e-mail address, create several accounts if necessary (There is a possibility for creation of a limited amount of aliases per account though).

Procedure if a server is currently active for your domain 

1. Send us by e-mail your domain name, your login and chose e-mail address. If several addresses have to be created, send us the list of addresses with their corresponding logins. Since a Mailfence account can only be linked to one e-mail address, create several accounts if necessary.

2. Modify (or ask the company you registered your domain name with, to modify the “MX records” (MX = Mail Exchanger) of your domain name as follows:

yourname.com MX preference = 10, mail exchanger = smtp1.mailfence.com.
yourname.com MX preference = 10, mail exchanger = smtp2.mailfence.com.

Take note of the old value of the MX record and find its IP address so that your access to the old server stays active for a few more days.

NB1: The two entries are important to guarantee a good load balance and fail over.

NB2: The “.” at the end of the line is crucial. Without them the MX records are faulty (smtp1.mailfence.com.yourname.com).

3. The propagation of the DNS needs some time (from a few hours to a few days). In the meantime, continue to get your mail from the old server and configurate your message software so that you have access to the old server through its IP address.

Got some questions ? feel free to contact our support (support@mailfence.com).

Also, follow us on twitter/reddit and keep yourself posted at all times.

- Mailfence Team

Email privacy expectations

emailoverload572x429

Email privacy and security concerns have seen a massive rise after the PRISM/Global surveillance revelations and have given birth to various dedicated email privacy solutions that try to ensure users’ email confidentiality, integrity and authenticity. End-users expectations are now much higher regarding email privacy – (a poetic illustration can be found here).  The question remaining:  How can we satisfy legitimate user expectations of Email privacy ?

Before going any further, let us first go through some basic questions in order to set-up the context.

Why is email not secure?

Email is not fundamentally secure because it was never meant to be the center of our digital lives.  It was developed when the Internet was a much smaller place.  It standardized simple store-and-forward messaging (SMTP) between people using different kinds of computers. The messages were transferred completely in the open and everything was readable by anyone who could watch network traffic. Amazingly and unfortunately email mostly works in the same way and is therefore not secure.

What steps have been taken in securing email so far ?

Not much, aside from partially encrypting (STARTTLSSMTP STS) their journey from sender to recipient. This only works on certain conditions, which are most often not met.

Some increased security was also applied to email accounts (SPF/DKIM/DMARC, …) in order to step-up the email security on the whole.

What if I do not use email at all anymore for my daily communications?

It might seem a good suggestion, and some have even endorsed this idea – but is it the solution to the problem ? In our opinion, the answer is No. Email is not going away anytime soon as it’s far too integrated in our digital world and holds a near-universal status on almost every device.

There are some projects however which are working along these lines (i.e. LEAP, …) but it is at this point in time “work-in-progress”, which even after completion will face the critical issue of mass adoption.

What should I do ?

Well, Snowden said “Encryption works” – and we believe it should be end-to-end encryption (not partial encryption – which we’ve seen in the case of STARTTLS – SMTP STS).

Other crucial aspect of this end-to-end encryption methodology is what encryption protocols, ciphers and key lengths are being used and how such end-to-end encryption mechanism has been implemented. This is where Mailfence comes into play and provides a securely implemented end-to-end encryption facility using strong open-source and publicly accepted protocols (OpenPGP), ciphers (RSA/AES, …) with strong key lengths (4096 bits/256 bits, …).

Now, coming back to the end-user expectations – the first thing to highlight is that email encryption is not synonymous with email privacy. While email body and attachments encryption plays a key role, other factors also strongly affect your email privacy.

Metadata & Anonymity – to, from, date, time, IP etc… of email messages allow surveillance. They paint a reasonably informative picture of the target even if the content & attachments are encrypted. Mailfence by default strips your IP address from email message headers, and encourages you to use it over hidden services (for e.g, tor…) with or without anonymous re-mailers (schleuder, …). A dedicated onion domain has also been planned for this purpose.

Public availability – the ability of people willing to use compatible tools and adaptable ways to communicate with you securely and privately. Mailfence uses OpenPGP, a time-honored open source protocol with a decentralized trust mechanism, that is available to masses and is compatible with tons of other tools out there.

Control and Freedom – the ability to make secure and private use of common email as well as encrypted email. Mailfence provides you the ability of communicating with both external (other service) users and internal (mailfence) users without any restriction, along with full freedom and control over your privacy. Moreover, you don’t need any third-party add-on/plugin and can use Mailfence on all devices running a modern browser.

