Passwords may only contain alpha-numerical characters. Too bad. I have my creditcard in hand.

It also does not allow this 64 character string:

t9fvwlh8x4IQbXyqegNxCHYYvSKAMEfgrnSI0dIoFLmNyPq31TVZifSWgORG80rT

Claiming it is 'too simple' or 'a dictionary word'....

This is not going well....

Edit: it DOES accept this as a password: aKMDN47Ifdpg

Nope.

Before you consider hosting your mail in Germany, you might want to consider these:

http://translate.google.com/translate?hl=de&sl=de&tl=en&u=ht... http://rt.com/news/german-spy-agency-nsa-051/ http://arstechnica.com/tech-policy/2013/10/europe-wont-save-...

TL;DR:

Article 10 of the German has provisions that allow bypassing all data protection law. All providers above 10,000 users are required to install governmental snooping devices that are capable of getting full emails and not "just" metadata. And the 4th amendment of the US constitution does not protect you in Germany.

So as far as Germany is concerned you may just be worse off than hosting with Google.

Too bad it is only in german.

I'm a big proponent of paying for your service, the €1,- per Monat is reasonable instead of the rediculous 10,- per Monat you pay at some of the other privacy respecting services.

Is 120 per year really ridiculous? (I assume Monat -> month). For something as crucial to online comms as email I'd be happy to pay if it was as reliable as other offerings (and ideally extensible in some form - e.g if it could do contact/calendar sync too).

I'm considering trying out https://mykolab.com at some point as it looks like it might meet my needs. That looks like it would be around $12pcm.

Isn't that how it is working? For example The cost of bandwidth is 10x less in US based datacenters, compared to Indian datacenter (despite lower wages/other costs)

300 GB transfer Vs 30 GB transfer. Who would you host your services with?

If you are concerned about your security (not that I'm validating Mailbox.org), don't always go for the cheapest options; Or as uncle Sam says

"there is always a catch junior, always!"

That is the one I was referring to. I don't think it reasonable to ask €10,- per month because that is just ridiculous compared to the costs that they are making.

Of course it is an important service. But it would also be outrageous to ask €1.000 for a bottle of water when someone is dying of thirst in the desert. That would just be a dick move. Although less extreme, mykolab is similar.

You've never been to Switzerland, have you?

The price of an extra large coffee at Starbucks per month for highly secure groupware accounts? Surely, that is obscene. </irony>

The frontpage is entirely in German, but the actual web interface is not with the exception of one settings module.

You can switch to English, French, Spanish, Italian and other languages easily.

The €1 is for the smallest package. You get 3 email aliases, 10,000 emails per day quota, 2GB of email storage, and 100 MB of Office storage.

On another note,

is this related to them? http://heinlein-gmbh.de/

If so, I can't help wonder the difference in web design expertise in both of them.

Erm.. No, that's a carpenter.

https://www.heinlein-support.de/ would be the company behind this site.

Those who do not study history are doomed to repeat it.

http://en.wikipedia.org/wiki/Hushmail

"Content will be evaluated either individually or statistically." I am sure Google Translate is missing a "not" in that sentence!

it should be "neither/nor" (weder/noch) rather than "either/or" (entweder/oder). Weird mistake for the usually excellent Google Translate to make.

what does "encryption" mean in this context? Do they offer webmail?

Site's still lacking some details, but as far as I understand:

- really good SSL grade (A+, see [1])

- SSL only

- HSTS to prevent http connections

- You can select to send from your 'secure.mailbox.org' alias, which seems to enforce TLS for smtp (and WILL break if the recipient doesn't support it, they explicitly want that)

- You can enable DANE, enforce DANE, require that the server already knows the certificate of your target domain

- They have 'easy' explanations on how to use PGP

- There's an option to encrypt your whole mailbox on the server ('neither the police nor we can read your mails'), but I couldn't find details about that

Note: Not affiliated, not a customer, merely reading the site myself and German's my native language.

1: https://www.ssllabs.com/ssltest/analyze.html?d=mailbox.org

About PGP encryption. You can enable Inbox Encryption in the settings. You enable it and paste your public PGP key in as well, and all incoming emails that are not encrypted will be encrypted using your public key.

You can also force the use of SSL/TSL for all emails in the settings, so that you do not have to use the "special" address for that.

They use your public PGP key to encrypt mails sent to you, before storing them on their server.

This is an optional feature, and turning it on will make webmail and smartphone mail unusable.

Edit, source: (even if you read German it was tricky to find what exactly differentiates their encryption feature.) https://mailbox.org/im-stiftfilm-erklaert-das-vollstaendig-v...

I wrote an article on how you can do this with your own mail system:

https://grepular.com/Automatically_Encrypting_all_Incoming_E...

PGP is not necessarily "unusable" on Mobile. I use K-9 Mail + APG (both free) on Android, and can read and write inline PGP signed/encrypted mail. It's a shame there's no PGP/MIME support though.

As much as I appreciate their kind offer to compromise my key and hand it to the German authorities for forwarding to the NSA, I must politely decline. ;)