Mailfence security analysis
Mailfence is a secure and private email service that provides end-to-end encryption email and digital signing features. All crypto operations relating to the private keys, and the bodies of emails are performed after the user unlocks the private key with the respective passphrase that only the user knows.
The following table will provide a high-level security analysis overview of Mailfence with respect to the type of information and the level of protection that it holds.
| Type of Information |
Level of Protection |
| Source of random data when creating new PGP keys | Entropy collected via the client device |
| Password encrypted in transmission from browser to web server | SSL/TLS |
| Password securely stored on the web server | SHA256 (iterated and hashed) |
| Private key passphrase exposure | Passphrase check for all crypto-activity always occurs on the client side – and never gets exposed to the server |
| Encrypted private key in transmission between browser and web server | Two layers of encryption: 1- With user passphrase (via AES) 2- TLS/SSL |
| Encrypted private key in storage | With user passphrase (via AES) |
| Private key decrypted on the web server | This does not apply to Mailfence – as all the private key en(de)cryption occurs on the client side with the user passphrase |
| End-to-end encrypted messages during transmission from the client browser to Mailfence servers | Two layers of encryption: 1 – OpenPGP 2 – SSL/TLS |
| End-to-end encrypted messages body and attachments during transmission between web server and recipient email account | 1 – OpenPGP 2 – STARTTLS (if supported by the recipient) |
| End-to-end encrypted messages body & attachments encrypted in the storage on the web server | OpenPGP |
| End-to-end encrypted messages body & attachments known to the web server | No (except sent & draft items) – crypto-operations concerning end-to-end occur on the client side |
| Message headers are encrypted during transmission from the browser to the web server | SSL/TLS |
| Message headers are encrypted during transmission between the web server and the recipient email account | STARTTLS (if supported by the recipient) |
| Message headers in storage on the web server | Not encrypted |
Vulnerability Analysis
The following points apply to emails sent using end-to-end encryption:
| Attack | Level of Protection |
| Attacker is listening to your Internet connection | Protected |
| Attacker gets access to email stored on the server | Protected |
| Attacker gets access to the server’s databases | Protected |
| Attacker compromises the webserver after you have accessed your email | Protected |
| High-level MiTM attack – where an adversary sends you a false code for all the crypto-related operations to check | Not Protected |
| Attacker has access to your account | Protected (but the sent end-to-end encrypted messages will be viewable in clear text) |
| Attacker has access to your computer before you access your email (and can install programs such as key logger/malware…) | Not Protected |
Don’t hesitate to contact us in case you have more questions about Mailfence’s security analysis.
Follow us on twitter/reddit and keep yourself posted at all times.
– Mailfence Team
Patrick is the co-founder of Mailfence. He’s been a serial entrepreneur and startup investor since 1994 and launched several pioneering internet companies such as Allmansland, IP Netvertising or Express.be. He is a strong believer and advocate of encryption and privacy. You can follow @pdeschutter on Twitter and LinkedIn.