Better usability – which arguably is the biggest obstacle to any email privacy-conscious solution when it comes to mass adoption. Most people tend to give up on their security and privacy whenever it becomes a bit difficult to understand and use a particular system. Mailfence provides easy-to-understand and user-friendly solution – which have successfully achieved the right balance between security and usability.

The bottom line is that email as we know it today has never been secure, and the myriad ways we send, receive, store, and use email messages make securing and enhancing email privacy a very difficult problem. Also, the lean towards ‘excessive’ convenience over security by various service providers has neglected the requisite approach of having the right balance between security and convenience. At best, based on the answers of questions that we addressed above and in the light of raised expectations with email security and privacy – we believe Mailfence has set a new benchmark and will continue its strive under the motto of Privacy is a right not a feature.

                  

Also, follow us on twitter/reddit and keep yourself posted at all times.

- Mailfence Team

How to keep your private email account secure

Our private email accounts aren’t compromised one by one, they’re cracked en masse and then sold online.

According to account monitoring company LogDog, who recently took a fresh look at this burgeoning part of the underground economy, it’s such a lucrative trade that there are Dark Web sites selling nothing but login/passwords. For e.g., this is what your account is currently worth on the Dark Web:

Service            Min. Price

Max. Price

Yahoo 70c $1.20
Gmail 70c $1.20
Uber $1 $2
Netflix $1 $2
Twitter 10c $3
Amazon 70c $6
Ebay $2 $10
PayPal $1 $80

Hackers in popular culture are like cyber-swordsmen who penetrate the armor of sophisticated adversaries and use social engineering attacks for dedicated targets.

To secure your private email account in this battlefield, we strongly recommend following steps, especially if you use your private account for both personal and professional purposes.

1. Protect your password.
Choose a strong password and don’t reuse it.  If you enter your password in some other website and it’s compromised, someone could try to sign in to your Mailfence account with the same information. Also, never share your password (don’t write it down, don’t send it via email …). You should be the only one who knows it.

2. Enable two-factor authentication.
Two-factor verification adds an extra layer of security to your account by requiring you to sign in with something you know (your password) and something you have (a code generated on your phone/tablet).

3. Check for unknown activities and review your alternate email addresses
Go to the Home (or click on Mailfence logo) within your Mailfence account and check the details under Account in the right column

Capture

If you notice unknown last connection details, then take it as a red flag and immediately change your password. Also, review your alternate email addresses and level-up their security, as they will be used to reset your account’s password.

4. Check for viruses and keep your machine up-to-date with all the security updates
Check manually or run a scan on your computer with a trusted anti-virus software & remove any detected suspicious applications or programs.  Make sure to catch up with all the security updates (both for your OS and the programs being installed on top of it).

5. Never enter your password after following a suspicious link
Never enter your password after following a link in an email message/attachment from an untrusted site and always go directly to https://www.mailfence.com or https://mailfence.com/pocket/. Also, think twice before clicking on suspicious links from external websites (more details).

Note: Always sign out of your account and clear forms, passwords, cache, and cookies in your browser (especially while using public computers). Also, If you think your account has been compromised, reset your password immediately.

If you want more security tips for your private email account.  Follow us on twitter/reddit and keep yourself update at all times.

– Mailfence Team

Mailfence is not vulnerable to GNU/Linux TCP Vulnerability

shield-ok-icon

Recently a GNU/Linux TCP vulnerability was disclosed (CVE-2016-5696) by security researchers in the US. Upon analysis, this bug did not pose a threat to our users. Nevertheless, we have already taken supplementary measures in the last week to further harden Mailfence’s servers.

GNU/Linux TCP Vulnerability

The vulnerability which was discovered has been present in the GNU/Linux kernel since 2012. It requires an attacker to have the IP addresses of both the client and the server. Due to a rate limit enforced by GNU/Linux kernel on TCP challenge ACK packets, it is possible to hijack the TCP connection between the client and the server. This can (for example) allow an attacker to inject malicious code/data into the communication HTTP (web) stream.

This vulnerability can be exploited without needing to have man-in-the-middle (MiTM) capabilities. Thus, the attack can also be performed “off-path” without the ability to eavesdrop on the network between client and server.  This significantly reduces the difficulty of the attack. Additional details can be found in this original research paper.

Protecting our users

While this vulnerability can sound severe, its impact is limited in practice for users connected to our servers. At worst, arbitrary TCP connections could theoretically be closed and no hijacking could take place, because of the use of TLS encryption. For Web sessions in particular, our HSTS policy ensures that HTTPS (instead of HTTP) will be used right from the start.
Moreover, to further protect our users from this DoS-like possibility, our security team has already taken the necessary measures, without waiting for the new kernel packages to be released.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Mailfence high-level security analysis

image1[1]

All crypto operations relating to private key, and the bodies of emails are performed after user unlocks the key with the respective passphrase.

