Site's still lacking some details, but as far as I understand:

- really good SSL grade (A+, see [1])

- SSL only

- HSTS to prevent http connections

- You can select to send from your 'secure.mailbox.org' alias, which seems to enforce TLS for smtp (and WILL break if the recipient doesn't support it, they explicitly want that)

- You can enable DANE, enforce DANE, require that the server already knows the certificate of your target domain

- They have 'easy' explanations on how to use PGP

- There's an option to encrypt your whole mailbox on the server ('neither the police nor we can read your mails'), but I couldn't find details about that

Note: Not affiliated, not a customer, merely reading the site myself and German's my native language.

1: https://www.ssllabs.com/ssltest/analyze.html?d=mailbox.org

About PGP encryption. You can enable Inbox Encryption in the settings. You enable it and paste your public PGP key in as well, and all incoming emails that are not encrypted will be encrypted using your public key.

You can also force the use of SSL/TSL for all emails in the settings, so that you do not have to use the "special" address for that.

They use your public PGP key to encrypt mails sent to you, before storing them on their server.

This is an optional feature, and turning it on will make webmail and smartphone mail unusable.

Edit, source: (even if you read German it was tricky to find what exactly differentiates their encryption feature.) https://mailbox.org/im-stiftfilm-erklaert-das-vollstaendig-v...

I wrote an article on how you can do this with your own mail system:

https://grepular.com/Automatically_Encrypting_all_Incoming_E...

PGP is not necessarily "unusable" on Mobile. I use K-9 Mail + APG (both free) on Android, and can read and write inline PGP signed/encrypted mail. It's a shame there's no PGP/MIME support though.

As much as I appreciate their kind offer to compromise my key and hand it to the German authorities for forwarding to the NSA, I must politely decline. ;)