Following table will provide a high-level security analysis overview with respect to the type of information and the level of protection that it holds.

Type of Information

Level of Protection

Source of random data when creating new PGP keys Entropy collected via the client device
Password encrypted in transmission from browser to web server SSL/TLS
Password securely stored on web server SHA256 (iterated and hashed)
Passphrase exposure Passphrase check for all crypto-activty always occurs on the client side – and never gets exposed to the server.
Private key encrypted in transmission between browser and web server Two-layers of encryption:
1- With user passphrase (via AES)
2- TLS/SSL
Private key encrypted in storage With user passphrase (via AES)
Private key decrypted on web server Does not apply to Mailfence – as all the private key en(de)cryption occurs on the client side with the user passphrase.
End-to-end encrypted messages during transmission from client browser to Mailfence servers Two layers of encryption:
1 – SSL/TLS
2 – PGP
End-to-end encrypted messages body and attachments during transmission between web server and recipient email account PGP (plus TLS if supported by recipient)
End-to-end encrypted messages body & attachments encrypted in storage on web server PGP
End-to-end encrypted messages body & attachments known to web server Never – as all the crypto-operations concerning end-to-end occurs purely on the client side.
Message headers encrypted during transmission from browser to web server SSL/TLS
Message headers encrypted during transmission between web server and recipient email account TLS (if supported by recipient)
Message headers in storage on web server Not encrypted

Vulnerability Analysis

The following points apply to emails sent using end-to-end encryption:

Attack Level of Protection
Attacker is listening to your Internet connection Protected
Attacker gets access to email stored on the server Protected
Attacker gets access to the server’s databases Protected
Attacker compromises webserver after you have accessed your email Protected
High-level MiTM attack – where an adversary sends you a false code for all the crypto-related operations to check Not protected
Attacker has access to your account Protected (but the sent end-to-end encrypted messages will be viewable in clear text)
*this is planned to be mitigated
Attacker has access to your computer before you access your email (and can install programs such as key logger/malware…) Not protected

Don’t hesitate to contact us in case you have more questions about High-level security analysis of our service.

Also, follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Mailfence end-to-end encryption and digital signatures

End-to-End Encryption (E2EE)
Is a method used for securing encrypted data while it’s moving from a source to a destination. With End-to-End Encryption, data is encrypted on the sender’s system and only the intended recipient will be able to decrypt it. Nobody in between (be they an internet/application service provider, surveillance programs or a hacker, …) can read or tamper with it – thus providing a great deal of confidentiality and protection to all communications.

Digital Signature
Is an equivalent of a handwritten signature or stamped seal, but offering far more inherent security. A digital signature is intended to solve the problem of tampering and impersonation in digital communications – and provides absolute authenticity and integrity to all messages.

How do we do it

Mailfence uses OpenPGP, a time-honored protocol designed by Phillip Zimmermann, which got further refined in RFC-4880 along with S/MIME protocol.

We leverage the OpenPGP.js – a Javascript implementation of OpenPGP standard which is open-source and well-audited. It allows us to perform all the complex crypto-operations of en(de)cryption purely on the client side, without exhausting the device’s resources.

Glance of operations in step-wise manner
Every crypto process encapsulates a series of different steps working back and forth between the client and the server over TLS/SSL – in order to successfully carry out a particular operation. Below you will find a step-by-step linear diagram that illustrates how Mailfence End-to-end encryption and digital signatures functions along with other relevant details.

Mailfence to Mailfence

Mailfence to Mailfence

Mailfence to other email providers
  • Mailfence to Outside worldKey generation
    1. The client-browser requests the specific key-generation code from the server after receiving a request from the user – and the server sends that specific code to the client’s browser.
    2. The key then gets generated on the user device (in browser) and gets encrypted with the provided passphrase via AES-256. The public key at this point also gets published on public key servers (if the user has opted for that option as well).
    3. The encrypted key is then pushed onto the server from user’s browser – so that a user can access it any time from any device in a secure and protected manner.

* For private key import (encrypted already with the user passphrase) – steps 1-3 will be skipped.

  • Passphrase changing
    1. The client-browser requests the specific passphrase changing code along with the related encrypted key from the server after receiving a request from the user – and the server sends that specific code with the related encrypted key to the client’s browser.
    2. User decrypts the key by providing the respective passphrase and encrypts it with the new one.
    3. The encrypted key is then pushed back to the server from the user’s browser.
  • Key revocation
  1. The client-browser requests the specific key revocation code along with the related encrypted key from the server after receiving a request from the user. The server sends that specific code with the related encrypted key to the client’s browser.
  2. User decrypts the key by providing the respective passphrase.
  3. The key then gets revoked and its revocation status also gets published on public key servers (if user has opted for this option). The key then gets encrypted back with user passphrase.
  4. Client browser then pushes the encrypted key back to the server.

* For generating revocation certificate – In step 4, instead of revoking the key, the application will generate a revocation certificate – which user can use at any later stage to claim the key revocation.

  • Key Export
    1. The client-browser requests the specific key exporting code with the related key from the server after receiving a request from the user and the server sends that specific code with the related encrypted key to the client’s browser.
    2. The user then exports (downloads) that encrypted key onto his device.
  • Key Deletion
    1. The client-browser requests the specific key deletion code with the related key from the server after receiving a request from the user and the server sends that specific code with the related encrypted key to the client’s browser.
    2. The user then deletes the encrypted key onto his device.
  • Key expiration date modification
    1. The client-browser requests the specific expiration date modification code with the related key from the server after receiving a request from the user – and the server sends that specific code with the related encrypted key to the client’s browser.
    2. User decrypts the key by providing the respective passphrase and modifies the expiration date. The key then gets encrypted back with user passphrase.
    3. Client browser then pushes the encrypted key back to the server.
  • Sending a digitally signed email
    1. The client-browser requests the specific digital signing code with the related key from the server after receiving a request from the user – and the server sends that specific code with the related encrypted key to the client’s browser.
    2. User decrypts the key by providing the respective passphrase.
    3. The composed email message gets digitally signed (PGP/MIME) and then sent to the recipient.
    4. The key then gets encrypted back with user passphrase and pushed back to the server.
  • Sending an encrypted and digitally signed email
    1. The client-browser requests the specific encryption and digital signing code with the related key from the server after receiving a request from the user – and the server sends that specific code with the related encrypted key to the client’s browser.
    2. User decrypts the key by providing the respective passphrase.
    3. The composed email message gets digitally signed (PGP/MIME), encrypted with the public key of the recipient (OpenPGP) and then gets sent.
    4. The key then gets encrypted back with user passphrase and pushed back to the server.

For a detailed “How to” user manual, please check this link as well.

Also, follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Thoughts on online privacy

image06

Patrich de Schutter is a typical serial entrepreneur. He founded Allmansland, one of the first web agencies in Belgium back in 1994; A couple of years later he launched IP Netvertising, the first ad-sales house in Belgiun, which was later sold to RTL; In addition, he also took part in a number of successful ventures, including rendez-vous.be, Belgium’s first ever dating site, and express.be the only independent business news site in Belgium.

In recent years, he’s been operating ContactOffice, a virtual office software, and mailfence, an email privacy service, while devoting himself to fighting internet privacy violation and for improving the safety of users in Belgium and world-wide.

In this interview, he tells us his thoughts on online privacy, international law, personal privacy and everything in between…

To get more updates follow us on twitter (@mailfence) or subscribe us on Reddit: /r/Mailfence

Get your free account and reclaim your email privacy !

Mailfence Release Notes v4.4.017

image1

After accepting Bitcoins and increasing the Mail storage, we’re now happy to announce our next Mailfence Release Notes v4.4.017.

New Features:

  • Users can now authenticate (Web, SMTP relay, IMAP, POP, ActiveSync) using email address instead of their login name.

Improvements:

  • Some PGP signed messages were wrongly signaled as incorrectly signed. This is now fixed.
  • The parsing of vCalendar/iCal format has been improved.
  • We increased the number of colours in the Calendar

We are currently on the pursuit of a massive improvement cycle – and will duly keep you posted.

Feel free to report any found bugs/queries/suggestions to support_at_mailfence_dot_com

Also, follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Mailfence threat model

We believe that every user has the right to know exactly what threats Mailfence is designed to PROTECT or NOT PROTECT you from.  That’s why we’ve composed this generic Mailfence threat model.

‘Mailfence’ will PROTECT YOU against:

  • Eavesdropping on your internet connection – When you are using Mailfence, the connection between your computer and the Mailfence server is protected by (SSL/TLS) encryption. That means if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to our website. This is especially important if you are using your computer from a public or office network, or if you are using a wireless connection that is not encrypted.
  • Mass surveillance – Perfect for an individual (or corporation) that does NOT want the government (or other non-state actors) to have access to all of their emails at any time. Mailfence does not operate like the gigantic American players (Google, Microsoft, Yahoo…) who continuously scan and archive all of your conversations. Our end-to-end encryption technology (E2EE) is designed to guard you against anyone who is trying to snoop your email privacy by giving absolute confidentiality and integrity to all of your messages – where only a designated recipient can read the content of a message via decrypting it through his/her private key.
  • Message Forgery / Tempering Attacks – With digital signatures, ‘Mailfence’ gives you the possibility of having absolute authenticity and non-repudiation – thereby making it the only solution which provides the complete CIA triad to its users and makes it an ideal platform for not only privacy enthusiasts but also for professionals (doctors, engineers, lawyers, journalist, teachers, students…) to exercise their online liberty to the fullest.
  • Compromised Account - If your account password gets compromised – the protective layer of passphrase over your private key will restrict an attacker to perform any crypto-activity (send any encrypted and/or digitally signed messages, performing operations on your key store…) and to read any of the encrypted emails that have been sent to you by other people. Thereby preserving the confidentiality and integrity of your encrypted content to the max.
  • Data Theft  – Let’s say if a strong adversary (state or even a non-state actor) somehow breaches our servers to get hold of our data (which is highly unlikely to happen) – all of your encrypted content will remain intact and no adversary will be able to decrypt it, as it will require your private key that has been protected by your passphrase (which you and only you knows). Also, to reduce the odds of cracking-down a private-key by using heavy-state machinery & resources, the default length of every generated Key-Pair has been set to 4096 bits (being generated with strong entropy) – some folks will say it only provide a bit of extra security comparing to 2048 bits – well, we say that we don’t mind grabbing that extra).

‘Mailfence’ will NOT PROTECT YOU against:

  • A compromised device – If your device has been compromised by a malware, keylogger etc (which is not very difficult to perform these days, especially if your adversary is a state actor) then E2EE and other security measures are useless. In fact your adversary can use your account to further spoof your identity and damage your online presence on a large scale. (keep an eye on ‘tips’ in our blog to follow better practices)
  • Compromised or forgotten passphrase – This is yet another and unfortunately a common case. If your passphrase has been compromised (let’s say via a malware, keylogger or through the use of bad practices – writing it somewhere, sending it in clear text, ……) or you simply have forgotten it – then you’ll be in serious trouble and we will not be able to help you in anyway, except to urge you to change your passphrase or simply revoke that keypair and use a new one. (see ‘How to‘ for more details)
  • A high level Man-in-the-Middle (MITM) attack – High level Man-in-the-Middle attack is a kind of attack where an adversary (typically a state actor) can create a clone of Mailfence in an extremely sophisticated manner (forging our certificate – which is very hard but not impossible, authenticating user’s on false grounds, etc.) and somehow also faking all the services that Mailfence provides in order to fool you into confusing us with them for compromising your data at large. Provided the complexity and difficulty of such an attack – it is often considered as a threat only from high-level adversaries (state actors…). Due to our efforts into getting a CA certificate (having no american company in the chain etc) and providing you with the possibility of verifying our SSL/TLS certificate, we have guarded our defenses to a maximum possible extent.
  • Heavy state-funded attacks (DDoS, breaking the crypto, planting a backdoor etc.) DDoS (a distributed Denial of Service attack) is usually aimed at shutting-down an entire service (website) thereby forcing their users to not use it anymore. In our more than 15 years of operating a cloud messaging service, we have already  been into certain situations of this kind and have done our best to mitigate such a threat. Other common state funded and resourced attacks like (Breaking the crypto, planting a backdoor, sending you a bad Javascript code, …etc) can also potentially happen – as the saying goes ‘Nothing is impossible’. However, we on our side have taken every (humanly) possible measure to mitigate such kind of threats.

Before any final thoughts – we would like to state clearly that Mailfence should not be used for any illegal activity and that we comply with the Belgian Law (see our Privacy Policy for more details). Consequently, our service is ideal for protecting sensitive business communications, private & personal data – for both professional and personal users of all sort (doctors, engineers, lawyers, journalists, teachers, students…).

Now, Mailfence is a state-of-the-art solution which provides (pretty) good privacy and security.  We do realize there are users who may have specific adversaries that are focusing enormous resources towards their targets – and that’s where even crypto might not do much as this comic will possibly illustrate.

‘Privacy is a right, not a feature’ – is the belief that lies at the very foundation of Mailfence and we’ve done all we can to stand by this statement.

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team